Jump to content

Recommended Posts

Hello,

I have follow the directions from [This topic as I have a similar issue.

All help appreciated, GMER to follow in next post as I am going offline to follow previous topics instructions.

OTL Report

OTL logfile created on: 5/31/2010 4:43:36 PM - Run 1

OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Cleric\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): d:\pagefile.sys 3096 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.23 Gb Total Space | 8.25 Gb Free Space | 11.92% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 31.78 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Drive E: | 186.31 Gb Total Space | 6.45 Gb Free Space | 3.46% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.13% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

Computer Name: GRAM

Current User Name: Cleric

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Cleric\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\Cleric\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcr80.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)

DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)

DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3160789386-283183587-279315058-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-3160789386-283183587-279315058-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-3160789386-283183587-279315058-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

[2010/02/27 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\Cleric\AppData\Roaming\Mozilla\Extensions

[2010/04/28 07:01:36 | 000,000,000 | ---D | M] -- C:\Users\Cleric\AppData\Roaming\Mozilla\Firefox\Profiles\uyuy6p2n.default\extensions

[2010/04/15 07:16:32 | 000,002,059 | ---- | M] () -- C:\Users\Cleric\AppData\Roaming\Mozilla\Firefox\Profiles\uyuy6p2n.default\searchplugins\daemon-search.xml

[2010/02/27 21:46:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/29 19:51:36 | 000,398,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 gosredirector.ea.com

O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org

O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com

O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com

O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com

O1 - Hosts: 127.0.0.1 demangler.ea.com

O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com

O1 - Hosts: 127.0.0.1 gosredirector.ea.com

O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org

O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com

O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com

O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com

O1 - Hosts: 127.0.0.1 demangler.ea.com

O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com

O1 - Hosts: 89.149.225.59 www.google.de

O1 - Hosts: 89.149.225.59 www.google.fr

O1 - Hosts: 89.149.225.59 www.google.com.br

O1 - Hosts: 89.149.225.59 www.google.it

O1 - Hosts: 89.149.225.59 www.google.es

O1 - Hosts: 89.149.225.59 www.google.co.jp

O1 - Hosts: 89.149.225.59 www.google.com.mx

O1 - Hosts: 89.149.225.59 www.google.ca

O1 - Hosts: 89.149.225.59 www.google.com.au

O1 - Hosts: 89.149.225.59 www.google.nl

O1 - Hosts: 89.149.225.59 www.google.co.za

O1 - Hosts: 13757 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-3160789386-283183587-279315058-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKU\S-1-5-21-3160789386-283183587-279315058-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3160789386-283183587-279315058-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-3160789386-283183587-279315058-1001..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-3160789386-283183587-279315058-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-3160789386-283183587-279315058-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\puinsd: DllName - puinsd.dll - C:\Windows\System32\puinsd.dll ()

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 07:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{00f4afd7-0fe4-11df-8b9b-001d7d9e0a25}\Shell - "" = AutoRun

O33 - MountPoints2\{00f4afd7-0fe4-11df-8b9b-001d7d9e0a25}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/31 16:34:14 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Users\Cleric\Desktop\avg_free_stb_all_9_114_cnet.exe

[2010/05/31 16:34:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cleric\Desktop\mbam-setup-1.46.exe

[2010/05/31 16:34:11 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Cleric\Desktop\OTL.exe

[2010/05/31 12:43:46 | 000,000,000 | ---D | C] -- C:\Users\Cleric\AppData\Roaming\Malwarebytes

[2010/05/31 12:43:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/05/31 12:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/05/31 12:43:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/05/31 12:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/30 23:59:32 | 000,078,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpglnhf.sys

[2010/05/30 22:51:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/05/30 22:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/05/30 18:24:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/05/30 14:19:36 | 000,078,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmucbdqb.sys

[2010/05/30 13:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/05/30 13:51:37 | 007,249,512 | ---- | C] (Microsoft Corporation) -- C:\Users\Cleric\Desktop\mssefullinstall-x86fre-en-us-vista-win7.exe

[2010/05/30 13:25:13 | 000,000,000 | ---D | C] -- C:\Users\Cleric\Desktop\DVD Codes

[2010/05/29 20:25:16 | 000,000,000 | ---D | C] -- C:\Users\Cleric\AppData\Local\ElevatedDiagnostics

[2010/05/29 18:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/05/29 18:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/05/29 18:47:18 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Cleric\Desktop\spybotsd162.exe

[2010/05/22 19:46:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/05/15 14:44:21 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/05/15 11:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft

[2010/05/10 12:14:32 | 000,000,000 | ---D | C] -- C:\Users\Cleric\Documents\Settlers7

[2010/05/10 12:13:40 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll

[2010/05/10 12:13:40 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll

[2010/05/10 12:13:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll

[2010/05/10 12:13:39 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll

[2010/05/10 12:13:39 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll

[2010/05/10 12:13:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll

[2010/05/10 12:13:39 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll

[2010/05/10 12:13:38 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll

[2010/05/10 12:13:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll

[2010/05/10 12:13:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll

[2010/05/10 12:13:37 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll

[2010/05/10 12:13:37 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll

[2010/05/10 12:13:37 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll

[2010/05/10 12:13:37 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll

[2010/05/10 12:13:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll

[2010/05/10 12:13:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll

[2010/05/10 12:13:35 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll

[2010/05/10 12:13:35 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll

[2010/05/10 12:13:35 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll

[2010/05/10 12:13:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll

[2010/05/10 12:13:35 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll

[2010/05/10 12:13:35 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll

[2010/05/10 12:13:35 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll

[2010/05/10 12:13:35 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll

[2010/05/10 12:13:34 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll

[2010/05/10 12:13:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll

[2010/05/10 12:13:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll

[2010/05/10 12:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft

[2010/05/02 19:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2010/05/02 19:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/05/02 19:05:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

========== Files - Modified Within 30 Days ==========

[2010/05/31 16:44:37 | 006,291,456 | -HS- | M] () -- C:\Users\Cleric\NTUSER.DAT

[2010/05/31 16:39:20 | 000,293,376 | ---- | M] () -- C:\Users\Cleric\Desktop\6ollxodd.exe

[2010/05/31 16:38:54 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/31 16:38:54 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/31 16:37:15 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/05/31 16:37:15 | 000,622,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/05/31 16:37:15 | 000,108,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/05/31 16:31:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/31 16:31:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/31 16:31:28 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/31 14:03:38 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Cleric\Desktop\OTL.exe

[2010/05/31 13:15:38 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Users\Cleric\Desktop\avg_free_stb_all_9_114_cnet.exe

[2010/05/31 12:53:16 | 000,782,292 | -H-- | M] () -- C:\Users\Cleric\AppData\Local\IconCache.db

[2010/05/31 12:43:42 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/31 09:10:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cleric\Desktop\mbam-setup-1.46.exe

[2010/05/31 08:33:54 | 060,839,658 | ---- | M] () -- C:\Users\Cleric\Desktop\u9iavi2906zy.bin

[2010/05/31 08:25:04 | 000,003,752 | ---- | M] () -- C:\Users\Cleric\Desktop\HiJackThis.msi

[2010/05/30 23:59:32 | 000,078,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpglnhf.sys

[2010/05/30 22:47:29 | 000,007,614 | ---- | M] () -- C:\Users\Cleric\AppData\Local\Resmon.ResmonCfg

[2010/05/30 14:19:36 | 000,078,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmucbdqb.sys

[2010/05/30 13:53:14 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/05/30 13:52:54 | 007,249,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Cleric\Desktop\mssefullinstall-x86fre-en-us-vista-win7.exe

[2010/05/29 19:51:36 | 000,398,782 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/05/29 19:15:58 | 000,009,216 | ---- | M] () -- C:\Users\Cleric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/29 19:00:00 | 000,001,229 | ---- | M] () -- C:\Users\Cleric\Desktop\Spybot - Search & Destroy.lnk

[2010/05/29 18:53:26 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Cleric\Desktop\spybotsd162.exe

[2010/05/26 04:18:50 | 000,022,528 | ---- | M] () -- C:\Windows\System32\puinsd.dll

[2010/05/26 04:18:50 | 000,002,584 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100529-195136.backup

[2010/05/19 22:30:51 | 006,339,148 | ---- | M] () -- C:\Users\Cleric\Desktop\Mansions.mp3

[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/05/31 16:39:20 | 000,293,376 | ---- | C] () -- C:\Users\Cleric\Desktop\6ollxodd.exe

[2010/05/31 16:34:11 | 060,839,658 | ---- | C] () -- C:\Users\Cleric\Desktop\u9iavi2906zy.bin

[2010/05/31 12:51:37 | 000,003,752 | ---- | C] () -- C:\Users\Cleric\Desktop\HiJackThis.msi

[2010/05/31 12:43:42 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/30 13:53:14 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/05/30 13:51:58 | 000,007,614 | ---- | C] () -- C:\Users\Cleric\AppData\Local\Resmon.ResmonCfg

[2010/05/29 19:00:00 | 000,001,229 | ---- | C] () -- C:\Users\Cleric\Desktop\Spybot - Search & Destroy.lnk

[2010/05/26 04:18:50 | 000,022,528 | ---- | C] () -- C:\Windows\System32\puinsd.dll

[2010/05/18 23:39:10 | 006,339,148 | ---- | C] () -- C:\Users\Cleric\Desktop\Mansions.mp3

[2010/04/05 14:04:05 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010/02/06 17:45:57 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/02/06 17:45:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/02/06 17:45:56 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/02/06 17:45:56 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/02/06 17:45:54 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010/02/02 19:56:12 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2010/02/02 19:56:11 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2010/02/02 19:44:22 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/14 09:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 09:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

< End of report >

Extras

OTL Extras logfile created on: 5/31/2010 4:43:36 PM - Run 1

OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Cleric\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): d:\pagefile.sys 3096 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.23 Gb Total Space | 8.25 Gb Free Space | 11.92% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 31.78 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Drive E: | 186.31 Gb Total Space | 6.45 Gb Free Space | 3.46% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.13% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

Computer Name: GRAM

Current User Name: Cleric

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0DFD3F5C-DE64-442B-B3B7-37745D92AD6A}" = CNC4 Offline Patch

"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals

"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53

"{24DD7C58-EAC5-41BA-AC05-1EF58525CE44}" = Pocket e-Sword (WM6)

"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword

"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2

"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords

"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer

Link to post
Share on other sites

Blah blah blah

GMER Log GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-31 17:03:33

Windows 6.1.7600

Running: 6ollxodd.exe; Driver: C:\Users\Cleric\AppData\Local\Temp\fxldqpoc.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1DAF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D3F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A05634

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A05898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D1DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D6F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1DF2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7D599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

? System32\Drivers\spcv.sys The system cannot find the path specified. !

.text USBPORT.SYS!DllUnload 8F0E0CA0 5 Bytes JMP 85EC01D8

.text an5nrlzr.SYS 8F13F000 12 Bytes [44, 88, A0, 82, EE, 86, A0, ...]

.text an5nrlzr.SYS 8F13F00D 9 Bytes [67, A0, 82, 48, 8B, A0, 82, ...]

.text an5nrlzr.SYS 8F13F017 170 Bytes [00, DE, 17, DB, 88, E6, 15, ...]

.text an5nrlzr.SYS 8F13F0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text an5nrlzr.SYS 8F13F0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}

.text ...

.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x99FD2300, 0x1B7E, 0xE8000020]

.text peauth.sys 9AA3EC9D 28 Bytes [CF, AD, 77, F0, A0, 55, 44, ...]

.text peauth.sys 9AA3ECC1 28 Bytes [CF, AD, 77, F0, A0, 55, 44, ...]

.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0x9AB09000, 0x2892, 0xE8000020]

.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0x9AB2C050]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtProtectVirtualMemory 774A5360 5 Bytes JMP 003E000A

.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtWriteVirtualMemory 774A5EE0 5 Bytes JMP 003F000A

.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!KiUserExceptionDispatcher 774A6448 5 Bytes JMP 003D000A

.text C:\Windows\system32\svchost.exe[1104] ole32.dll!CoCreateInstance 772757FC 5 Bytes JMP 004A000A

.text C:\Windows\system32\svchost.exe[1104] USER32.dll!GetCursorPos 75AEC198 5 Bytes JMP 0044000A

.text C:\Windows\Explorer.EXE[2656] ntdll.dll!NtProtectVirtualMemory 774A5360 5 Bytes JMP 0183000A

.text C:\Windows\Explorer.EXE[2656] ntdll.dll!NtWriteVirtualMemory 774A5EE0 5 Bytes JMP 0184000A

.text C:\Windows\Explorer.EXE[2656] ntdll.dll!KiUserExceptionDispatcher 774A6448 5 Bytes JMP 004F000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88CB5042] \SystemRoot\System32\Drivers\spcv.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88CB56D6] \SystemRoot\System32\Drivers\spcv.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88CB5800] \SystemRoot\System32\Drivers\spcv.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88CB513E] \SystemRoot\System32\Drivers\spcv.sys

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortNotification] 00147880

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortStallExecution] C25DC033

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortInitialize] 157B805E

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500

IAT \SystemRoot\System32\Drivers\an5nrlzr.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84C761F8

Device \FileSystem\fastfat \FatCdrom 85F65500

Device \Driver\NetBT \Device\NetBT_Tcpip_{F00AEC05-DCCA-4C95-A124-3E1CEF30E970} 85DBB1F8

Device \Driver\volmgr \Device\VolMgrControl 84C721F8

Device \Driver\usbuhci \Device\USBPDO-0 85F121F8

Device \Driver\usbuhci \Device\USBPDO-1 85F121F8

Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-2 85F121F8

Device \Driver\usbuhci \Device\USBPDO-3 85F121F8

Device \Driver\usbehci \Device\USBPDO-4 85F691F8

Device \Driver\USBSTOR \Device\00000061 8653B1F8

Device \Driver\USBSTOR \Device\00000062 8653B1F8

Device \Driver\volmgr \Device\HarddiskVolume1 84C721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 84C721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85CD9500

Device \Driver\volmgr \Device\HarddiskVolume3 84C721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 85CD9500

Device \Driver\atapi \Device\Ide\IdePort0 84C741F8

Device \Driver\atapi \Device\Ide\IdePort1 84C741F8

Device \Driver\atapi \Device\Ide\IdePort2 84C741F8

Device \Driver\atapi \Device\Ide\IdePort3 84C741F8

Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-4 84C741F8

Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 84C741F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 84C741F8

Device \Driver\volmgr \Device\HarddiskVolume4 84C721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 85DBB1F8

Device \Driver\PCI_PNP3614 \Device\0000004e spcv.sys

Device \Driver\usbuhci \Device\USBFDO-0 85F121F8

Device \Driver\sptd \Device\311161615 spcv.sys

Device \Driver\usbuhci \Device\USBFDO-1 85F121F8

Device \Driver\usbuhci \Device\USBFDO-2 85F121F8

Device \Driver\usbuhci \Device\USBFDO-3 85F121F8

Device \Driver\usbehci \Device\USBFDO-4 85F691F8

Device \Driver\an5nrlzr \Device\Scsi\an5nrlzr1Port4Path0Target0Lun0 85FA71F8

Device \Driver\an5nrlzr \Device\Scsi\an5nrlzr1 85FA71F8

Device \FileSystem\fastfat \Fat 85F65500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 859FBCEC

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.