Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Browser Download speeds


  • This topic is locked This topic is locked
15 replies to this topic

#1 ANFO

ANFO

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 26 September 2010 - 01:15 AM

Hi guys.

Problem: Recently noticed slower download speeds through web browser.

Specs:
Brand new computer: 64bit win7 i7 system. 2 months old.
Browser: firefox Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10

Starting to see a problem I had with the previous system.
Over a short period (3 months approx) I noticed the internet speeds in web browsing getting slower and slower. Whilst another computer on my network remained unaffected.
So I did the usual. Winsock repairs, sdfix, virus scans, spyware scans. Turned off all addons on web browser, ran in safe modes. The works.
Nothing could fix it.

Got my new computer now. And I'm beginning to see a similar thing happening with this.
I should be downloading around 150-160kbps. Seeing anywhere in between 20-80kbps. These recorded when no other download activity happening on the network.
Tried using both IE and FF. Still, the other computer downloads awesomely.

Ran a Hijack this scan and this is what it came up with. Can anyone spot any immediate issues?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:14:16 PM, on 26/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Apps\iTunes\iTunesHelper.exe
C:\Apps\firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Apps\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Apps\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Apps\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Apps\nod32\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Apps\nod32\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6944 bytes



Thanks.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 30 September 2010 - 05:58 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 05 October 2010 - 07:05 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 05 October 2010 - 09:12 AM

reopened per OP's request. Please follow the instructions above.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 ANFO

ANFO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 09 October 2010 - 08:04 AM

OTL Report
---------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 9/10/2010 8:43:35 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Budda\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 79.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.87 Gb Total Space | 255.95 Gb Free Space | 87.39% Space Free | Partition Type: NTFS
Drive D: | 638.54 Gb Total Space | 577.76 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 476.24 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
Drive G: | 149.01 Gb Total Space | 71.26 Gb Free Space | 47.82% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUDDA-PC
Current User Name: Budda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/09 20:42:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Budda\Downloads\OTL.exe
PRC - [2010/09/26 13:28:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Apps\firefox\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Apps\nod32\x86\ekrn.exe
PRC - [2010/04/28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/15 20:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 20:42:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Budda\Downloads\OTL.exe
MOD - [2009/07/14 09:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 09:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 09:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/14 09:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/24 20:50:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/24 09:27:54 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Apps\nod32\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Apps\nod32\x86\ekrn.exe -- (ekrn)
SRV - [2010/04/28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/01/15 20:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 21:25:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/28 21:25:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/06/24 09:04:14 | 000,166,984 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/04/28 08:17:46 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/04/28 08:17:46 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/28 22:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 09:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 09:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 07:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 07:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 07:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/10/06 17:24:24 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/10/06 17:24:09 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/23 22:48:04 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 B0 61 2E 41 5D CB 01 [binary data]
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Apps\firefox\components [2010/09/26 13:28:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Apps\firefox\plugins [2010/10/01 19:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Apps\nod32\Mozilla Thunderbird [2010/07/21 22:56:25 | 000,000,000 | ---D | M]

[2010/07/24 22:35:09 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Mozilla\Extensions
[2010/10/09 20:18:51 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Mozilla\Firefox\Profiles\97ehwqgb.default\extensions
[2010/08/04 18:52:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Budda\AppData\Roaming\Mozilla\Firefox\Profiles\97ehwqgb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [egui] C:\Apps\nod32\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/02 15:47:02 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/07 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband Savegames - Copy
[2010/10/05 20:44:36 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband
[2010/10/05 19:21:31 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband Savegames
[2010/10/05 19:20:58 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Mount&Blade Warband
[2010/10/01 19:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/01 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/10/01 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Adobe
[2010/09/28 22:06:12 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Anno 1404
[2010/09/28 21:27:20 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Ubisoft
[2010/09/26 13:33:13 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Malwarebytes
[2010/09/26 13:33:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/26 13:33:03 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/26 13:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/25 23:38:23 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\WinRAR
[2010/09/25 23:13:10 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Leadertech
[2010/09/25 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/09/25 20:05:50 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Savegames
[2010/09/25 20:04:23 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Mount&Blade
[2010/09/06 11:57:21 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Apple Computer
[2010/09/06 11:57:20 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Apple Computer
[2010/09/06 11:57:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/09/06 11:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/06 11:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/06 11:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/06 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/06 11:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/06 11:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/09/06 11:56:24 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Apple
[2010/09/06 11:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/06 11:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/06 11:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/06 11:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/09/06 11:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/28 20:56:56 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Hi-Rez Studios
[2010/08/28 15:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UselessCreations
[2010/08/14 16:53:49 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2010/08/14 14:50:13 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Neverwinter Nights 2
[2010/08/08 19:24:57 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\My Games
[2010/08/08 19:24:48 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Downloaded Installations
[2010/08/08 19:24:46 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010/07/31 08:46:57 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\W
[2010/07/31 02:54:45 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\wargaming.net
[2010/07/31 02:53:06 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/07/27 16:40:27 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\StarCraft II
[2010/07/27 16:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/07/27 16:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/07/24 23:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/07/24 23:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/07/24 23:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/07/24 22:54:54 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\IrfanView
[2010/07/24 22:34:54 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Mozilla
[2010/07/24 22:34:54 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Mozilla
[2010/07/24 02:12:18 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\vlc
[2010/07/23 23:40:53 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\NVIDIA
[2010/07/23 23:29:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/23 23:29:02 | 000,000,000 | ---D | C] -- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
[2010/07/23 23:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/07/23 22:08:12 | 000,000,000 | ---D | C] -- C:\Themese
[2010/07/22 19:53:52 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\JustCause
[2010/07/22 17:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/07/22 17:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/07/22 17:13:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/22 17:13:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/22 13:47:09 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/21 22:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/07/21 22:40:46 | 000,000,000 | ---D | C] -- C:\Apps
[2010/07/21 22:34:17 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/07/21 22:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/21 22:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/07/21 22:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/21 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Macromedia
[2010/07/21 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Adobe
[2010/07/21 22:29:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/07/21 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2010/07/21 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010/07/21 22:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2010/07/21 22:20:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/07/21 22:15:15 | 000,346,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/07/21 22:15:15 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010/07/21 22:11:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/07/21 22:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/07/21 22:11:13 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/07/21 22:11:12 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/07/21 22:11:12 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/07/21 22:11:12 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/07/21 22:11:12 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/07/21 22:11:10 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/07/21 22:11:10 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/07/21 22:11:10 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/07/21 22:11:10 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/07/21 22:11:10 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/07/21 22:11:10 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/07/21 22:11:09 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/07/21 22:11:09 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/07/21 22:11:07 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/07/21 22:11:07 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/07/21 22:11:07 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/07/21 22:11:07 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/07/21 22:11:07 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010/07/21 22:11:07 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/07/21 22:11:07 | 000,338,848 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/07/21 22:11:07 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/07/21 22:11:07 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/07/21 22:11:07 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/07/21 22:11:07 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/07/21 22:11:07 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/07/21 22:11:07 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010/07/21 22:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/07/21 22:11:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/07/21 22:11:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/07/21 22:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/07/21 22:10:23 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/07/21 22:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/07/21 22:10:04 | 000,000,000 | ---D | C] -- C:\Intel
[2010/07/21 22:01:56 | 000,000,000 | R--D | C] -- C:\Users\Budda\Searches
[2010/07/21 22:01:56 | 000,000,000 | -H-D | C] -- C:\Users\Budda\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/21 22:01:49 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Identities
[2010/07/21 22:01:47 | 000,000,000 | R--D | C] -- C:\Users\Budda\Contacts
[2010/07/21 22:01:46 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\VirtualStore
[2010/07/21 22:01:43 | 000,000,000 | --SD | C] -- C:\Users\Budda\AppData\Roaming\Microsoft
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\Videos
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\Saved Games
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\Pictures
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\Music
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\Links
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\Favorites
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\Downloads
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\My Documents
[2010/07/21 22:01:43 | 000,000,000 | R--D | C] -- C:\Users\Budda\Desktop
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\AppData\Local\Temporary Internet Files
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Templates
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Start Menu
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\SendTo
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Recent
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\PrintHood
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\NetHood
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Documents\My Videos
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Documents\My Pictures
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Documents\My Music
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\My Documents
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Local Settings
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\AppData\Local\History
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Cookies
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\Application Data
[2010/07/21 22:01:43 | 000,000,000 | -HSD | C] -- C:\Users\Budda\AppData\Local\Application Data
[2010/07/21 22:01:43 | 000,000,000 | -H-D | C] -- C:\Users\Budda\AppData
[2010/07/21 22:01:43 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Temp
[2010/07/21 22:01:43 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Microsoft
[2010/07/21 22:01:43 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Media Center Programs
[2010/07/21 22:01:37 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/07/21 22:01:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/21 19:48:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/21 19:48:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/09 20:44:05 | 001,310,720 | -HS- | M] () -- C:\Users\Budda\NTUSER.DAT
[2010/10/09 16:36:08 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/09 16:36:08 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/09 16:36:08 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/09 16:30:32 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 16:30:32 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 16:23:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/09 16:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/09 16:23:16 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 01:41:14 | 002,149,009 | -H-- | M] () -- C:\Users\Budda\AppData\Local\IconCache.db
[2010/10/07 20:55:21 | 000,000,846 | ---- | M] () -- C:\Users\Budda\Desktop\Mount&Blade Warband.lnk
[2010/10/07 18:33:22 | 000,001,086 | ---- | M] () -- C:\Users\Budda\Desktop\TweakMB - Shortcut.lnk
[2010/10/06 17:24:24 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2010/10/06 17:24:24 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/10/03 11:37:55 | 000,105,373 | ---- | M] () -- C:\Users\Budda\Documents\pet_reptile_takers_appln.pdf
[2010/10/01 19:54:39 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/28 21:25:17 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/09/28 21:25:17 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/09/26 16:22:38 | 000,000,968 | ---- | M] () -- C:\Users\Budda\Desktop\MZS2.lnk
[2010/09/26 13:33:06 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 13:06:15 | 000,001,516 | ---- | M] () -- C:\Users\Budda\Desktop\HijackThis.lnk
[2010/09/26 12:14:04 | 000,000,964 | ---- | M] () -- C:\Users\Budda\Desktop\NWN WOHP.lnk
[2010/09/26 01:54:23 | 000,000,914 | ---- | M] () -- C:\Users\Budda\Desktop\nwmain - Shortcut.lnk
[2010/09/25 22:58:47 | 000,000,628 | ---- | M] () -- C:\Users\Public\Desktop\Neverwinter Nights.lnk
[2010/09/25 22:58:16 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat
[2010/09/25 20:04:17 | 000,000,744 | ---- | M] () -- C:\Users\Budda\Desktop\Mount&Blade.lnk
[2010/09/05 16:29:26 | 000,000,820 | ---- | M] () -- C:\Users\Budda\Desktop\CCleaner.lnk
[2010/08/28 15:56:17 | 000,000,797 | ---- | M] () -- C:\Windows\unins000.dat
[2010/08/28 15:56:12 | 000,640,957 | ---- | M] () -- C:\Windows\unins000.exe
[2010/08/14 16:53:49 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2010/08/14 14:51:44 | 000,000,330 | ---- | M] () -- C:\Users\Budda\Desktop\Neverwinter Nights 2 - Shortcut.lnk
[2010/08/13 17:26:12 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/08 15:13:03 | 000,000,207 | ---- | M] () -- C:\Users\Budda\Desktop\Moonbase Alpha.url
[2010/08/02 17:05:32 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/08/02 17:05:32 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/07/31 02:53:06 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\World Of Tanks closed Beta.lnk
[2010/07/27 16:56:18 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/24 22:54:59 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/07/24 22:46:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/24 22:34:48 | 000,001,557 | ---- | M] () -- C:\Users\Budda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/24 22:34:48 | 000,001,533 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/24 16:01:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/24 02:12:15 | 000,000,633 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/23 23:31:07 | 000,057,560 | ---- | M] () -- C:\Users\Budda\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/23 21:56:20 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/07/23 16:40:53 | 000,000,925 | ---- | M] () -- C:\Users\Budda\Desktop\steam - Shortcut.lnk
[2010/07/21 22:24:56 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2010/07/21 22:22:24 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk
[2010/07/21 22:17:51 | 000,001,441 | ---- | M] () -- C:\Users\Budda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 22:06:28 | 000,524,288 | -HS- | M] () -- C:\Users\Budda\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 22:06:28 | 000,524,288 | -HS- | M] () -- C:\Users\Budda\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 22:06:28 | 000,065,536 | -HS- | M] () -- C:\Users\Budda\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/21 22:01:43 | 000,000,020 | -HS- | M] () -- C:\Users\Budda\ntuser.ini
[2010/07/21 19:51:15 | 000,040,833 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/21 19:51:15 | 000,040,833 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/07 20:55:21 | 000,000,846 | ---- | C] () -- C:\Users\Budda\Desktop\Mount&Blade Warband.lnk
[2010/10/07 18:33:22 | 000,001,086 | ---- | C] () -- C:\Users\Budda\Desktop\TweakMB - Shortcut.lnk
[2010/10/03 11:37:55 | 000,105,373 | ---- | C] () -- C:\Users\Budda\Documents\pet_reptile_takers_appln.pdf
[2010/10/01 19:54:39 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/28 21:25:17 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/09/28 21:25:17 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/09/26 14:17:56 | 000,000,968 | ---- | C] () -- C:\Users\Budda\Desktop\MZS2.lnk
[2010/09/26 13:33:06 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 13:06:15 | 000,001,516 | ---- | C] () -- C:\Users\Budda\Desktop\HijackThis.lnk
[2010/09/26 12:13:45 | 000,000,964 | ---- | C] () -- C:\Users\Budda\Desktop\NWN WOHP.lnk
[2010/09/26 01:54:23 | 000,000,914 | ---- | C] () -- C:\Users\Budda\Desktop\nwmain - Shortcut.lnk
[2010/09/25 22:58:47 | 000,000,628 | ---- | C] () -- C:\Users\Public\Desktop\Neverwinter Nights.lnk
[2010/09/25 22:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/25 20:04:17 | 000,000,744 | ---- | C] () -- C:\Users\Budda\Desktop\Mount&Blade.lnk
[2010/09/05 16:29:26 | 000,000,820 | ---- | C] () -- C:\Users\Budda\Desktop\CCleaner.lnk
[2010/08/28 15:56:17 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe
[2010/08/28 15:56:17 | 000,237,568 | ---- | C] () -- C:\Windows\Matrix Code Emulator.scr
[2010/08/28 15:56:17 | 000,000,797 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/14 14:51:44 | 000,000,330 | ---- | C] () -- C:\Users\Budda\Desktop\Neverwinter Nights 2 - Shortcut.lnk
[2010/08/08 15:13:03 | 000,000,207 | ---- | C] () -- C:\Users\Budda\Desktop\Moonbase Alpha.url
[2010/07/31 02:53:06 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\World Of Tanks closed Beta.lnk
[2010/07/28 17:01:03 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/07/27 16:40:27 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/24 23:01:37 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/07/24 23:01:37 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/07/24 22:54:59 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/07/24 22:46:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/24 22:34:48 | 000,001,557 | ---- | C] () -- C:\Users\Budda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/24 22:34:48 | 000,001,533 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/24 16:01:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/24 02:12:15 | 000,000,633 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/23 21:56:20 | 000,000,797 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/07/23 16:40:53 | 000,000,925 | ---- | C] () -- C:\Users\Budda\Desktop\steam - Shortcut.lnk
[2010/07/21 22:33:17 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/21 22:24:29 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010/07/21 22:22:24 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2010/07/21 22:17:51 | 000,001,441 | ---- | C] () -- C:\Users\Budda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 22:15:15 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/07/21 22:09:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/07/21 22:01:43 | 001,310,720 | -HS- | C] () -- C:\Users\Budda\NTUSER.DAT
[2010/07/21 22:01:43 | 000,524,288 | -HS- | C] () -- C:\Users\Budda\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 22:01:43 | 000,524,288 | -HS- | C] () -- C:\Users\Budda\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 22:01:43 | 000,262,144 | -HS- | C] () -- C:\Users\Budda\ntuser.dat.LOG1
[2010/07/21 22:01:43 | 000,065,536 | -HS- | C] () -- C:\Users\Budda\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/21 22:01:43 | 000,000,290 | ---- | C] () -- C:\Users\Budda\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/21 22:01:43 | 000,000,272 | ---- | C] () -- C:\Users\Budda\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/21 22:01:43 | 000,000,262 | ---- | C] () -- C:\Users\Budda\Desktop\Run.lnk
[2010/07/21 22:01:43 | 000,000,020 | -HS- | C] () -- C:\Users\Budda\ntuser.ini
[2010/07/21 22:01:43 | 000,000,000 | -HS- | C] () -- C:\Users\Budda\ntuser.dat.LOG2
[2010/07/21 19:48:09 | 535,683,071 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/28 20:56:57 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Hi-Rez Studios
[2010/07/24 22:54:54 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\IrfanView
[2010/09/25 23:13:10 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Leadertech
[2010/09/25 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Mount&Blade
[2010/10/05 19:25:30 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Mount&Blade Warband
[2010/09/28 21:27:20 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Ubisoft
[2010/09/03 17:09:48 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\W
[2010/07/31 02:54:45 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\wargaming.net
[2009/07/14 13:08:49 | 000,019,506 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2010/10/09 16:23:16 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 16:23:27 | 2145,902,591 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2009/07/14 09:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 09:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 09:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 09:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 09:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 09:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 09:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 09:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 09:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USER32.DLL >
[2009/07/14 09:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 09:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 09:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 09:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

< MD5 for: WS2_32.DLL >
[2009/07/14 09:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 09:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 09:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 09:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >


=======================================================================================

GMER Log

GMER keeps getting an error window upon startup.

C:\windows\system32\config\system . Can't be found. Checked manually, it is there.

Tried changing name of gmer to a random name due to some rootkits blocking gmer by name. Same problem.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 09 October 2010 - 08:22 AM

Hello, ANFO.

Nothing too obvious in the logs. Sorry about GMER, I shouldn't have included it since you have a 64 bit system. Let's get a scan to confirm you appear clean.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 4

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 ANFO

ANFO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 09 October 2010 - 10:05 PM

Logs as requested.

All processes killed
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Budda
->Temp folder emptied: 143899770 bytes
->Temporary Internet Files folder emptied: 6868165 bytes
->FireFox cache emptied: 86482557 bytes
->Flash cache emptied: 2737 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4799028434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,803.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10102010_074815

Files\Folders moved on Reboot...
C:\Users\Budda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
=====================================================================
Didn't reboot properly, hung on blue screen before windows could load.
Redid the scan as below.

All processes killed
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Budda
->Temp folder emptied: 144079 bytes
->Temporary Internet Files folder emptied: 34034 bytes
->FireFox cache emptied: 6449536 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10102010_080013

Files\Folders moved on Reboot...
C:\Users\Budda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


================================================================
OTL logfile created on: 10/10/2010 8:03:32 AM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Budda\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 80.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.87 Gb Total Space | 260.10 Gb Free Space | 88.81% Space Free | Partition Type: NTFS
Drive D: | 638.54 Gb Total Space | 578.76 Gb Free Space | 90.64% Space Free | Partition Type: NTFS
Drive E: | 543.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUDDA-PC
Current User Name: Budda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/09 20:42:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Budda\Downloads\OTL.exe
PRC - [2010/09/26 13:28:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Apps\firefox\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Apps\nod32\x86\ekrn.exe
PRC - [2010/04/28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/15 20:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 20:42:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Budda\Downloads\OTL.exe
MOD - [2009/07/14 09:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 09:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 09:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/14 09:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/24 20:50:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/24 09:27:54 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Apps\nod32\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Apps\nod32\x86\ekrn.exe -- (ekrn)
SRV - [2010/04/28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/01/15 20:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 21:25:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/28 21:25:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/06/24 09:04:14 | 000,166,984 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/04/28 08:17:46 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/04/28 08:17:46 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/28 22:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 09:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 09:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 07:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 07:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 07:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/10/10 08:02:37 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/10/10 08:02:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/23 22:48:04 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 B0 61 2E 41 5D CB 01 [binary data]
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Apps\firefox\components [2010/09/26 13:28:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Apps\firefox\plugins [2010/10/01 19:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Apps\nod32\Mozilla Thunderbird [2010/07/21 22:56:25 | 000,000,000 | ---D | M]

[2010/07/24 22:35:09 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Mozilla\Extensions
[2010/10/09 20:18:51 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Mozilla\Firefox\Profiles\97ehwqgb.default\extensions
[2010/08/04 18:52:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Budda\AppData\Roaming\Mozilla\Firefox\Profiles\97ehwqgb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [egui] C:\Apps\nod32\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Budda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 07:48:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/10 07:46:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/10 07:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/07 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband Savegames - Copy
[2010/10/05 20:44:36 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband
[2010/10/05 19:21:31 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband Savegames
[2010/10/05 19:20:58 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Mount&Blade Warband
[2010/10/01 19:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/01 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/10/01 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Adobe
[2010/09/28 22:06:12 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Anno 1404
[2010/09/28 21:27:20 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Ubisoft
[2010/09/26 13:33:13 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Malwarebytes
[2010/09/26 13:33:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/26 13:33:03 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/26 13:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/26 01:54:48 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/25 23:38:23 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\WinRAR
[2010/09/25 23:13:10 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Leadertech
[2010/09/25 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/09/25 20:05:50 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Savegames
[2010/09/25 20:04:23 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Mount&Blade

========== Files - Modified Within 30 Days ==========

[2010/10/10 08:02:41 | 001,310,720 | -HS- | M] () -- C:\Users\Budda\NTUSER.DAT
[2010/10/10 08:02:37 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2010/10/10 08:02:37 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/10/10 08:02:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/10/10 08:01:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/10 08:01:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/10 08:01:16 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/10 08:00:31 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 08:00:31 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 07:49:27 | 002,155,810 | -H-- | M] () -- C:\Users\Budda\AppData\Local\IconCache.db
[2010/10/10 07:45:26 | 000,001,108 | ---- | M] () -- C:\Users\Budda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/10 07:45:12 | 000,000,928 | ---- | M] () -- C:\Users\Budda\Desktop\NTREGOPT.lnk
[2010/10/10 07:45:12 | 000,000,909 | ---- | M] () -- C:\Users\Budda\Desktop\ERUNT.lnk
[2010/10/10 07:34:48 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/10 07:34:48 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/10 07:34:48 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/09 20:59:44 | 000,293,376 | ---- | M] () -- C:\Users\Budda\Desktop\kus8mopq.exe
[2010/10/07 20:55:21 | 000,000,846 | ---- | M] () -- C:\Users\Budda\Desktop\Mount&Blade Warband.lnk
[2010/10/07 18:33:22 | 000,001,086 | ---- | M] () -- C:\Users\Budda\Desktop\TweakMB - Shortcut.lnk
[2010/10/03 11:37:55 | 000,105,373 | ---- | M] () -- C:\Users\Budda\Documents\pet_reptile_takers_appln.pdf
[2010/10/01 19:54:39 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/28 21:25:17 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/09/28 21:25:17 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/09/26 16:22:38 | 000,000,968 | ---- | M] () -- C:\Users\Budda\Desktop\MZS2.lnk
[2010/09/26 13:33:06 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 13:06:15 | 000,001,516 | ---- | M] () -- C:\Users\Budda\Desktop\HijackThis.lnk
[2010/09/26 12:14:04 | 000,000,964 | ---- | M] () -- C:\Users\Budda\Desktop\NWN WOHP.lnk
[2010/09/26 01:54:23 | 000,000,914 | ---- | M] () -- C:\Users\Budda\Desktop\nwmain - Shortcut.lnk
[2010/09/25 22:58:47 | 000,000,628 | ---- | M] () -- C:\Users\Public\Desktop\Neverwinter Nights.lnk
[2010/09/25 22:58:16 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat
[2010/09/25 20:04:17 | 000,000,744 | ---- | M] () -- C:\Users\Budda\Desktop\Mount&Blade.lnk

========== Files Created - No Company Name ==========

[2010/10/10 07:45:26 | 000,001,108 | ---- | C] () -- C:\Users\Budda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/10 07:45:12 | 000,000,928 | ---- | C] () -- C:\Users\Budda\Desktop\NTREGOPT.lnk
[2010/10/10 07:45:12 | 000,000,909 | ---- | C] () -- C:\Users\Budda\Desktop\ERUNT.lnk
[2010/10/09 21:00:23 | 000,293,376 | ---- | C] () -- C:\Users\Budda\Desktop\kus8mopq.exe
[2010/10/07 20:55:21 | 000,000,846 | ---- | C] () -- C:\Users\Budda\Desktop\Mount&Blade Warband.lnk
[2010/10/07 18:33:22 | 000,001,086 | ---- | C] () -- C:\Users\Budda\Desktop\TweakMB - Shortcut.lnk
[2010/10/03 11:37:55 | 000,105,373 | ---- | C] () -- C:\Users\Budda\Documents\pet_reptile_takers_appln.pdf
[2010/10/01 19:54:39 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/28 21:25:17 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/09/28 21:25:17 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/09/26 14:17:56 | 000,000,968 | ---- | C] () -- C:\Users\Budda\Desktop\MZS2.lnk
[2010/09/26 13:33:06 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 13:06:15 | 000,001,516 | ---- | C] () -- C:\Users\Budda\Desktop\HijackThis.lnk
[2010/09/26 12:13:45 | 000,000,964 | ---- | C] () -- C:\Users\Budda\Desktop\NWN WOHP.lnk
[2010/09/26 01:54:23 | 000,000,914 | ---- | C] () -- C:\Users\Budda\Desktop\nwmain - Shortcut.lnk
[2010/09/25 22:58:47 | 000,000,628 | ---- | C] () -- C:\Users\Public\Desktop\Neverwinter Nights.lnk
[2010/09/25 22:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/25 20:04:17 | 000,000,744 | ---- | C] () -- C:\Users\Budda\Desktop\Mount&Blade.lnk
[2010/07/21 22:24:29 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010/07/21 22:09:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >


====================================================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4786

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/10/2010 8:10:19 AM
mbam-log-2010-10-10 (08-10-19).txt

Scan type: Quick scan
Objects scanned: 135837
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


==============================================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 10, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 09, 2010 10:46:01
Records in database: 4222985
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 141851
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:17:17

No threats found. Scanned area is clean.

Selected area has been scanned.


===========================================================

Cheers


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 10 October 2010 - 07:29 AM

Hello, ANFO.

I had an error in the script. Please run it again. Sorry about that.

Related to download speeds, what happens if you plug this computer directly into the modem. Does it increase the speed versus going through a router?



Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 ANFO

ANFO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 10 October 2010 - 08:24 AM

========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

OTL by OldTimer - Version 3.2.14.1 log created on 10102010_211951


======================================================================

OTL logfile created on: 10/10/2010 9:22:25 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Budda\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 81.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.87 Gb Total Space | 260.27 Gb Free Space | 88.87% Space Free | Partition Type: NTFS
Drive D: | 638.54 Gb Total Space | 576.17 Gb Free Space | 90.23% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUDDA-PC
Current User Name: Budda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/09 20:42:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Budda\Downloads\OTL.exe
PRC - [2010/09/26 13:28:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Apps\firefox\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Apps\nod32\x86\ekrn.exe
PRC - [2010/04/28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/15 20:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 20:42:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Budda\Downloads\OTL.exe
MOD - [2009/07/14 09:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 09:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 09:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/14 09:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/24 20:50:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/24 09:27:54 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Apps\nod32\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Apps\nod32\x86\ekrn.exe -- (ekrn)
SRV - [2010/04/28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/01/15 20:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 21:25:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/28 21:25:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/06/24 09:04:14 | 000,166,984 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/04/28 08:17:46 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/04/28 08:17:46 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/28 22:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 09:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 09:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 07:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 07:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 07:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/10/10 21:21:54 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/10/10 21:21:39 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/23 22:48:04 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 B0 61 2E 41 5D CB 01 [binary data]
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2026834229-4024073207-3059017874-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Apps\firefox\components [2010/09/26 13:28:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Apps\firefox\plugins [2010/10/01 19:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Apps\nod32\Mozilla Thunderbird [2010/07/21 22:56:25 | 000,000,000 | ---D | M]

[2010/07/24 22:35:09 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Mozilla\Extensions
[2010/10/09 20:18:51 | 000,000,000 | ---D | M] -- C:\Users\Budda\AppData\Roaming\Mozilla\Firefox\Profiles\97ehwqgb.default\extensions
[2010/08/04 18:52:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Budda\AppData\Roaming\Mozilla\Firefox\Profiles\97ehwqgb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [egui] C:\Apps\nod32\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Budda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 20:32:53 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Diagnostics
[2010/10/10 08:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/10 08:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/10 08:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/10 07:48:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/10 07:46:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/10 07:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/07 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband Savegames - Copy
[2010/10/05 20:44:36 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband
[2010/10/05 19:21:31 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Warband Savegames
[2010/10/05 19:20:58 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Mount&Blade Warband
[2010/10/01 19:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/01 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/01 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/10/01 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Local\Adobe
[2010/09/28 22:06:12 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Anno 1404
[2010/09/28 21:27:20 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Ubisoft
[2010/09/26 13:33:13 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Malwarebytes
[2010/09/26 13:33:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/26 13:33:03 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/26 13:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/26 01:54:48 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/25 23:38:23 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\WinRAR
[2010/09/25 23:13:10 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Leadertech
[2010/09/25 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/09/25 20:05:50 | 000,000,000 | ---D | C] -- C:\Users\Budda\Documents\Mount&Blade Savegames
[2010/09/25 20:04:23 | 000,000,000 | ---D | C] -- C:\Users\Budda\AppData\Roaming\Mount&Blade

========== Files - Modified Within 30 Days ==========

[2010/10/10 21:21:57 | 001,310,720 | -HS- | M] () -- C:\Users\Budda\ntuser.dat
[2010/10/10 21:21:54 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2010/10/10 21:21:54 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/10/10 21:21:39 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/10/10 21:21:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/10 21:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/10 21:21:22 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/10 21:20:37 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 21:20:37 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 21:20:28 | 002,157,530 | -H-- | M] () -- C:\Users\Budda\AppData\Local\IconCache.db
[2010/10/10 21:16:32 | 000,524,288 | -HS- | M] () -- C:\Users\Budda\ntuser.dat{2d17dadf-d46a-11df-9a91-6cf049efb835}.TMContainer00000000000000000002.regtrans-ms
[2010/10/10 21:16:32 | 000,524,288 | -HS- | M] () -- C:\Users\Budda\ntuser.dat{2d17dadf-d46a-11df-9a91-6cf049efb835}.TMContainer00000000000000000001.regtrans-ms
[2010/10/10 21:16:32 | 000,065,536 | -HS- | M] () -- C:\Users\Budda\ntuser.dat{2d17dadf-d46a-11df-9a91-6cf049efb835}.TM.blf
[2010/10/10 20:44:18 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/10 20:44:18 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/10 20:44:18 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/10 07:45:26 | 000,001,108 | ---- | M] () -- C:\Users\Budda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/10 07:45:12 | 000,000,928 | ---- | M] () -- C:\Users\Budda\Desktop\NTREGOPT.lnk
[2010/10/10 07:45:12 | 000,000,909 | ---- | M] () -- C:\Users\Budda\Desktop\ERUNT.lnk
[2010/10/09 20:59:44 | 000,293,376 | ---- | M] () -- C:\Users\Budda\Desktop\kus8mopq.exe
[2010/10/07 20:55:21 | 000,000,846 | ---- | M] () -- C:\Users\Budda\Desktop\Mount&Blade Warband.lnk
[2010/10/07 18:33:22 | 000,001,086 | ---- | M] () -- C:\Users\Budda\Desktop\TweakMB - Shortcut.lnk
[2010/10/03 11:37:55 | 000,105,373 | ---- | M] () -- C:\Users\Budda\Documents\pet_reptile_takers_appln.pdf
[2010/10/01 19:54:39 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/28 21:25:17 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/09/28 21:25:17 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/09/26 16:22:38 | 000,000,968 | ---- | M] () -- C:\Users\Budda\Desktop\MZS2.lnk
[2010/09/26 13:33:06 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 13:06:15 | 000,001,516 | ---- | M] () -- C:\Users\Budda\Desktop\HijackThis.lnk
[2010/09/26 12:14:04 | 000,000,964 | ---- | M] () -- C:\Users\Budda\Desktop\NWN WOHP.lnk
[2010/09/26 01:54:23 | 000,000,914 | ---- | M] () -- C:\Users\Budda\Desktop\nwmain - Shortcut.lnk
[2010/09/25 22:58:47 | 000,000,628 | ---- | M] () -- C:\Users\Public\Desktop\Neverwinter Nights.lnk
[2010/09/25 22:58:16 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat
[2010/09/25 20:04:17 | 000,000,744 | ---- | M] () -- C:\Users\Budda\Desktop\Mount&Blade.lnk

========== Files Created - No Company Name ==========

[2010/10/10 20:36:04 | 000,524,288 | -HS- | C] () -- C:\Users\Budda\ntuser.dat{2d17dadf-d46a-11df-9a91-6cf049efb835}.TMContainer00000000000000000002.regtrans-ms
[2010/10/10 20:36:04 | 000,524,288 | -HS- | C] () -- C:\Users\Budda\ntuser.dat{2d17dadf-d46a-11df-9a91-6cf049efb835}.TMContainer00000000000000000001.regtrans-ms
[2010/10/10 20:36:03 | 000,065,536 | -HS- | C] () -- C:\Users\Budda\ntuser.dat{2d17dadf-d46a-11df-9a91-6cf049efb835}.TM.blf
[2010/10/10 07:45:26 | 000,001,108 | ---- | C] () -- C:\Users\Budda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/10 07:45:12 | 000,000,928 | ---- | C] () -- C:\Users\Budda\Desktop\NTREGOPT.lnk
[2010/10/10 07:45:12 | 000,000,909 | ---- | C] () -- C:\Users\Budda\Desktop\ERUNT.lnk
[2010/10/09 21:00:23 | 000,293,376 | ---- | C] () -- C:\Users\Budda\Desktop\kus8mopq.exe
[2010/10/07 20:55:21 | 000,000,846 | ---- | C] () -- C:\Users\Budda\Desktop\Mount&Blade Warband.lnk
[2010/10/07 18:33:22 | 000,001,086 | ---- | C] () -- C:\Users\Budda\Desktop\TweakMB - Shortcut.lnk
[2010/10/03 11:37:55 | 000,105,373 | ---- | C] () -- C:\Users\Budda\Documents\pet_reptile_takers_appln.pdf
[2010/10/01 19:54:39 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/28 21:25:17 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/09/28 21:25:17 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/09/26 14:17:56 | 000,000,968 | ---- | C] () -- C:\Users\Budda\Desktop\MZS2.lnk
[2010/09/26 13:33:06 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 13:06:15 | 000,001,516 | ---- | C] () -- C:\Users\Budda\Desktop\HijackThis.lnk
[2010/09/26 12:13:45 | 000,000,964 | ---- | C] () -- C:\Users\Budda\Desktop\NWN WOHP.lnk
[2010/09/26 01:54:23 | 000,000,914 | ---- | C] () -- C:\Users\Budda\Desktop\nwmain - Shortcut.lnk
[2010/09/25 22:58:47 | 000,000,628 | ---- | C] () -- C:\Users\Public\Desktop\Neverwinter Nights.lnk
[2010/09/25 22:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/25 20:04:17 | 000,000,744 | ---- | C] () -- C:\Users\Budda\Desktop\Mount&Blade.lnk
[2010/07/21 22:24:29 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010/07/21 22:09:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 10 October 2010 - 08:51 AM

Hello, ANFO.

I'm not seeing anything that could explain the slowdown. Perhaps it's the router settings? What happens if you plug it in directly to the modem?

Let's scan with another tool and look for one other infection type.

Are there any other symptoms besides a slow internet connection?



Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2
  1. Download TDSSKiller.exe and save it to your desktop.
  2. Double-click TDSSKiller.exe to run it.
  3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  4. Click Start scan and allow it to scan for Malicious objects.
  5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the logfile in your next reply



Step 3

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 ANFO

ANFO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 10 October 2010 - 09:07 AM

The computer had a slow session again today that lasted an hour or two. Back to proper speed again. It's connected directly to the modem router. It's an all in one unit.
I currently use eset av package.
Will give those extra steps a go after work. Thanks for your fast responses.

#12 ANFO

ANFO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 October 2010 - 04:20 AM

MDR report

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: X58A-UD3R
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 194):
0x03010000 \SystemRoot\system32\ntoskrnl.exe
0x035EC000 \SystemRoot\system32\hal.dll
0x00BB1000 \SystemRoot\system32\kdcom.dll
0x00C57000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C9B000 \SystemRoot\system32\PSHED.dll
0x00CAF000 \SystemRoot\system32\CLFS.SYS
0x00D0D000 \SystemRoot\system32\CI.dll
0x00EC9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F6D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F7C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FDC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FED000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DCD000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01075000 \SystemRoot\system32\drivers\fltmgr.sys
0x010C1000 \SystemRoot\system32\drivers\fileinfo.sys
0x01212000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010D5000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01133000 \SystemRoot\System32\Drivers\cng.sys
0x013CF000 \SystemRoot\System32\drivers\pcw.sys
0x013E0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01432000 \SystemRoot\system32\drivers\ndis.sys
0x01524000 \SystemRoot\system32\drivers\NETIO.SYS
0x01584000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x015AF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01400000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x011A6000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01410000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x01418000 \SystemRoot\System32\Drivers\mup.sys
0x013EA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0103A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00C35000 \SystemRoot\system32\DRIVERS\disk.sys
0x01874000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018DA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01904000 \SystemRoot\System32\Drivers\Null.SYS
0x0190D000 \SystemRoot\System32\Drivers\Beep.SYS
0x01914000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01939000 \SystemRoot\System32\drivers\vga.sys
0x01947000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0196C000 \SystemRoot\System32\drivers\watchdog.sys
0x0197C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01985000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0198E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01997000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019A2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x019B3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019D1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C14000 \SystemRoot\system32\drivers\afd.sys
0x02C9E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CE3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02CEC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D12000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D21000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D3C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02D50000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DA1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DAD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02DB8000 \SystemRoot\System32\drivers\discache.sys
0x040B8000 \SystemRoot\system32\drivers\csc.sys
0x0413B000 \SystemRoot\System32\Drivers\dfsc.sys
0x04159000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0416A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04190000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x041A6000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x041D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0FE4F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10B84000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0424F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04343000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04389000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x043AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x10B86000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043BA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04000000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04200000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0423E000 \SystemRoot\system32\DRIVERS\fdc.sys
0x043CB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x043E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x10BDC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x10BEB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0FE00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0FE09000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0FE19000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04057000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0FE2F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0407B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x041D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DC7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x019DE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0FE3B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x043F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01800000 \SystemRoot\system32\DRIVERS\ks.sys
0x02DE8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x01843000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04AE8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04B42000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x04B4D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04B62000 \SystemRoot\system32\drivers\nvhda64v.sys
0x04B7B000 \SystemRoot\system32\drivers\portcls.sys
0x04BB8000 \SystemRoot\system32\drivers\drmk.sys
0x04BDA000 \SystemRoot\system32\drivers\ksthunk.sys
0x05CBA000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05EEC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05F09000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x05F26000 \SystemRoot\System32\drivers\Dxapi.sys
0x05F32000 \SystemRoot\system32\drivers\usbaudio.sys
0x05F4D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05F5B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05F74000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05F7D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05F8B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05F97000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05FA0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05FB3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x05FC1000 \SystemRoot\system32\drivers\luafv.sys
0x04A00000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x05C00000 \SystemRoot\system32\drivers\WudfPf.sys
0x05C21000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05C36000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06AFC000 \SystemRoot\system32\drivers\HTTP.sys
0x06BC4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06BE2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06A9E000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x05C4E000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x06AED000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x06EDF000 \SystemRoot\system32\drivers\peauth.sys
0x06F85000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06F90000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06FBD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07403000 \SystemRoot\System32\DRIVERS\srv.sys
0x07499000 \??\C:\Windows\gdrv.sys
0x074A2000 \??\C:\Windows\GVTDrv64.sys
0x074AC000 \SystemRoot\system32\drivers\spsys.sys
0x0751D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07528000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x771F0000 \Windows\System32\ntdll.dll
0x47C70000 \Windows\System32\smss.exe
0xFF510000 \Windows\System32\apisetschema.dll
0xFF8F0000 \Windows\System32\autochk.exe
0xFF4B0000 \Windows\System32\ws2_32.dll
0xFF380000 \Windows\System32\wininet.dll
0xFF2A0000 \Windows\System32\oleaut32.dll
0xFF290000 \Windows\System32\nsi.dll
0x770F0000 \Windows\System32\user32.dll
0xFF240000 \Windows\System32\Wldap32.dll
0xFF1D0000 \Windows\System32\gdi32.dll
0xFEFF0000 \Windows\System32\setupapi.dll
0xFE260000 \Windows\System32\shell32.dll
0xFE1C0000 \Windows\System32\clbcatq.dll
0xFE120000 \Windows\System32\msvcrt.dll
0xFDFA0000 \Windows\System32\urlmon.dll
0xFDD90000 \Windows\System32\ole32.dll
0xFDB30000 \Windows\System32\iertutil.dll
0xFDA50000 \Windows\System32\advapi32.dll
0x773C0000 \Windows\System32\psapi.dll
0xFD980000 \Windows\System32\usp10.dll
0xFD970000 \Windows\System32\lpk.dll
0xFD840000 \Windows\System32\rpcrt4.dll
0xFD7C0000 \Windows\System32\shlwapi.dll
0xFD790000 \Windows\System32\imm32.dll
0xFD680000 \Windows\System32\msctf.dll
0xFD660000 \Windows\System32\sechost.dll
0x773B0000 \Windows\System32\normaliz.dll
0xFD5C0000 \Windows\System32\comdlg32.dll
0xFD5A0000 \Windows\System32\imagehlp.dll
0x76FD0000 \Windows\System32\kernel32.dll
0xFD520000 \Windows\System32\difxapi.dll
0xFD4B0000 \Windows\System32\KernelBase.dll
0xFD490000 \Windows\System32\devobj.dll
0xFD3F0000 \Windows\System32\comctl32.dll
0xFD3B0000 \Windows\System32\cfgmgr32.dll
0xFD240000 \Windows\System32\crypt32.dll
0xFD200000 \Windows\System32\wintrust.dll
0xFD1F0000 \Windows\System32\msasn1.dll
0x75900000 \Windows\SysWOW64\normaliz.dll

Processes (total 55):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
488 csrss.exe
568 C:\Windows\System32\wininit.exe
592 csrss.exe
632 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\nvvsvc.exe
908 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
156 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\svchost.exe
576 C:\Windows\System32\audiodg.exe
1040 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\nvvsvc.exe
1180 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\spoolsv.exe
1324 C:\Windows\System32\svchost.exe
1444 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1472 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1508 C:\Apps\nod32\x86\ekrn.exe
1584 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1616 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\taskhost.exe
1936 C:\Windows\System32\dwm.exe
2000 C:\Windows\explorer.exe
2116 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2124 C:\Apps\nod32\egui.exe
2164 C:\Program Files\Windows Sidebar\sidebar.exe
2268 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
2436 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2616 C:\Apps\iTunes\iTunesHelper.exe
2660 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
2868 C:\Windows\System32\svchost.exe
2928 WmiPrvSE.exe
2052 C:\Program Files\iPod\bin\iPodService.exe
1368 C:\Windows\System32\SearchIndexer.exe
2972 C:\Windows\System32\SearchProtocolHost.exe
3404 C:\Program Files\Windows Media Player\wmpnetwk.exe
3504 C:\Windows\System32\svchost.exe
3640 WmiPrvSE.exe
3592 C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
4012 C:\Apps\firefox\firefox.exe
2812 C:\Windows\System32\sppsvc.exe
3108 C:\Windows\System32\svchost.exe
3076 C:\Windows\servicing\TrustedInstaller.exe
3896 C:\Windows\System32\SearchFilterHost.exe
2952 C:\Users\Budda\Desktop\MBRCheck.exe
2856 C:\Windows\System32\conhost.exe
2716 C:\Windows\System32\dllhost.exe
340 C:\Windows\System32\wbem\WMIADAP.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000049`3e000000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1002FAEX-00Z3A0, Rev: 05.01D05
PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev:

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


TDSS Report
2010/10/11 16:50:22.0429 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/11 16:50:22.0429 ================================================================================
2010/10/11 16:50:22.0429 SystemInfo:
2010/10/11 16:50:22.0429
2010/10/11 16:50:22.0429 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/11 16:50:22.0429 Product type: Workstation
2010/10/11 16:50:22.0429 ComputerName: BUDDA-PC
2010/10/11 16:50:22.0429 UserName: Budda
2010/10/11 16:50:22.0429 Windows directory: C:\Windows
2010/10/11 16:50:22.0429 System windows directory: C:\Windows
2010/10/11 16:50:22.0429 Running under WOW64
2010/10/11 16:50:22.0429 Processor architecture: Intel x64
2010/10/11 16:50:22.0429 Number of processors: 8
2010/10/11 16:50:22.0429 Page size: 0x1000
2010/10/11 16:50:22.0429 Boot type: Normal boot
2010/10/11 16:50:22.0429 ================================================================================
2010/10/11 16:50:22.0429 Utility is running under WOW64
2010/10/11 16:50:22.0585 Initialize success
2010/10/11 16:50:32.0117 ================================================================================
2010/10/11 16:50:32.0117 Scan started
2010/10/11 16:50:32.0117 Mode: Manual;
2010/10/11 16:50:32.0117 ================================================================================
2010/10/11 16:50:33.0568 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/11 16:50:33.0583 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/11 16:50:33.0614 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/11 16:50:33.0630 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/11 16:50:33.0661 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/11 16:50:33.0677 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/11 16:50:33.0724 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/10/11 16:50:33.0739 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/11 16:50:33.0755 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/11 16:50:33.0770 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/11 16:50:33.0786 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/11 16:50:33.0786 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/11 16:50:33.0802 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/11 16:50:33.0817 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/11 16:50:33.0833 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/11 16:50:33.0848 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/10/11 16:50:33.0880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/10/11 16:50:33.0895 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/11 16:50:33.0911 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/11 16:50:33.0926 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/11 16:50:33.0958 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2010/10/11 16:50:33.0989 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/10/11 16:50:34.0020 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/10/11 16:50:34.0051 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/10/11 16:50:34.0082 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/11 16:50:34.0098 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/11 16:50:34.0098 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/11 16:50:34.0114 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/11 16:50:34.0129 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/10/11 16:50:34.0145 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/11 16:50:34.0145 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/11 16:50:34.0160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/11 16:50:34.0160 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/11 16:50:34.0176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/11 16:50:34.0192 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/11 16:50:34.0207 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/11 16:50:34.0238 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/10/11 16:50:34.0254 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/11 16:50:34.0270 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/11 16:50:34.0285 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/10/11 16:50:34.0301 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/11 16:50:34.0316 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/11 16:50:34.0332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/11 16:50:34.0363 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/10/11 16:50:34.0410 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/10/11 16:50:34.0426 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/10/11 16:50:34.0457 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/10/11 16:50:34.0488 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/10/11 16:50:34.0519 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/11 16:50:34.0566 eamonm (29b06c2346fc6c39d073391f73fc4bb0) C:\Windows\system32\DRIVERS\eamonm.sys
2010/10/11 16:50:34.0628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/10/11 16:50:34.0722 ehdrv (4b52cf6d057a1b8a751a5475c126933f) C:\Windows\system32\DRIVERS\ehdrv.sys
2010/10/11 16:50:34.0769 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/11 16:50:34.0784 epfwwfpr (3f3593ec3610af2753b1d122feb75f4f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2010/10/11 16:50:34.0800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/11 16:50:34.0831 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
2010/10/11 16:50:34.0847 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/10/11 16:50:34.0862 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/10/11 16:50:34.0878 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/11 16:50:34.0909 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/10/11 16:50:34.0925 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/10/11 16:50:34.0940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/11 16:50:34.0956 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/10/11 16:50:34.0972 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/10/11 16:50:34.0972 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/11 16:50:35.0003 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/11 16:50:35.0018 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/11 16:50:35.0050 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2010/10/11 16:50:35.0081 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/11 16:50:35.0096 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2010/10/11 16:50:35.0112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/11 16:50:35.0143 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/10/11 16:50:35.0159 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/11 16:50:35.0159 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/11 16:50:35.0174 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/11 16:50:35.0190 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/11 16:50:35.0221 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/11 16:50:35.0252 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/11 16:50:35.0268 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/10/11 16:50:35.0268 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/11 16:50:35.0284 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/11 16:50:35.0315 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/11 16:50:35.0346 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/11 16:50:35.0393 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
2010/10/11 16:50:35.0424 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/11 16:50:35.0440 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/11 16:50:35.0471 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/11 16:50:35.0471 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/11 16:50:35.0486 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/10/11 16:50:35.0502 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/10/11 16:50:35.0533 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/11 16:50:35.0549 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/11 16:50:35.0564 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/11 16:50:35.0564 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/11 16:50:35.0580 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/11 16:50:35.0611 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/11 16:50:35.0627 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/10/11 16:50:35.0674 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/10/11 16:50:35.0720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/11 16:50:35.0752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/11 16:50:35.0767 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/11 16:50:35.0783 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/11 16:50:35.0798 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/11 16:50:35.0814 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/10/11 16:50:35.0845 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/11 16:50:35.0861 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/11 16:50:35.0892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/10/11 16:50:35.0908 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/11 16:50:35.0923 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/11 16:50:35.0939 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/11 16:50:35.0954 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/10/11 16:50:35.0970 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/11 16:50:35.0986 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/11 16:50:36.0001 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/11 16:50:36.0032 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/11 16:50:36.0048 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/11 16:50:36.0064 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/11 16:50:36.0079 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/11 16:50:36.0095 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/11 16:50:36.0110 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/10/11 16:50:36.0126 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/11 16:50:36.0142 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/11 16:50:36.0173 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/11 16:50:36.0188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/11 16:50:36.0204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/10/11 16:50:36.0235 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/10/11 16:50:36.0266 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/11 16:50:36.0282 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/10/11 16:50:36.0282 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/11 16:50:36.0298 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/10/11 16:50:36.0329 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/11 16:50:36.0360 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/10/11 16:50:36.0376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/11 16:50:36.0391 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/11 16:50:36.0407 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/11 16:50:36.0422 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/11 16:50:36.0438 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/10/11 16:50:36.0454 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/11 16:50:36.0469 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/11 16:50:36.0516 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/11 16:50:36.0532 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/10/11 16:50:36.0547 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/11 16:50:36.0578 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/10/11 16:50:36.0610 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/10/11 16:50:36.0641 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
2010/10/11 16:50:36.0688 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2010/10/11 16:50:36.0703 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
2010/10/11 16:50:36.0875 nvlddmkm (e75460a053a1cb9a84da5ab5524a5308) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/11 16:50:36.0937 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/11 16:50:36.0953 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/11 16:50:36.0984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/11 16:50:36.0984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/11 16:50:37.0000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/10/11 16:50:37.0015 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/10/11 16:50:37.0031 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/10/11 16:50:37.0046 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/11 16:50:37.0062 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/11 16:50:37.0078 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/10/11 16:50:37.0093 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/10/11 16:50:37.0140 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/11 16:50:37.0156 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/10/11 16:50:37.0171 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/11 16:50:37.0202 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/11 16:50:37.0234 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/11 16:50:37.0265 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/11 16:50:37.0280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/11 16:50:37.0296 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/11 16:50:37.0312 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/11 16:50:37.0327 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/11 16:50:37.0343 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/11 16:50:37.0358 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/11 16:50:37.0374 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/11 16:50:37.0390 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/11 16:50:37.0421 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/10/11 16:50:37.0421 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/11 16:50:37.0436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/11 16:50:37.0452 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/10/11 16:50:37.0468 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/10/11 16:50:37.0499 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/11 16:50:37.0530 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/10/11 16:50:37.0561 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/11 16:50:37.0577 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/11 16:50:37.0592 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/11 16:50:37.0624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/10/11 16:50:37.0655 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/11 16:50:37.0670 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/10/11 16:50:37.0670 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/11 16:50:37.0686 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/11 16:50:37.0702 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/11 16:50:37.0717 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/11 16:50:37.0717 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/11 16:50:37.0748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/11 16:50:37.0764 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/11 16:50:37.0764 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/10/11 16:50:37.0795 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/10/11 16:50:37.0842 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/11 16:50:37.0858 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/11 16:50:37.0889 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/11 16:50:37.0951 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/11 16:50:37.0967 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/11 16:50:37.0998 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/11 16:50:38.0014 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/11 16:50:38.0076 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/10/11 16:50:38.0138 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/11 16:50:38.0154 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/11 16:50:38.0170 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/10/11 16:50:38.0185 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/10/11 16:50:38.0201 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/11 16:50:38.0201 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/11 16:50:38.0232 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/11 16:50:38.0279 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/11 16:50:38.0279 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/11 16:50:38.0310 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/11 16:50:38.0326 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/11 16:50:38.0357 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/11 16:50:38.0357 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/11 16:50:38.0404 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/10/11 16:50:38.0435 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/10/11 16:50:38.0450 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/11 16:50:38.0466 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/11 16:50:38.0482 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/11 16:50:38.0497 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/11 16:50:38.0513 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/11 16:50:38.0528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/11 16:50:38.0544 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/11 16:50:38.0575 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/11 16:50:38.0591 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/11 16:50:38.0606 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/11 16:50:38.0606 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/10/11 16:50:38.0622 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/11 16:50:38.0638 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/11 16:50:38.0669 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/11 16:50:38.0669 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/11 16:50:38.0700 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/11 16:50:38.0700 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/10/11 16:50:38.0731 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/11 16:50:38.0747 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/11 16:50:38.0762 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/10/11 16:50:38.0794 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/11 16:50:38.0809 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/11 16:50:38.0825 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/11 16:50:38.0856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/10/11 16:50:38.0872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/11 16:50:38.0918 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/11 16:50:38.0934 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/10/11 16:50:38.0981 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/10/11 16:50:38.0996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/11 16:50:39.0028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/11 16:50:39.0043 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/10/11 16:50:39.0074 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/11 16:50:39.0121 ================================================================================
2010/10/11 16:50:39.0121 Scan finished
2010/10/11 16:50:39.0121 ================================================================================


========
No threats found with ESET.


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 11 October 2010 - 05:53 PM

Hello, ANFO.


It doesn't appear to be malware. You may want to post in our XP or our Network forums here at BC. They have advisors more skilled in that type of diagnosis and repair. My expertise is in malware removal. I'm still willing to help you in this thread if you prefer.

Please let me know how you want to proceed.

**********************************************************

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Next, we need to remove the other tools we have used.
  • Please download OTC by OldTimer and save it to you desktop
  • If that link doesn't work, try this one.
  • Doubleclick the icon to start the program.
  • Then, click the big button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!




Thanks!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 ANFO

ANFO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 October 2010 - 08:02 PM

Thankyou Etavares.

I'll see how it performs over the next month or so. If I'm still not satisfied, I think I will progress this case onto the other sections you mentioned.

Thanks heaps for the suggestions on further security measures. I will certainly be putting them in place.

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 12 October 2010 - 05:08 PM

OK, sounds like a good plan. Let me know if you have questions. I'll leave this open a few days in case something pops up.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users