Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Atapi.sys Infection?


  • This topic is locked This topic is locked
31 replies to this topic

#1 BlackClouds

BlackClouds

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 03 April 2010 - 12:14 PM

Hey awsome helpers of BleepingComputers,

Description Problem:
I have had a nasty infection recently which totally trashed my windows 7 installation, back then I had high memory usage errors when they should not appear.
I decided to format my windows partition (C:\) and do a clean reinstallation. It appeared to be clean in the beginning but then my current problems started:

• Google Chrome stopped functioning
• Random pop-ups in internet explorer
• A blue screen with mbr.sys
• Second reinfection after clean windows 7 install and combofix
• "Interactive Services Detection" spam (not sure if its relevant).
*Note I reinstalled it another time since these problems started happening again*

Operating System:
Windows 7

The hunt:
• Firstly I did a scan with Malwarebytes' Anti-Malware. Found some things but did not fix the major problem.
• Then I started googling for similar problems and followed one topics which suggested that combofix would fix the problem. So I ran it and it deleted the following:
QUOTE
c:\windows\system32\cdzlyey.dll
c:\windows\Tasks\At1.job

Besmet exemplaar van c:\windows\system32\DRIVERS\atapi.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty ate it

It fixed the problem for then and I could use google chrome again. But after not so long it got infected again somehow and google chrome does not work again.
• I decided to read on and did a full GMER scan for rootkit activity (quick scan did not show anything). There I noticed again the atapi.sys with a value of suspicious modification.
• I did a virustotal.com scan on atapi.sys . eSafe said it was a Win32.TrojanHorse and mcAfee-GW-Edition said it was a Heuristic.BehavesLike.Win32.Rootkit.H .

Redirected
Boopme was kind enough to redirect my original topic and suggested me to follow the preperation steps 6-9 which I just did.
It appears that I am still infected and unfortunatly I am at a loss on how to tackle this problem.

Kindly waiting on your instructions,

Alexander

DDS log
QUOTE
DDS (Ver_10-03-17.01) - NTFSx86
Run by Alexander at 18:52:06,27 on za 03-04-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.31.1033.18.3582.2616 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\regsvr32.exe
C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Alexander\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\TEMP\Pcr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\alexander\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PortableDeviceValuesClass] regsvr32 /s /u "c:\users\alexander\appdata\local\portabledevicevalues\PortableDeviceValuesClass.dll"
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [YVIBBBHA8C] c:\windows\temp\Pcr.exe
StartupFolder: c:\users\alexan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\alexander\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-4-3 5010288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 htecdiks;Microsoft Infrared HID Helper;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-24 16168]

=============== Created Last 30 ================

2010-04-03 16:50:30 0 ----a-w- c:\users\alexander\defogger_reenable
2010-04-03 16:20:10 0 d-----w- c:\programdata\licensecb
2010-04-03 16:20:10 0 d-----w- c:\programdata\CrazyBump
2010-04-03 15:08:27 0 d-----w- c:\users\alexan~1\appdata\roaming\GrabIt
2010-04-03 13:58:15 0 d-----w- c:\users\alexan~1\appdata\roaming\WTablet
2010-04-03 13:39:18 7773040 ----a-w- c:\windows\system32\WacomTablet.cpl
2010-04-03 13:39:18 1746986 ----a-w- c:\windows\system32\WacomTablet.znc
2010-04-03 13:39:18 0 d-----w- c:\program files\TabletPlugins
2010-04-03 13:39:10 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-03 13:39:09 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-03 13:38:59 0 d-----w- c:\windows\system32\WTablet
2010-04-03 13:38:58 5010288 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-04-03 13:38:58 415600 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-04-03 13:38:56 0 d-----w- c:\program files\Tablet
2010-04-03 06:01:36 3272 ------w- C:\bootsqm.dat
2010-04-02 23:21:02 0 d-----w- c:\users\alexan~1\appdata\roaming\Dropbox
2010-04-02 22:28:11 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-02 16:31:49 0 d-----w- c:\program files\ESET
2010-04-02 14:14:46 0 d-----w- c:\programdata\Sun
2010-04-02 14:14:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 14:04:08 0 d-----w- c:\windows\system32\appmgmt
2010-04-02 13:41:14 0 d-----w- c:\programdata\Skype
2010-04-02 11:49:32 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-02 11:41:13 98816 ----a-w- c:\windows\sed.exe
2010-04-02 11:41:13 77312 ----a-w- c:\windows\MBR.exe
2010-04-02 11:41:13 261632 ----a-w- c:\windows\PEV.exe
2010-04-02 11:41:13 161792 ----a-w- c:\windows\SWREG.exe
2010-04-02 11:25:11 0 d-----w- c:\users\alexan~1\appdata\roaming\Malwarebytes
2010-04-02 11:25:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 11:25:06 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 11:25:06 0 d-----w- c:\programdata\Malwarebytes
2010-04-02 02:49:02 0 d-----w- c:\program files\common files\Photoshop
2010-04-02 02:40:25 0 d-----w- c:\program files\Autodesk
2010-04-02 02:39:38 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-04-02 02:39:38 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-04-02 02:39:37 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-02 02:32:51 0 d-----w- c:\windows\Panther
2010-04-02 02:32:39 8192 --sha-r- C:\BOOTSECT.BAK
2010-04-02 02:32:38 383562 --sha-r- C:\bootmgr
2010-04-02 02:32:38 0 d-----w- C:\Boot
2010-04-01 18:53:28 0 d-----w- c:\program files\Microsoft Chart Controls
2010-04-01 18:38:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-01 18:37:03 0 d-----w- c:\users\alexan~1\appdata\roaming\DAEMON Tools Lite
2010-04-01 18:36:57 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-04-01 18:33:10 0 d-----w- c:\users\alexan~1\appdata\roaming\Autodesk
2010-04-01 18:32:06 0 d-----w- c:\users\alexander\Adlm
2010-04-01 18:31:00 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-01 18:31:00 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-01 18:31:00 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-04-01 18:31:00 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-01 18:31:00 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-04-01 18:31:00 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-01 18:31:00 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-04-01 18:29:50 0 d-----w- c:\windows\system32\directx
2010-04-01 18:26:17 0 d-----w- c:\program files\common files\ja-JP
2010-04-01 18:26:17 0 d-----w- c:\program files\common files\en-US
2010-04-01 18:26:15 0 d-----w- c:\program files\common files\Autodesk Shared
2010-04-01 18:26:12 0 d-----w- c:\programdata\Autodesk
2010-04-01 18:10:49 0 d-----w- c:\programdata\FLEXnet
2010-04-01 18:03:23 0 d-----w- c:\programdata\Adobe
2010-04-01 18:02:30 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-01 18:01:24 0 d-sh--w- c:\windows\Installer
2010-04-01 17:58:58 0 d-----w- c:\users\alexan~1\appdata\roaming\XnView
2010-04-01 16:54:21 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-01 16:54:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-01 16:44:54 684666 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-04-01 16:43:58 0 d-----w- c:\windows\system32\wbem\Performance
2010-04-01 16:43:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-04-01 16:41:49 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-01 16:35:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== Find3M ====================

2010-03-30 23:05:48 3274936 ----a-w- c:\windows\system32\libmmd.dll
2010-03-30 23:05:41 4935680 ----a-w- c:\windows\system32\cg.dll
2010-03-30 23:05:34 967168 ----a-w- c:\windows\system32\libxml2.dll
2010-03-30 23:05:24 1212416 ----a-w- c:\windows\system32\FCollada.dll
2010-03-30 23:05:04 307200 ----a-w- c:\windows\system32\cgGL.dll
2010-03-30 23:04:33 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-03-30 23:04:27 1101824 ----a-w- c:\windows\system32\mfc80.dll
2010-03-30 23:04:17 2289664 ----a-w- c:\windows\system32\EyeCommon.dll
2010-03-30 23:03:09 837120 ----a-w- c:\windows\system32\devil.dll
2010-03-30 22:58:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-30 22:58:09 127488 ----a-w- c:\windows\system32\jpeg62.dll
2010-03-30 22:58:09 118784 ----a-w- c:\windows\system32\nvtt.dll
2010-03-30 22:57:46 888832 ----a-w- c:\windows\system32\iconv.dll
2010-03-30 22:57:43 212992 ----a-w- c:\windows\system32\glew32.dll
2010-03-30 22:57:32 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-30 22:56:47 497848 ----a-w- c:\windows\system32\libiomp5md.dll
2010-03-30 22:56:27 161792 ----a-w- c:\windows\system32\libpng12.dll
2010-03-30 22:55:31 376832 ----a-w- c:\windows\system32\libtiff3.dll
2010-03-30 22:54:42 65536 ----a-w- c:\windows\system32\vcomp.dll
2010-03-30 22:54:42 59904 ----a-w- c:\windows\system32\zlib1.dll
2010-03-30 22:54:42 24576 ----a-w- c:\windows\system32\ilut.dll
2010-03-30 22:52:20 146432 ----a-w- c:\windows\system32\KEYLIB32.dll
2010-03-30 22:51:38 69632 ----a-w- c:\windows\system32\ilu.dll
2010-03-30 22:51:21 147456 ----a-w- c:\windows\system32\lib3ds.dll
2010-03-08 13:40:46 294400 ----a-w- c:\windows\system32\Wintab32.dll
2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-24 20:38:42 42280 ----a-w- c:\windows\system32\wacomwucoinst3.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-14 19:02:10 3392872 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-05-14 19:02:10 3298152 ----a-w- c:\program files\common files\adlmint.dll
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:52:20,97 ===============

Attached Files


Edited by BlackClouds, 03 April 2010 - 12:16 PM.


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:31 AM

Posted 07 April 2010 - 11:31 AM


Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 07 April 2010 - 12:41 PM

Hey thanks for the response! I am really happy now hahaha!

In my first post you can read the extensive description. Nothing has changed so far since I have disconnected my internet and haven't used it for a couple of days (it made me want to cry tongue.gif).

Here is the latest DDS Log and in the attachment is the attach.txt and the ark.log from GMER scan.

QUOTE
DDS (Ver_10-03-17.01) - NTFSx86
Run by Alexander at 19:32:57,66 on wo 07-04-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.31.1033.18.3582.2568 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\regsvr32.exe
C:\Users\Alexander\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\alexander\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PortableDeviceValuesClass] regsvr32 /s /u "c:\users\alexander\appdata\local\portabledevicevalues\PortableDeviceValuesClass.dll"
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [YVIBBBHA8C] c:\windows\temp\Pcr.exe
StartupFolder: c:\users\alexan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\alexander\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-4-3 5010288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 htecdiks;Microsoft Infrared HID Helper;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-24 16168]

=============== Created Last 30 ================

2010-04-03 16:50:30 0 ----a-w- c:\users\alexander\defogger_reenable
2010-04-03 16:20:10 0 d-----w- c:\programdata\licensecb
2010-04-03 16:20:10 0 d-----w- c:\programdata\CrazyBump
2010-04-03 15:08:27 0 d-----w- c:\users\alexan~1\appdata\roaming\GrabIt
2010-04-03 13:58:15 0 d-----w- c:\users\alexan~1\appdata\roaming\WTablet
2010-04-03 13:39:18 7773040 ----a-w- c:\windows\system32\WacomTablet.cpl
2010-04-03 13:39:18 1746986 ----a-w- c:\windows\system32\WacomTablet.znc
2010-04-03 13:39:18 0 d-----w- c:\program files\TabletPlugins
2010-04-03 13:39:10 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-03 13:39:09 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-03 13:38:59 0 d-----w- c:\windows\system32\WTablet
2010-04-03 13:38:58 5010288 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-04-03 13:38:58 415600 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-04-03 13:38:56 0 d-----w- c:\program files\Tablet
2010-04-02 23:21:02 0 d-----w- c:\users\alexan~1\appdata\roaming\Dropbox
2010-04-02 22:28:11 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-02 16:31:49 0 d-----w- c:\program files\ESET
2010-04-02 14:14:46 0 d-----w- c:\programdata\Sun
2010-04-02 14:14:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 14:04:08 0 d-----w- c:\windows\system32\appmgmt
2010-04-02 13:41:14 0 d-----w- c:\programdata\Skype
2010-04-02 11:49:32 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-02 11:41:13 98816 ----a-w- c:\windows\sed.exe
2010-04-02 11:41:13 77312 ----a-w- c:\windows\MBR.exe
2010-04-02 11:41:13 261632 ----a-w- c:\windows\PEV.exe
2010-04-02 11:41:13 161792 ----a-w- c:\windows\SWREG.exe
2010-04-02 11:25:11 0 d-----w- c:\users\alexan~1\appdata\roaming\Malwarebytes
2010-04-02 11:25:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 11:25:06 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 11:25:06 0 d-----w- c:\programdata\Malwarebytes
2010-04-02 02:49:02 0 d-----w- c:\program files\common files\Photoshop
2010-04-02 02:40:25 0 d-----w- c:\program files\Autodesk
2010-04-02 02:39:38 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-04-02 02:39:38 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-04-02 02:39:37 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-02 02:32:51 0 d-----w- c:\windows\Panther
2010-04-02 02:32:39 8192 --sha-r- C:\BOOTSECT.BAK
2010-04-02 02:32:38 383562 --sha-r- C:\bootmgr
2010-04-02 02:32:38 0 d-----w- C:\Boot
2010-04-01 18:53:28 0 d-----w- c:\program files\Microsoft Chart Controls
2010-04-01 18:38:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-01 18:37:03 0 d-----w- c:\users\alexan~1\appdata\roaming\DAEMON Tools Lite
2010-04-01 18:36:57 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-04-01 18:33:10 0 d-----w- c:\users\alexan~1\appdata\roaming\Autodesk
2010-04-01 18:32:06 0 d-----w- c:\users\alexander\Adlm
2010-04-01 18:31:00 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-01 18:31:00 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-01 18:31:00 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-04-01 18:31:00 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-01 18:31:00 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-04-01 18:31:00 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-01 18:31:00 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-04-01 18:29:50 0 d-----w- c:\windows\system32\directx
2010-04-01 18:26:17 0 d-----w- c:\program files\common files\ja-JP
2010-04-01 18:26:17 0 d-----w- c:\program files\common files\en-US
2010-04-01 18:26:15 0 d-----w- c:\program files\common files\Autodesk Shared
2010-04-01 18:26:12 0 d-----w- c:\programdata\Autodesk
2010-04-01 18:10:49 0 d-----w- c:\programdata\FLEXnet
2010-04-01 18:03:23 0 d-----w- c:\programdata\Adobe
2010-04-01 18:02:30 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-01 18:01:24 0 d-sh--w- c:\windows\Installer
2010-04-01 17:58:58 0 d-----w- c:\users\alexan~1\appdata\roaming\XnView
2010-04-01 16:54:21 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-01 16:54:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-01 16:44:54 684666 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-04-01 16:43:58 0 d-----w- c:\windows\system32\wbem\Performance
2010-04-01 16:43:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-04-01 16:41:49 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-01 16:35:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== Find3M ====================

2010-03-30 23:05:48 3274936 ----a-w- c:\windows\system32\libmmd.dll
2010-03-30 23:05:41 4935680 ----a-w- c:\windows\system32\cg.dll
2010-03-30 23:05:34 967168 ----a-w- c:\windows\system32\libxml2.dll
2010-03-30 23:05:24 1212416 ----a-w- c:\windows\system32\FCollada.dll
2010-03-30 23:05:04 307200 ----a-w- c:\windows\system32\cgGL.dll
2010-03-30 23:04:33 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-03-30 23:04:27 1101824 ----a-w- c:\windows\system32\mfc80.dll
2010-03-30 23:04:17 2289664 ----a-w- c:\windows\system32\EyeCommon.dll
2010-03-30 23:03:09 837120 ----a-w- c:\windows\system32\devil.dll
2010-03-30 22:58:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-30 22:58:09 127488 ----a-w- c:\windows\system32\jpeg62.dll
2010-03-30 22:58:09 118784 ----a-w- c:\windows\system32\nvtt.dll
2010-03-30 22:57:46 888832 ----a-w- c:\windows\system32\iconv.dll
2010-03-30 22:57:43 212992 ----a-w- c:\windows\system32\glew32.dll
2010-03-30 22:57:32 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-30 22:56:47 497848 ----a-w- c:\windows\system32\libiomp5md.dll
2010-03-30 22:56:27 161792 ----a-w- c:\windows\system32\libpng12.dll
2010-03-30 22:55:31 376832 ----a-w- c:\windows\system32\libtiff3.dll
2010-03-30 22:54:42 65536 ----a-w- c:\windows\system32\vcomp.dll
2010-03-30 22:54:42 59904 ----a-w- c:\windows\system32\zlib1.dll
2010-03-30 22:54:42 24576 ----a-w- c:\windows\system32\ilut.dll
2010-03-30 22:52:20 146432 ----a-w- c:\windows\system32\KEYLIB32.dll
2010-03-30 22:51:38 69632 ----a-w- c:\windows\system32\ilu.dll
2010-03-30 22:51:21 147456 ----a-w- c:\windows\system32\lib3ds.dll
2010-03-08 13:40:46 294400 ----a-w- c:\windows\system32\Wintab32.dll
2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-24 20:38:42 42280 ----a-w- c:\windows\system32\wacomwucoinst3.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-14 19:02:10 3392872 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-05-14 19:02:10 3298152 ----a-w- c:\program files\common files\adlmint.dll
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:33:12,78 ===============

Attached Files



#4 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 07 April 2010 - 01:10 PM

Hey Shannon,

I forgot to mention that apart from these symptoms
QUOTE
• Google Chrome stopped functioning
• Random pop-ups in internet explorer
• A blue screen with mbr.sys
• Second reinfection after clean windows 7 install and combofix
• "Interactive Services Detection" spam (not sure if its relevant).


I also had a redirecting google search before, warning me of 3rd party apps. This hasn't shown up though since I ran the combofix before.

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 07 April 2010 - 09:34 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log
* Don't forget to copy and paste the logs. Do not attach.

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 April 2010 - 04:37 AM

Harr double post tongue.gif

Edited by BlackClouds, 08 April 2010 - 04:39 AM.


#7 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 April 2010 - 04:37 AM

Hey ThcBytes,

Thanks a lot for helping me, I think what you guys are doing is flippin awsum.

So here are the logs:

OTL.txt
QUOTE
OTL logfile created on: 8-4-2010 11:21:18 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = D:\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,82 Gb Total Space | 14,23 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 276,16 Gb Free Space | 29,65% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 246,03 Gb Free Space | 26,41% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 52,59 Gb Free Space | 11,29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-08 11:19:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2010-04-02 15:53:16 | 000,176,640 | ---- | M] () -- C:\Windows\temp\Pcr.exe
PRC - [2010-04-01 20:26:18 | 000,867,080 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010-04-01 19:48:25 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Alexander\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010-03-08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-28 01:35:08 | 002,226,176 | ---- | M] (Autodesk) -- D:\Program Files\Maya2010\bin\maya.exe
PRC - [2009-07-14 03:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009-07-14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 03:14:41 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
PRC - [2009-07-14 03:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
PRC - [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009-07-14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009-03-12 17:36:24 | 000,086,016 | ---- | M] () -- D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe


========== Modules (SafeList) ==========

MOD - [2010-04-08 11:19:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
MOD - [2009-07-14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009-07-14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-04-01 20:26:18 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009-07-14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-03-12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)


========== Driver Services (SafeList) ==========

DRV - [2010-04-01 20:38:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010-01-24 22:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009-09-21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009-08-13 22:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009-07-14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009-07-14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009-07-14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-14 00:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-06-10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2007-02-16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-133007958-3132792425-3873238371-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-133007958-3132792425-3873238371-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-133007958-3132792425-3873238371-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-133007958-3132792425-3873238371-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 08 3B E9 54 D2 CA 01 [binary data]
IE - HKU\S-1-5-21-133007958-3132792425-3873238371-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-04-02 13:48:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\Run: [YVIBBBHA8C] C:\Windows\temp\Pcr.exe ()
O4 - HKU\S-1-5-18..\Run: [YVIBBBHA8C] C:\Windows\temp\Pcr.exe ()
O4 - HKU\S-1-5-21-133007958-3132792425-3873238371-1001..\Run: [PortableDeviceValuesClass] File not found
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-133007958-3132792425-3873238371-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-133007958-3132792425-3873238371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-07-14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - FSFilter System Recovery
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1AB27823-6E84-2BCE-5C59-B18D10EB3C52} - Themes Setup
ActiveX: {2AB26987-48F2-A77E-D601-49295084D27E} - Offline Browsing Pack
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3E742459-627B-DDEB-4E50-62861CB2D064} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F753C6DF-493D-46F4-3666-8C836A8CC243} - Internet Explorer
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010-04-08 11:19:36 | 000,561,664 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2010-04-03 18:20:10 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\licensecb
[2010-04-03 18:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\licensecb
[2010-04-03 18:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CrazyBump
[2010-04-03 17:08:27 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\GrabIt
[2010-04-03 15:58:15 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\WTablet
[2010-04-03 15:39:18 | 007,773,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2010-04-03 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010-04-03 15:39:10 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010-04-03 15:39:09 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010-04-03 15:38:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010-04-03 15:38:58 | 005,010,288 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2010-04-03 15:38:58 | 000,415,600 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2010-04-03 15:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010-04-03 01:21:02 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Dropbox
[2010-04-03 00:28:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\skypePM
[2010-04-03 00:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-04-02 23:31:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010-04-02 18:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-04-02 16:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-04-02 16:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-04-02 16:14:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010-04-02 16:14:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010-04-02 16:14:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010-04-02 16:14:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010-04-02 16:04:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010-04-02 15:42:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-04-02 15:41:16 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Skype
[2010-04-02 15:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-04-02 14:46:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\PortableDeviceValues
[2010-04-02 13:49:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010-04-02 13:49:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-04-02 13:47:56 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\temp
[2010-04-02 13:41:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-04-02 13:41:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-04-02 13:41:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-04-02 13:41:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-04-02 13:39:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-04-02 13:39:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-04-02 13:39:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-04-02 13:25:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2010-04-02 13:25:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-04-02 13:25:06 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-04-02 13:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-04-02 04:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Photoshop
[2010-04-02 04:48:02 | 000,000,000 | ---D | C] -- D:\My Documents\3dsMax
[2010-04-02 04:40:53 | 000,000,000 | ---D | C] -- D:\My Documents\3ds Max 2010 Tutorials
[2010-04-02 04:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010-04-02 04:39:38 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010-04-02 04:39:38 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010-04-02 04:39:37 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010-04-02 04:32:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010-04-02 04:32:38 | 000,000,000 | ---D | C] -- C:\Boot
[2010-04-01 20:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2010-04-01 20:50:29 | 004,935,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cg.dll
[2010-04-01 20:50:29 | 003,274,936 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmmd.dll
[2010-04-01 20:50:29 | 002,289,664 | ---- | C] (Interactive Data Visualization, Inc.) -- C:\Windows\System32\EyeCommon.dll
[2010-04-01 20:50:29 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc80.dll
[2010-04-01 20:50:29 | 000,888,832 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2010-04-01 20:50:29 | 000,837,120 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010-04-01 20:50:29 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010-04-01 20:50:29 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010-04-01 20:50:29 | 000,497,848 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libiomp5md.dll
[2010-04-01 20:50:29 | 000,376,832 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\System32\libtiff3.dll
[2010-04-01 20:50:29 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010-04-01 20:50:29 | 000,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cgGL.dll
[2010-04-01 20:50:29 | 000,294,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010-04-01 20:50:29 | 000,161,792 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\System32\libpng12.dll
[2010-04-01 20:50:29 | 000,146,432 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2010-04-01 20:50:29 | 000,127,488 | ---- | C] (Independent JPEG Group <www.ijg.org>) -- C:\Windows\System32\jpeg62.dll
[2010-04-01 20:50:29 | 000,118,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvtt.dll
[2010-04-01 20:50:29 | 000,069,632 | ---- | C] (Abysmal Software) -- C:\Windows\System32\ilu.dll
[2010-04-01 20:50:29 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcomp.dll
[2010-04-01 20:50:29 | 000,024,576 | ---- | C] (Abysmal Software) -- C:\Windows\System32\ilut.dll
[2010-04-01 20:44:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\CrazyBump
[2010-04-01 20:38:05 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010-04-01 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
[2010-04-01 20:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010-04-01 20:34:46 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\QuickPar
[2010-04-01 20:33:10 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Autodesk
[2010-04-01 20:33:09 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Autodesk
[2010-04-01 20:32:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Adlm
[2010-04-01 20:31:00 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010-04-01 20:31:00 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010-04-01 20:31:00 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010-04-01 20:31:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010-04-01 20:31:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010-04-01 20:31:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010-04-01 20:31:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010-04-01 20:30:59 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010-04-01 20:30:59 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010-04-01 20:30:59 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010-04-01 20:30:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010-04-01 20:30:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010-04-01 20:30:59 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010-04-01 20:30:59 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010-04-01 20:30:59 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010-04-01 20:30:59 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010-04-01 20:30:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010-04-01 20:30:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010-04-01 20:30:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010-04-01 20:30:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010-04-01 20:30:59 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010-04-01 20:30:59 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010-04-01 20:30:59 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010-04-01 20:30:59 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010-04-01 20:30:59 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010-04-01 20:30:59 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010-04-01 20:30:59 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010-04-01 20:30:59 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010-04-01 20:30:58 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010-04-01 20:30:58 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010-04-01 20:30:58 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010-04-01 20:30:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010-04-01 20:30:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010-04-01 20:30:58 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010-04-01 20:30:58 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010-04-01 20:30:57 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010-04-01 20:30:57 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010-04-01 20:30:57 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010-04-01 20:30:57 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010-04-01 20:30:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010-04-01 20:30:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010-04-01 20:30:55 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010-04-01 20:30:55 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010-04-01 20:30:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010-04-01 20:30:54 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010-04-01 20:30:54 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010-04-01 20:30:54 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010-04-01 20:30:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010-04-01 20:30:54 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010-04-01 20:30:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010-04-01 20:30:53 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010-04-01 20:30:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010-04-01 20:30:53 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010-04-01 20:30:53 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010-04-01 20:30:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010-04-01 20:30:52 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010-04-01 20:30:52 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010-04-01 20:30:52 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010-04-01 20:30:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010-04-01 20:30:52 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010-04-01 20:30:52 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010-04-01 20:30:52 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010-04-01 20:30:52 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010-04-01 20:30:52 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010-04-01 20:30:52 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010-04-01 20:30:52 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010-04-01 20:30:52 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010-04-01 20:30:52 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010-04-01 20:30:52 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010-04-01 20:30:52 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010-04-01 20:30:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010-04-01 20:30:51 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010-04-01 20:30:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010-04-01 20:30:51 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010-04-01 20:30:51 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010-04-01 20:30:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010-04-01 20:30:51 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010-04-01 20:30:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010-04-01 20:30:50 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010-04-01 20:30:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010-04-01 20:29:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010-04-01 20:27:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\WinRAR
[2010-04-01 20:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ja-JP
[2010-04-01 20:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\en-US
[2010-04-01 20:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010-04-01 20:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010-04-01 20:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010-04-01 20:13:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Downloaded Installations
[2010-04-01 20:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010-04-01 20:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010-04-01 20:06:10 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Macromedia
[2010-04-01 20:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010-04-01 20:04:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Adobe
[2010-04-01 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-04-01 20:03:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Adobe
[2010-04-01 20:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010-04-01 20:02:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010-04-01 20:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010-04-01 20:01:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010-04-01 20:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-04-01 19:58:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\XnView
[2010-04-01 19:48:26 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Google
[2010-04-01 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Deployment
[2010-04-01 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Apps
[2010-04-01 18:54:10 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010-04-01 18:42:41 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010-04-01 18:42:17 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010-04-01 18:42:17 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-04-01 18:42:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010-04-01 18:42:16 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010-04-01 18:42:16 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010-04-01 18:42:16 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010-04-01 18:42:15 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010-04-01 18:42:15 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010-04-01 18:42:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010-04-01 18:42:15 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010-04-01 18:42:09 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010-04-01 18:42:09 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010-04-01 18:42:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010-04-01 18:42:08 | 003,955,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010-04-01 18:42:08 | 003,899,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010-04-01 18:42:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010-04-01 18:41:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010-04-01 18:40:30 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Searches
[2010-04-01 18:40:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Identities
[2010-04-01 18:40:23 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Contacts
[2010-04-01 18:40:19 | 000,000,000 | --SD | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft
[2010-04-01 18:40:19 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Links
[2010-04-01 18:40:19 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Favorites
[2010-04-01 18:40:19 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Desktop
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\Temporary Internet Files
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Templates
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Start Menu
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\SendTo
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Recent
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\PrintHood
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\NetHood
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\My Documents
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Local Settings
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\History
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Cookies
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Application Data
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\Application Data
[2010-04-01 18:40:19 | 000,000,000 | -H-D | C] -- C:\Users\Alexander\AppData
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\VirtualStore
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Videos
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Pictures
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Music
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Microsoft
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Media Center Programs
[2010-04-01 18:40:03 | 000,000,000 | ---D | C] -- C:\Recovery
[2010-04-01 18:40:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010-04-01 18:34:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010-04-01 18:34:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2009-05-14 21:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009-05-14 21:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2010-04-08 11:21:54 | 001,835,008 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT
[2010-04-08 11:21:43 | 000,293,376 | ---- | M] () -- D:\Desktop\4fhow8ke.exe
[2010-04-08 11:19:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2010-04-08 11:19:34 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133007958-3132792425-3873238371-1001UA.job
[2010-04-08 11:19:34 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-04-08 11:19:17 | 000,009,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-04-08 11:19:17 | 000,009,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-04-08 11:19:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-04-07 19:53:00 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133007958-3132792425-3873238371-1001Core.job
[2010-04-07 19:34:19 | 000,684,666 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-04-07 19:34:19 | 000,585,948 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-04-07 19:34:19 | 000,096,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-04-07 19:29:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-04-07 19:29:22 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2010-04-06 22:54:59 | 002,078,689 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010-04-06 22:42:23 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010-04-03 18:50:30 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\defogger_reenable
[2010-04-03 01:21:50 | 000,001,027 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010-04-03 00:28:11 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010-04-03 00:27:30 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-02 16:14:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010-04-02 16:14:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010-04-02 16:14:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010-04-02 16:14:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010-04-02 13:51:17 | 000,002,167 | ---- | M] () -- D:\Desktop\Google Chrome.lnk
[2010-04-02 13:48:58 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-04-02 13:48:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-04-02 13:25:09 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-02 04:40:13 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2010 32-bit.lnk
[2010-04-02 04:39:50 | 000,017,588 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2010-04-02 04:32:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-04-01 20:54:14 | 000,001,061 | ---- | M] () -- D:\Desktop\Game - Unreal Development Kit.lnk
[2010-04-01 20:54:14 | 000,001,009 | ---- | M] () -- D:\Desktop\Editor - Unreal Development Kit.lnk
[2010-04-01 20:48:55 | 000,001,238 | ---- | M] () -- D:\Desktop\SpeedTree Compiler - Shortcut.lnk
[2010-04-01 20:48:55 | 000,001,229 | ---- | M] () -- D:\Desktop\SpeedTree Modeler - Shortcut.lnk
[2010-04-01 20:45:05 | 000,000,704 | ---- | M] () -- D:\Desktop\Crazybump.lnk
[2010-04-01 20:38:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010-04-01 20:26:18 | 000,001,690 | ---- | M] () -- D:\Desktop\Maya 2010.lnk
[2010-04-01 20:19:29 | 002,187,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-04-01 20:11:13 | 000,057,560 | ---- | M] () -- C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-04-01 20:07:26 | 000,000,838 | ---- | M] () -- D:\Desktop\Adobe Photoshop CS4.lnk
[2010-04-01 19:59:07 | 000,000,724 | ---- | M] () -- D:\Desktop\XnView.lnk
[2010-04-01 18:48:01 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010-04-01 18:48:01 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010-04-01 18:48:01 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010-04-01 18:43:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010-04-01 18:40:19 | 000,000,020 | -HS- | M] () -- C:\Users\Alexander\ntuser.ini
[2010-04-01 18:37:25 | 000,000,619 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010-04-01 18:35:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010-03-31 01:25:58 | 000,276,795 | ---- | M] () -- D:\Desktop\LoLghost.png
[2010-03-31 01:05:48 | 003,274,936 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmmd.dll
[2010-03-31 01:05:41 | 004,935,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\cg.dll
[2010-03-31 01:05:34 | 000,967,168 | ---- | M] () -- C:\Windows\System32\libxml2.dll
[2010-03-31 01:05:24 | 001,212,416 | ---- | M] () -- C:\Windows\System32\FCollada.dll
[2010-03-31 01:05:04 | 000,307,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\cgGL.dll
[2010-03-31 01:04:33 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010-03-31 01:04:27 | 001,101,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc80.dll
[2010-03-31 01:04:17 | 002,289,664 | ---- | M] (Interactive Data Visualization, Inc.) -- C:\Windows\System32\EyeCommon.dll
[2010-03-31 01:03:09 | 000,837,120 | ---- | M] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010-03-31 00:58:51 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010-03-31 00:58:09 | 000,127,488 | ---- | M] (Independent JPEG Group <www.ijg.org>) -- C:\Windows\System32\jpeg62.dll
[2010-03-31 00:58:09 | 000,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvtt.dll
[2010-03-31 00:57:46 | 000,888,832 | ---- | M] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2010-03-31 00:57:43 | 000,212,992 | ---- | M] () -- C:\Windows\System32\glew32.dll
[2010-03-31 00:57:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010-03-31 00:56:47 | 000,497,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libiomp5md.dll
[2010-03-31 00:56:27 | 000,161,792 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\System32\libpng12.dll
[2010-03-31 00:55:31 | 000,376,832 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\System32\libtiff3.dll
[2010-03-31 00:54:42 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vcomp.dll
[2010-03-31 00:54:42 | 000,059,904 | ---- | M] () -- C:\Windows\System32\zlib1.dll
[2010-03-31 00:54:42 | 000,024,576 | ---- | M] (Abysmal Software) -- C:\Windows\System32\ilut.dll
[2010-03-31 00:54:06 | 000,002,371 | ---- | M] () -- C:\Windows\System32\Microsoft.VC80.MFC.manifest
[2010-03-31 00:54:06 | 000,001,869 | ---- | M] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010-03-31 00:54:06 | 000,000,413 | ---- | M] () -- C:\Windows\System32\Microsoft.VC80.OpenMP.manifest
[2010-03-31 00:52:20 | 000,146,432 | ---- | M] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2010-03-31 00:51:38 | 000,069,632 | ---- | M] (Abysmal Software) -- C:\Windows\System32\ilu.dll
[2010-03-31 00:51:21 | 000,147,456 | ---- | M] () -- C:\Windows\System32\lib3ds.dll
[2010-03-30 15:34:44 | 000,000,162 | -H-- | M] () -- D:\My Documents\~$ick buy.docx
[2010-03-29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-03-29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-03-25 21:46:00 | 000,035,866 | ---- | M] () -- D:\My Documents\cc_20100325_204546.reg
[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2010-04-03 18:50:30 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\defogger_reenable
[2010-04-03 15:39:18 | 001,746,986 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2010-04-03 14:45:25 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-04-03 01:21:50 | 000,001,027 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010-04-03 00:28:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-04-03 00:27:30 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-02 15:44:41 | 000,004,064 | ---- | C] () -- C:\Users\Alexander\AppData\Local\139B3FA1-632E-412C-8F23-D8F25890F252.txt
[2010-04-02 14:08:07 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010-04-02 13:51:17 | 000,002,167 | ---- | C] () -- D:\Desktop\Google Chrome.lnk
[2010-04-02 13:41:13 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010-04-02 13:41:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-04-02 13:41:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-04-02 13:41:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-04-02 13:41:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-04-02 13:25:09 | 000,000,682 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-02 04:40:13 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2010 32-bit.lnk
[2010-04-02 04:32:39 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010-04-02 04:32:38 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010-04-02 04:31:59 | 000,004,064 | ---- | C] () -- C:\Users\Alexander\AppData\Local\F4C2B691-B759-4DD5-AC38-EE15391107EF.txt
[2010-04-01 20:57:47 | 000,001,061 | ---- | C] () -- D:\Desktop\Game - Unreal Development Kit.lnk
[2010-04-01 20:54:33 | 000,001,009 | ---- | C] () -- D:\Desktop\Editor - Unreal Development Kit.lnk
[2010-04-01 20:50:29 | 001,212,416 | ---- | C] () -- C:\Windows\System32\FCollada.dll
[2010-04-01 20:50:29 | 000,967,168 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2010-04-01 20:50:29 | 000,212,992 | ---- | C] () -- C:\Windows\System32\glew32.dll
[2010-04-01 20:50:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\lib3ds.dll
[2010-04-01 20:50:29 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010-04-01 20:50:29 | 000,002,371 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.MFC.manifest
[2010-04-01 20:50:29 | 000,001,869 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010-04-01 20:50:29 | 000,000,413 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.OpenMP.manifest
[2010-04-01 20:48:55 | 000,001,238 | ---- | C] () -- D:\Desktop\SpeedTree Compiler - Shortcut.lnk
[2010-04-01 20:48:55 | 000,001,229 | ---- | C] () -- D:\Desktop\SpeedTree Modeler - Shortcut.lnk
[2010-04-01 20:45:12 | 000,000,704 | ---- | C] () -- D:\Desktop\Crazybump.lnk
[2010-04-01 20:28:01 | 000,001,690 | ---- | C] () -- D:\Desktop\Maya 2010.lnk
[2010-04-01 20:13:12 | 000,000,838 | ---- | C] () -- D:\Desktop\Adobe Photoshop CS4.lnk
[2010-04-01 19:48:26 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133007958-3132792425-3873238371-1001UA.job
[2010-04-01 19:48:26 | 000,001,028 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133007958-3132792425-3873238371-1001Core.job
[2010-04-01 18:43:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010-04-01 18:40:19 | 001,835,008 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT
[2010-04-01 18:40:19 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010-04-01 18:40:19 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010-04-01 18:40:19 | 000,262,144 | -HS- | C] () -- C:\Users\Alexander\ntuser.dat.LOG1
[2010-04-01 18:40:19 | 000,065,536 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010-04-01 18:40:19 | 000,000,020 | -HS- | C] () -- C:\Users\Alexander\ntuser.ini
[2010-04-01 18:40:19 | 000,000,000 | -HS- | C] () -- C:\Users\Alexander\ntuser.dat.LOG2
[2010-04-01 18:35:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010-04-01 18:34:41 | 2817,384,448 | -HS- | C] () -- C:\hiberfil.sys
[2010-04-01 13:04:45 | 000,000,724 | ---- | C] () -- D:\Desktop\XnView.lnk
[2010-03-31 01:25:55 | 000,276,795 | ---- | C] () -- D:\Desktop\LoLghost.png
[2010-03-30 15:34:44 | 000,000,162 | -H-- | C] () -- D:\My Documents\~$ick buy.docx
[2010-03-25 21:45:51 | 000,035,866 | ---- | C] () -- D:\My Documents\cc_20100325_204546.reg
[2010-01-24 22:38:42 | 000,042,280 | ---- | C] () -- C:\Windows\System32\wacomwucoinst3.dll
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010-04-02 15:26:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Autodesk
[2010-04-02 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
[2010-04-07 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Dropbox
[2010-04-03 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\GrabIt
[2010-04-03 17:21:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\XnView
[2010-04-06 22:42:23 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010-04-03 08:07:23 | 000,005,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010-04-08 11:19:34 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010-04-01 20:19:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Adobe
[2010-04-02 15:26:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Autodesk
[2010-04-02 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
[2010-04-07 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Dropbox
[2010-04-03 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\GrabIt
[2010-04-01 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Identities
[2010-04-01 20:06:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Macromedia
[2010-04-02 13:25:11 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2009-07-14 09:20:18 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Media Center Programs
[2010-04-03 15:41:38 | 000,000,000 | --SD | M] -- C:\Users\Alexander\AppData\Roaming\Microsoft
[2010-04-07 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Skype
[2010-04-07 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\skypePM
[2010-04-01 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WinRAR
[2010-04-03 15:58:15 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WTablet
[2010-04-03 17:21:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\XnView

< %APPDATA%\*.exe /s >
[2010-02-26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010-04-03 01:21:11 | 000,089,831 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009-05-08 17:46:20 | 008,983,040 | ---- | M] (Unity Technologies ApS) -- C:\Users\Alexander\AppData\Roaming\Dropbox\cache\2010-04-07\Unity (deleted 4a0453cc-891200-3a4007f8341).exe
[2009-05-08 17:52:54 | 165,228,176 | ---- | M] (Unity Technologies ApS) -- C:\Users\Alexander\AppData\Roaming\Dropbox\cache\2010-04-07\UnitySetup-2.5.0 (deleted 4a045556-9d92e90-3a8007f8341).exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2010-04-07 20:31:54 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USERINIT.EXE >
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-07-14 03:16:15 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll

< End of report >


Extras.txt
QUOTE
OTL Extras logfile created on: 8-4-2010 11:21:18 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = D:\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,82 Gb Total Space | 14,23 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 276,16 Gb Free Space | 29,65% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 246,03 Gb Free Space | 26,41% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 52,59 Gb Free Space | 11,29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-133007958-3132792425-3873238371-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{310AFA6B-094D-45DA-8389-4712074B6A22}" = Maya 2010
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crazybump" = Crazybump (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"QuickPar" = QuickPar 0.9
"UDK-909d7bf4-1592-4a73-9fdc-230a3225f27a" = Unreal Development Kit: 2010-03
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-133007958-3132792425-3873238371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3-4-2010 14:06:40 | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\UDK\udk-2010-03\Binaries\Win64\UnrealLightmass.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3-4-2010 14:06:54 | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\Images\major software\adobe
photoshop cs4\adobe photoshop cs4 extended - multi - working and safe\payloads\adobeamp-mul\adobe
air\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "e:\Images\major
software\adobe photoshop cs4\adobe photoshop cs4 extended - multi - working and
safe\payloads\adobeamp-mul\adobe air\Versions\1.0\Adobe AIR.dll" on line 3. The
value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6-4-2010 16:37:28 | Computer Name = Alexander-PC | Source = Google Update | ID = 20
Description =

Error - 6-4-2010 16:42:27 | Computer Name = Alexander-PC | Source = TabletServiceWacom | ID = 1
Description =

Error - 7-4-2010 13:30:24 | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4bae4ffc Faulting module name: chrome.dll, version: 4.1.249.1045, time stamp:
0x4bae4fd0 Exception code: 0x40000015 Fault offset: 0x0001b1a1 Faulting process id:
0xd30 Faulting application start time: 0x01cad677f52f4891 Faulting application path:
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Users\Alexander\AppData\Local\Google\Chrome\Application\4.1.249.1045\chrome.dll
Report
Id: 3f2d4b80-426b-11df-8d30-001a4d5d5b2a

Error - 7-4-2010 13:53:05 | Computer Name = Alexander-PC | Source = Google Update | ID = 20
Description =

Error - 7-4-2010 14:37:22 | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 7-4-2010 14:37:27 | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\UDK\udk-2010-03\Binaries\Win64\UnrealLightmass.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7-4-2010 14:53:05 | Computer Name = Alexander-PC | Source = Google Update | ID = 20
Description =

Error - 7-4-2010 15:53:05 | Computer Name = Alexander-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 8-4-2010 5:22:10 | Computer Name = Alexander-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.


< End of report >


GMER.txt
QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-08 11:33:15
Windows 6.1.7600
Running: 4fhow8ke.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\uxlcauog.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82830AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82830104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828303F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828192D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82818898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828301DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82830958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828306F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82830F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828311A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 828905C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828B5052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 98C1AC9D 28 Bytes [1E, 9B, 13, 38, 7B, F4, 4D, ...]
.text peauth.sys 98C1ACC1 28 Bytes [1E, 9B, 13, 38, 7B, F4, 4D, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtProtectVirtualMemory 771B5360 5 Bytes JMP 0040000A
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory 771B5EE0 5 Bytes JMP 0041000A
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!KiUserExceptionDispatcher 771B6448 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[900] ole32.dll!CoCreateInstance 758757FC 5 Bytes JMP 00F9000A
.text C:\Windows\system32\svchost.exe[900] USER32.dll!GetCursorPos 7614C198 5 Bytes JMP 0104000A
.text C:\Windows\Explorer.EXE[1916] ntdll.dll!NtProtectVirtualMemory 771B5360 5 Bytes JMP 001A000A
.text C:\Windows\Explorer.EXE[1916] ntdll.dll!NtWriteVirtualMemory 771B5EE0 5 Bytes JMP 001B000A
.text C:\Windows\Explorer.EXE[1916] ntdll.dll!KiUserExceptionDispatcher 771B6448 5 Bytes JMP 0019000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\shlwapi.dll [USER32.dll!CreateWindowExA] [00417EFD] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\shlwapi.dll [USER32.dll!CreateWindowExW] [00417F77] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [00417F77] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowPos] [004180A3] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ShowWindow] [00417FF1] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW] [00417F77] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\ole32.dll [USER32.dll!ShowWindow] [00417FF1] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\WININET.dll [USER32.dll!CreateWindowExW] [00417F77] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\TEMP\Pcr.exe[600] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowPos] [004180A3] C:\Windows\TEMP\Pcr.exe
IAT C:\Windows\System32\regsvr32.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75215E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2212] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75215E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75215E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75215E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75215E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2212] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75215E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8643ECA1

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xAC 0x1A 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEB 0x84 0xE3 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x8E 0xE9 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xAC 0x1A 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEB 0x84 0xE3 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x8E 0xE9 0xC0 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 08 April 2010 - 09:08 AM

Hi,

Do you have your Windows 7 recovery disc? We are going to need a file from it. If you do not have your disc please provide me the exact Manufacturer and Model number of your computer.
  • Start
  • Computer
  • System properties


==========

Why don't you have an Antivirus software program running? Do not install one yet. I will guide you.

==========

Do this please......
  • Click on Start, then type Run in the search box and open the "Run" application.
  • Copy and Paste the green bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt

  • Then click on OK.
  • A Text File will open up, please Copy and Paste the contents in your next reply.

If that throws an error then ....

Start
Type cmd in the search box
Then copy and paste the green bolded in the Dos window and press enter.

dir /a /s C:\QooBox >log.txt&start log.txt


==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.
  • You will see this warning based on your particular OS. Please select "Yes" and proceed.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Answer to questions above
* Qoobox log
* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 April 2010 - 10:18 AM

Hey T,

To answer your questions:

+ I have a windows 7 repair disc (Repair disc Windows 7 32-bit)
+ I have no virusscanner installed for several reasons:
+ Fresh Windows 7 install
+ A combination of being naive and a lack of proper knowledge on which virusscanner to use
+ On another computer I installed Lavasoft Ad-aware, Spybot S&D & Malwarebytes Anti-Malware, is this sufficient or should I also have a specific anti-virus scanner?

Google Chrome is functional once again!

Kindly awaiting your instructions,

Alexander

Logs

Here are the Qoobox log. I had to zip the combofix log because it was to large to either paste or upload normally, I am sorry for the extra hassle
Funny trivia: I accidentilly renamed the combofix to thxbytes instead of thcbytes

Qoobox
QUOTE
Volume in drive C has no label.
Volume Serial Number is 6E4E-5D7A

Directory of C:\Qoobox

02-04-2010 13:49 <DIR> .
02-04-2010 13:49 <DIR> ..
02-04-2010 13:49 1.409 Add-Remove Programs.txt
02-04-2010 13:41 <DIR> BackEnv
02-04-2010 13:49 1.722 ComboFix-quarantined-files.txt
02-04-2010 13:41 <DIR> Quarantine
02-04-2010 13:49 92.211 SnapShot@2010-04-02_11.48.58.dat
3 File(s) 95.342 bytes

Directory of C:\Qoobox\BackEnv

02-04-2010 13:41 <DIR> .
02-04-2010 13:41 <DIR> ..
02-04-2010 13:41 127 appdata.folder.dat
02-04-2010 13:41 232 cache.folder.dat
02-04-2010 13:41 64 Cookies.folder.dat
02-04-2010 13:41 99 desktop.folder.dat
02-04-2010 13:41 121 favorites.folder.dat
02-04-2010 13:41 103 localappdata.folder.dat
02-04-2010 13:41 103 LocalSettings.folder.dat
02-04-2010 13:41 119 mypictures.folder.dat
02-04-2010 13:41 110 personal.folder.dat
02-04-2010 13:41 181 Profiles.Folder.dat
02-04-2010 13:41 209 Profiles.Folder.folder.dat
02-04-2010 13:41 352 programs.folder.dat
02-04-2010 13:41 5.274 SetPath.bat
02-04-2010 13:41 243 startmenu.folder.dat
02-04-2010 13:41 392 startup.folder.dat
02-04-2010 13:41 829 SysPath.dat
02-04-2010 13:41 239 templates.folder.dat
17 File(s) 8.797 bytes

Directory of C:\Qoobox\Quarantine

02-04-2010 13:41 <DIR> .
02-04-2010 13:41 <DIR> ..
02-04-2010 13:42 <DIR> C
02-04-2010 13:44 113 catchme.log
02-04-2010 13:49 <DIR> Registry_backups
1 File(s) 113 bytes

Directory of C:\Qoobox\Quarantine\C

02-04-2010 13:42 <DIR> .
02-04-2010 13:42 <DIR> ..
02-04-2010 13:47 <DIR> Windows
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Windows

02-04-2010 13:47 <DIR> .
02-04-2010 13:47 <DIR> ..
02-04-2010 13:48 <DIR> System32
02-04-2010 13:47 <DIR> Tasks
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Windows\System32

02-04-2010 13:48 <DIR> .
02-04-2010 13:48 <DIR> ..
14-07-2009 01:11 112.128 cdzlyey.dll.vir
02-04-2010 13:42 <DIR> drivers
1 File(s) 112.128 bytes

Directory of C:\Qoobox\Quarantine\C\Windows\System32\drivers

02-04-2010 13:42 <DIR> .
02-04-2010 13:42 <DIR> ..
14-07-2009 03:26 21.584 atapi.sys.vir
1 File(s) 21.584 bytes

Directory of C:\Qoobox\Quarantine\C\Windows\Tasks

02-04-2010 13:47 <DIR> .
02-04-2010 13:47 <DIR> ..
02-04-2010 04:30 434 At1.job.vir
1 File(s) 434 bytes

Directory of C:\Qoobox\Quarantine\Registry_backups

02-04-2010 13:49 <DIR> .
02-04-2010 13:49 <DIR> ..
02-04-2010 13:49 542 SafeBoot-dmadmin.reg.dat
02-04-2010 13:49 550 SafeBoot-dmboot.sys.reg.dat
02-04-2010 13:49 542 SafeBoot-dmio.sys.reg.dat
02-04-2010 13:49 550 SafeBoot-dmload.sys.reg.dat
02-04-2010 13:49 546 SafeBoot-dmserver.reg.dat
02-04-2010 13:49 550 SafeBoot-SRService.reg.dat
02-04-2010 13:47 1.852 Service_htecdiks.reg.dat
02-04-2010 13:49 687 ShellIconOverlayIdentifiers-{F4C2B691-B759-4DD5-AC38-EE15391107EF}.reg.dat
02-04-2010 13:47 3.774 tcpip.reg
9 File(s) 9.593 bytes

Total Files Listed:
33 File(s) 247.991 bytes
26 Dir(s) 15.107.526.656 bytes free


Attached Files



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 08 April 2010 - 02:30 PM

Well done. thumbup2.gif

Interesting. Here is the problem. You have a critical system file that is patched with malware. The problem is that all available replacement copies on your OS are similarly infected. We have a few options.

In regards to an Antivirus. Yes I will make a specific recommendation but not yet! Minimize use of that computer until I give you the "All Clear" and assist you with an antivirus application installation.

Try this 1st please.......

1. Download the file TDSSKiller.zip and extract it to your desktop.
2. Click start->type run in the search box and open the "run" application->copy-paste "%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v into the textbox and press enter.
3. report.txt should be generated into same location with TDSSKiller.exe. Post contents of that report, please.

Thanks,
~ t

Edited by thcbytes, 08 April 2010 - 02:32 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 April 2010 - 03:00 PM

Hmmmmm,

I ran the TDSSKiller from the run command with the report command attached to it. It ran fine and when it was done it asked me to reboot. So I rebooted.

This might be relevant:
Earlier in the day my computer went to sleep mode (hooray for that lol) and the system didnt like it. Afterwards it wanted to do a chkdisk. I denied him that because I was to eager to post logs lol.

So during the reboot I accidentally let it run chkdisk.

It did a whole bunch of things (harr) and entered recovery mode since it could not boot anymore. Now my computer is trying to repair, a process which cant be interrupted.

So it could either be because of:
+ TDSSKiller (which deleted one thing as far as I could see during the scan)
+ or chkdisk (sorry about that, wanted to ask first before to let it run).

Ill post as soon as anything changes after the repair.

Edited by BlackClouds, 08 April 2010 - 03:14 PM.


#12 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 April 2010 - 03:11 PM

Afterwards I put in the recovery disk, the autorepair could not find any problems. So I rebooted again to see if it would work and it did.

Symptom reapparance

Google chrome is not functioning again, so I am guessing that the malware is fully operational again.

Here is the TDSSKILLER log:

QUOTE
21:49:05:225 3940 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:49:05:225 3940 ================================================================================
21:49:05:225 3940 SystemInfo:

21:49:05:225 3940 OS Version: 6.1.7600 ServicePack: 0.0
21:49:05:225 3940 Product type: Workstation
21:49:05:225 3940 ComputerName: ALEXANDER-PC
21:49:05:225 3940 UserName: Alexander
21:49:05:225 3940 Windows directory: C:\Windows
21:49:05:225 3940 Processor architecture: Intel x86
21:49:05:225 3940 Number of processors: 2
21:49:05:225 3940 Page size: 0x1000
21:49:05:225 3940 Boot type: Normal boot
21:49:05:225 3940 ================================================================================
21:49:05:225 3940 UnloadDriverW: NtUnloadDriver error 2
21:49:05:225 3940 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:49:05:241 3940 wfopen_ex: Trying to open file C:\Windows\system32\config\system
21:49:05:241 3940 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:49:05:241 3940 wfopen_ex: Trying to KLMD file open
21:49:05:241 3940 wfopen_ex: File opened ok (Flags 2)
21:49:05:241 3940 wfopen_ex: Trying to open file C:\Windows\system32\config\software
21:49:05:241 3940 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:49:05:241 3940 wfopen_ex: Trying to KLMD file open
21:49:05:241 3940 wfopen_ex: File opened ok (Flags 2)
21:49:05:241 3940 Initialize success
21:49:05:241 3940
21:49:05:241 3940 Scanning Services ...
21:49:05:381 3940 Raw services enum returned 434 services
21:49:05:381 3940
21:49:05:381 3940 Scanning Kernel memory ...
21:49:05:381 3940 Devices to scan: 4
21:49:05:381 3940
21:49:05:381 3940 Driver Name: atapi
21:49:05:381 3940 IRP_MJ_CREATE : 835E78C4
21:49:05:381 3940 IRP_MJ_CREATE_NAMED_PIPE : 828C4537
21:49:05:381 3940 IRP_MJ_CLOSE : 835E78C4
21:49:05:381 3940 IRP_MJ_READ : 828C4537
21:49:05:381 3940 IRP_MJ_WRITE : 828C4537
21:49:05:381 3940 IRP_MJ_QUERY_INFORMATION : 828C4537
21:49:05:381 3940 IRP_MJ_SET_INFORMATION : 828C4537
21:49:05:381 3940 IRP_MJ_QUERY_EA : 828C4537
21:49:05:381 3940 IRP_MJ_SET_EA : 828C4537
21:49:05:381 3940 IRP_MJ_FLUSH_BUFFERS : 828C4537
21:49:05:381 3940 IRP_MJ_QUERY_VOLUME_INFORMATION : 828C4537
21:49:05:381 3940 IRP_MJ_SET_VOLUME_INFORMATION : 828C4537
21:49:05:381 3940 IRP_MJ_DIRECTORY_CONTROL : 828C4537
21:49:05:381 3940 IRP_MJ_FILE_SYSTEM_CONTROL : 828C4537
21:49:05:381 3940 IRP_MJ_DEVICE_CONTROL : 8641C90A
21:49:05:381 3940 IRP_MJ_INTERNAL_DEVICE_CONTROL : 835D344E
21:49:05:381 3940 IRP_MJ_SHUTDOWN : 828C4537
21:49:05:381 3940 IRP_MJ_LOCK_CONTROL : 828C4537
21:49:05:381 3940 IRP_MJ_CLEANUP : 828C4537
21:49:05:381 3940 IRP_MJ_CREATE_MAILSLOT : 828C4537
21:49:05:381 3940 IRP_MJ_QUERY_SECURITY : 828C4537
21:49:05:381 3940 IRP_MJ_SET_SECURITY : 828C4537
21:49:05:381 3940 IRP_MJ_POWER : 835D34AA
21:49:05:381 3940 IRP_MJ_SYSTEM_CONTROL : 835E2DB2
21:49:05:381 3940 IRP_MJ_DEVICE_CHANGE : 828C4537
21:49:05:381 3940 IRP_MJ_QUERY_QUOTA : 828C4537
21:49:05:381 3940 IRP_MJ_SET_QUOTA : 828C4537
21:49:05:397 3940 C:\Windows\system32\DRIVERS\atapi.sys - Verdict: 2
21:49:05:397 3940 File "C:\Windows\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 21:49:05:397 3940 Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
21:49:05:444 3940 vfvi6
21:49:05:459 3940 dsvbh1
21:49:05:506 3940 fdfb1
21:49:05:506 3940 Backup copy found, using it..
21:49:05:506 3940 will be cured on next reboot
21:49:05:506 3940
21:49:05:506 3940 Driver Name: atapi
21:49:05:506 3940 IRP_MJ_CREATE : 835E78C4
21:49:05:506 3940 IRP_MJ_CREATE_NAMED_PIPE : 828C4537
21:49:05:506 3940 IRP_MJ_CLOSE : 835E78C4
21:49:05:506 3940 IRP_MJ_READ : 828C4537
21:49:05:506 3940 IRP_MJ_WRITE : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_SET_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_EA : 828C4537
21:49:05:506 3940 IRP_MJ_SET_EA : 828C4537
21:49:05:506 3940 IRP_MJ_FLUSH_BUFFERS : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_VOLUME_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_SET_VOLUME_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_DIRECTORY_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_FILE_SYSTEM_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_DEVICE_CONTROL : 8641C90A
21:49:05:506 3940 IRP_MJ_INTERNAL_DEVICE_CONTROL : 835D344E
21:49:05:506 3940 IRP_MJ_SHUTDOWN : 828C4537
21:49:05:506 3940 IRP_MJ_LOCK_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_CLEANUP : 828C4537
21:49:05:506 3940 IRP_MJ_CREATE_MAILSLOT : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_SECURITY : 828C4537
21:49:05:506 3940 IRP_MJ_SET_SECURITY : 828C4537
21:49:05:506 3940 IRP_MJ_POWER : 835D34AA
21:49:05:506 3940 IRP_MJ_SYSTEM_CONTROL : 835E2DB2
21:49:05:506 3940 IRP_MJ_DEVICE_CHANGE : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_QUOTA : 828C4537
21:49:05:506 3940 IRP_MJ_SET_QUOTA : 828C4537
21:49:05:506 3940 C:\Windows\system32\DRIVERS\atapi.sys - Verdict: 3
21:49:05:506 3940
21:49:05:506 3940 Driver Name: atapi
21:49:05:506 3940 IRP_MJ_CREATE : 835E78C4
21:49:05:506 3940 IRP_MJ_CREATE_NAMED_PIPE : 828C4537
21:49:05:506 3940 IRP_MJ_CLOSE : 835E78C4
21:49:05:506 3940 IRP_MJ_READ : 828C4537
21:49:05:506 3940 IRP_MJ_WRITE : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_SET_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_EA : 828C4537
21:49:05:506 3940 IRP_MJ_SET_EA : 828C4537
21:49:05:506 3940 IRP_MJ_FLUSH_BUFFERS : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_VOLUME_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_SET_VOLUME_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_DIRECTORY_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_FILE_SYSTEM_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_DEVICE_CONTROL : 8641C90A
21:49:05:506 3940 IRP_MJ_INTERNAL_DEVICE_CONTROL : 835D344E
21:49:05:506 3940 IRP_MJ_SHUTDOWN : 828C4537
21:49:05:506 3940 IRP_MJ_LOCK_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_CLEANUP : 828C4537
21:49:05:506 3940 IRP_MJ_CREATE_MAILSLOT : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_SECURITY : 828C4537
21:49:05:506 3940 IRP_MJ_SET_SECURITY : 828C4537
21:49:05:506 3940 IRP_MJ_POWER : 835D34AA
21:49:05:506 3940 IRP_MJ_SYSTEM_CONTROL : 835E2DB2
21:49:05:506 3940 IRP_MJ_DEVICE_CHANGE : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_QUOTA : 828C4537
21:49:05:506 3940 IRP_MJ_SET_QUOTA : 828C4537
21:49:05:506 3940 C:\Windows\system32\DRIVERS\atapi.sys - Verdict: 3
21:49:05:506 3940
21:49:05:506 3940 Driver Name: atapi
21:49:05:506 3940 IRP_MJ_CREATE : 835E78C4
21:49:05:506 3940 IRP_MJ_CREATE_NAMED_PIPE : 828C4537
21:49:05:506 3940 IRP_MJ_CLOSE : 835E78C4
21:49:05:506 3940 IRP_MJ_READ : 828C4537
21:49:05:506 3940 IRP_MJ_WRITE : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_SET_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_EA : 828C4537
21:49:05:506 3940 IRP_MJ_SET_EA : 828C4537
21:49:05:506 3940 IRP_MJ_FLUSH_BUFFERS : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_VOLUME_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_SET_VOLUME_INFORMATION : 828C4537
21:49:05:506 3940 IRP_MJ_DIRECTORY_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_FILE_SYSTEM_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_DEVICE_CONTROL : 8641C90A
21:49:05:506 3940 IRP_MJ_INTERNAL_DEVICE_CONTROL : 835D344E
21:49:05:506 3940 IRP_MJ_SHUTDOWN : 828C4537
21:49:05:506 3940 IRP_MJ_LOCK_CONTROL : 828C4537
21:49:05:506 3940 IRP_MJ_CLEANUP : 828C4537
21:49:05:506 3940 IRP_MJ_CREATE_MAILSLOT : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_SECURITY : 828C4537
21:49:05:506 3940 IRP_MJ_SET_SECURITY : 828C4537
21:49:05:506 3940 IRP_MJ_POWER : 835D34AA
21:49:05:506 3940 IRP_MJ_SYSTEM_CONTROL : 835E2DB2
21:49:05:506 3940 IRP_MJ_DEVICE_CHANGE : 828C4537
21:49:05:506 3940 IRP_MJ_QUERY_QUOTA : 828C4537
21:49:05:506 3940 IRP_MJ_SET_QUOTA : 828C4537
21:49:05:506 3940 C:\Windows\system32\DRIVERS\atapi.sys - Verdict: 3
21:49:05:506 3940 Reboot required for cure complete..
21:49:05:522 3940 Cure on reboot scheduled successfully
21:49:05:522 3940
21:49:05:522 3940 Completed
21:49:05:522 3940
21:49:05:522 3940 Results:
21:49:05:522 3940 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:49:05:522 3940 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:49:05:522 3940 File objects infected / cured / cured on reboot: 1 / 0 / 1
21:49:05:522 3940
21:49:05:522 3940 fclose_ex: Trying to close file C:\Windows\system32\config\system
21:49:05:522 3940 fclose_ex: Trying to close file C:\Windows\system32\config\software
21:49:05:522 3940 UnloadDriverW: NtUnloadDriver error 1
21:49:05:522 3940 KLMD(ARK) unloaded successfully


#13 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 April 2010 - 03:17 PM

I know I am no expert, but apparently tdsskiller reinstated one of the infected versions of atapi.sys. GMER shows in the auto run that atapi.sys has a suspicious modification still.

Awaiting your instructions,

Alexander

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 08 April 2010 - 05:46 PM

Alright....

Do only as I have instructed. If you do not understand or encounter troubles....STOP and tell me about it!

Please download the zipped attachment and save it to your desktop.

Extract the file to your desktop!!!!!!!!

Next...
  • Start
  • Computer
  • C:\

Now....

Drag and drop the file you just downloaded from your desktop to C:\
You will need to grant Admin permission to allow this <----- Critically important!!

After you have saved it there confirm again that it located there!

==========

Next...

Start
Type notepad in the search box
Open Notepad.
Copy contents in the code box into Notepad:

CODE
cd /d c:\
ren C:\WINDOWS\system32\drivers\atapi.sys atapi.sys.vir
copy /y C:\atapi.sys C:\WINDOWS\system32\drivers\atapi.sys >c:\log.txt&log.txt


Go to File - Save as...
Fill in the next values:
Location: Desktop
File name: fix.bat
File type: All files (*.*).
Now, click Save.

==========

Now.....

Do this...

*** Please print these instructions ***
  1. Download Hiren's BootCD Iso to the desktop of a clean computer.
  2. Extract the zipped HirensBootCD.zip to your desktop.
  3. Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso.
  4. Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.
  5. Insert a blank CD in your drive.
  6. Press Start. This will burn the image to disc. After it has completed...
  7. Restart your sick computer and boot from the HBCD you created.
    • If your PC is not booting from the CD, you need to change the boot order:
      • Restart your PC
      • As soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
      • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
      • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
      • The tab should now show your current boot order.
      • If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
      • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  8. When the CD boots choose "Start MiniWindowsXP". Allow Windows to load. You will see a typical Windows Desktop.
    • Create an ethernet (wired) Internet Connection
    • Double click the Network Support icon on the HBCD desktop
    • A computer screen will appear in the lower right corner system tray
    • Double click HBCD Menu on your HDCD desktop
    • Choose Menu
    • Then Browsers
    • Then Opera
    • You should now be connected to the internet. You can open up our topic and follow the instructions. If you are unable to make the connection then you can manually enter the bolded command described below.
  9. Double click the Windows Explorer desktop icon.
  10. Carefully find the fix.bat file you created and double click it
  11. You will get a "1 file copied" prompt.
  12. Reboot into Normal Windows

==========

Re-run Gmer and post a new log

==========

We need to run an OTL Custom Scan
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  3. Push
  4. A report will open. Copy and Paste that report in your next reply.

==========

With your next post please provide:

* Gmer log
* OTL.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 BlackClouds

BlackClouds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 April 2010 - 07:37 PM

Hey T,

It copied the file when I ran it from the bootCD (kind of a hassle to get it working, had to download 2 versions to get it right (10.2)).

Google Chrome is working again :D

GMER log:

QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-09 02:37:03
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\uxlcauog.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C152D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C14898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 828455C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8286A052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9B81DC9D 28 Bytes [0F, A2, 6D, C4, C8, 85, AF, ...]
.text peauth.sys 9B81DCC1 28 Bytes [0F, A2, 6D, C4, C8, 85, AF, ...]
PAGE peauth.sys 9B823E20 101 Bytes [E4, 70, DA, 42, 24, AF, 77, ...]
PAGE peauth.sys 9B82402C 102 Bytes JMP 3D1CF0D5
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A3036000 249 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 508A A30360FA 40 Bytes [A3, 53, 8B, D0, 8B, D9, F0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A3036123 7 Bytes [15, 03, A3, FE, 05, 34, 15] {ADC EAX, 0x5fea303; XOR AL, 0x15}
PAGE spsys.sys!?SPRevision@@3PADA + 50BB A303612B 621 Bytes [A3, EB, 18, 83, C9, FF, F0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A3036399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!CreateWindowExW 75CD0E51 5 Bytes JMP 6CBA80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxIndirectParamW 75CF4AA7 5 Bytes JMP 6CCCF218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxParamW 75CF564A 5 Bytes JMP 6CAC4B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxParamA 75D0CF6A 5 Bytes JMP 6CCCF1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxIndirectParamA 75D0D29C 5 Bytes JMP 6CCCF27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxIndirectA 75D1E8C9 5 Bytes JMP 6CCCF14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxIndirectW 75D1E9C3 5 Bytes JMP 6CCCF0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxExA 75D1EA29 5 Bytes JMP 6CCCF07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxExW 75D1EA4D 5 Bytes JMP 6CCCF01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!UnhookWindowsHookEx 75CCCC7B 5 Bytes JMP 6CBB82FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CallNextHookEx 75CCCC8F 5 Bytes JMP 6CB99D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateWindowExW 75CD0E51 5 Bytes JMP 6CBA80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SetWindowsHookExW 75CD210A 5 Bytes JMP 6CB545DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxIndirectParamW 75CF4AA7 5 Bytes JMP 6CCCF218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxParamW 75CF564A 5 Bytes JMP 6CAC4B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxParamA 75D0CF6A 5 Bytes JMP 6CCCF1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxIndirectParamA 75D0D29C 5 Bytes JMP 6CCCF27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxIndirectA 75D1E8C9 5 Bytes JMP 6CCCF14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxIndirectW 75D1E9C3 5 Bytes JMP 6CCCF0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxExA 75D1EA29 5 Bytes JMP 6CCCF07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxExW 75D1EA4D 5 Bytes JMP 6CCCF01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] ole32.dll!OleLoadFromStream 77125B88 5 Bytes JMP 6CCCF576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] ole32.dll!CoCreateInstance 771757FC 5 Bytes JMP 6CBA8BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\regsvr32.exe[2268] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\regsvr32.exe[2268] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xAC 0x1A 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEB 0x84 0xE3 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x8E 0xE9 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xAC 0x1A 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEB 0x84 0xE3 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x8E 0xE9 0xC0 ...

---- EOF - GMER 1.0.15 ----


OTL.txt

QUOTE
OTL logfile created on: 9-4-2010 2:30:38 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = D:\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,82 Gb Total Space | 13,74 Gb Free Space | 46,07% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 275,55 Gb Free Space | 29,58% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 246,03 Gb Free Space | 26,41% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 52,59 Gb Free Space | 11,29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-09 00:57:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2010-04-01 19:48:25 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Alexander\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010-03-08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 03:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009-07-14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 03:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
PRC - [2009-03-12 17:36:24 | 000,086,016 | ---- | M] () -- D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe


========== Modules (SafeList) ==========

MOD - [2010-04-09 00:57:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
MOD - [2009-07-14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009-07-14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-04-01 20:26:18 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009-07-14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-03-12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)


========== Driver Services (SafeList) ==========

DRV - [2010-04-01 20:38:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010-01-24 22:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009-09-21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009-08-13 22:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009-07-14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009-07-14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009-07-14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-14 00:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-06-10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2007-02-16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 08 3B E9 54 D2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-04-02 13:48:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [PortableDeviceValuesClass] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-07-14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - FSFilter System Recovery
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1AB27823-6E84-2BCE-5C59-B18D10EB3C52} - Themes Setup
ActiveX: {2AB26987-48F2-A77E-D601-49295084D27E} - Offline Browsing Pack
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3E742459-627B-DDEB-4E50-62861CB2D064} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F753C6DF-493D-46F4-3666-8C836A8CC243} - Internet Explorer
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010-04-09 00:57:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2010-04-09 00:55:24 | 000,024,128 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010-04-09 00:54:55 | 000,024,128 | ---- | C] (Microsoft Corporation) -- D:\Desktop\atapi.sys
[2010-04-08 21:47:14 | 000,178,000 | ---- | C] (Kaspersky Lab) -- D:\Desktop\TDSSKiller.exe
[2010-04-08 16:49:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010-04-03 18:20:10 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\licensecb
[2010-04-03 18:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\licensecb
[2010-04-03 18:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CrazyBump
[2010-04-03 17:08:27 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\GrabIt
[2010-04-03 15:58:15 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\WTablet
[2010-04-03 15:39:18 | 007,773,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2010-04-03 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010-04-03 15:39:10 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010-04-03 15:39:09 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010-04-03 15:38:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010-04-03 15:38:58 | 005,010,288 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2010-04-03 15:38:58 | 000,415,600 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2010-04-03 15:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010-04-03 01:21:02 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Dropbox
[2010-04-03 00:28:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\skypePM
[2010-04-03 00:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-04-02 23:31:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010-04-02 18:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-04-02 16:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-04-02 16:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-04-02 16:14:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010-04-02 16:14:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010-04-02 16:14:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010-04-02 16:14:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010-04-02 16:04:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010-04-02 15:42:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-04-02 15:41:16 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Skype
[2010-04-02 15:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-04-02 14:46:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\PortableDeviceValues
[2010-04-02 13:49:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-04-02 13:47:56 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\temp
[2010-04-02 13:41:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-04-02 13:41:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-04-02 13:41:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-04-02 13:41:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-04-02 13:39:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-04-02 13:39:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-04-02 13:39:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-04-02 13:25:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2010-04-02 13:25:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-04-02 13:25:06 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-04-02 13:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-04-02 04:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Photoshop
[2010-04-02 04:48:02 | 000,000,000 | ---D | C] -- D:\My Documents\3dsMax
[2010-04-02 04:40:53 | 000,000,000 | ---D | C] -- D:\My Documents\3ds Max 2010 Tutorials
[2010-04-02 04:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010-04-02 04:39:38 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010-04-02 04:39:38 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010-04-02 04:39:37 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010-04-02 04:32:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010-04-02 04:32:38 | 000,000,000 | ---D | C] -- C:\Boot
[2010-04-01 20:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2010-04-01 20:50:29 | 004,935,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cg.dll
[2010-04-01 20:50:29 | 003,274,936 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmmd.dll
[2010-04-01 20:50:29 | 002,289,664 | ---- | C] (Interactive Data Visualization, Inc.) -- C:\Windows\System32\EyeCommon.dll
[2010-04-01 20:50:29 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc80.dll
[2010-04-01 20:50:29 | 000,888,832 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2010-04-01 20:50:29 | 000,837,120 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010-04-01 20:50:29 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010-04-01 20:50:29 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010-04-01 20:50:29 | 000,497,848 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libiomp5md.dll
[2010-04-01 20:50:29 | 000,376,832 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\System32\libtiff3.dll
[2010-04-01 20:50:29 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010-04-01 20:50:29 | 000,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cgGL.dll
[2010-04-01 20:50:29 | 000,294,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010-04-01 20:50:29 | 000,161,792 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\System32\libpng12.dll
[2010-04-01 20:50:29 | 000,146,432 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2010-04-01 20:50:29 | 000,127,488 | ---- | C] (Independent JPEG Group <www.ijg.org>) -- C:\Windows\System32\jpeg62.dll
[2010-04-01 20:50:29 | 000,118,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvtt.dll
[2010-04-01 20:50:29 | 000,069,632 | ---- | C] (Abysmal Software) -- C:\Windows\System32\ilu.dll
[2010-04-01 20:50:29 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcomp.dll
[2010-04-01 20:50:29 | 000,024,576 | ---- | C] (Abysmal Software) -- C:\Windows\System32\ilut.dll
[2010-04-01 20:44:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\CrazyBump
[2010-04-01 20:38:05 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010-04-01 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
[2010-04-01 20:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010-04-01 20:34:46 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\QuickPar
[2010-04-01 20:33:10 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Autodesk
[2010-04-01 20:33:09 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Autodesk
[2010-04-01 20:32:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Adlm
[2010-04-01 20:31:00 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010-04-01 20:31:00 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010-04-01 20:31:00 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010-04-01 20:31:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010-04-01 20:31:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010-04-01 20:31:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010-04-01 20:31:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010-04-01 20:30:59 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010-04-01 20:30:59 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010-04-01 20:30:59 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010-04-01 20:30:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010-04-01 20:30:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010-04-01 20:30:59 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010-04-01 20:30:59 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010-04-01 20:30:59 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010-04-01 20:30:59 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010-04-01 20:30:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010-04-01 20:30:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010-04-01 20:30:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010-04-01 20:30:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010-04-01 20:30:59 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010-04-01 20:30:59 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010-04-01 20:30:59 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010-04-01 20:30:59 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010-04-01 20:30:59 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010-04-01 20:30:59 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010-04-01 20:30:59 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010-04-01 20:30:59 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010-04-01 20:30:58 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010-04-01 20:30:58 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010-04-01 20:30:58 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010-04-01 20:30:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010-04-01 20:30:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010-04-01 20:30:58 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010-04-01 20:30:58 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010-04-01 20:30:57 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010-04-01 20:30:57 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010-04-01 20:30:57 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010-04-01 20:30:57 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010-04-01 20:30:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010-04-01 20:30:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010-04-01 20:30:55 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010-04-01 20:30:55 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010-04-01 20:30:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010-04-01 20:30:54 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010-04-01 20:30:54 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010-04-01 20:30:54 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010-04-01 20:30:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010-04-01 20:30:54 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010-04-01 20:30:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010-04-01 20:30:53 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010-04-01 20:30:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010-04-01 20:30:53 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010-04-01 20:30:53 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010-04-01 20:30:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010-04-01 20:30:52 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010-04-01 20:30:52 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010-04-01 20:30:52 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010-04-01 20:30:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010-04-01 20:30:52 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010-04-01 20:30:52 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010-04-01 20:30:52 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010-04-01 20:30:52 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010-04-01 20:30:52 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010-04-01 20:30:52 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010-04-01 20:30:52 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010-04-01 20:30:52 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010-04-01 20:30:52 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010-04-01 20:30:52 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010-04-01 20:30:52 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010-04-01 20:30:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010-04-01 20:30:51 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010-04-01 20:30:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010-04-01 20:30:51 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010-04-01 20:30:51 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010-04-01 20:30:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010-04-01 20:30:51 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010-04-01 20:30:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010-04-01 20:30:50 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010-04-01 20:30:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010-04-01 20:29:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010-04-01 20:27:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\WinRAR
[2010-04-01 20:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ja-JP
[2010-04-01 20:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\en-US
[2010-04-01 20:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010-04-01 20:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010-04-01 20:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010-04-01 20:13:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Downloaded Installations
[2010-04-01 20:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010-04-01 20:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010-04-01 20:06:10 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Macromedia
[2010-04-01 20:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010-04-01 20:04:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Adobe
[2010-04-01 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-04-01 20:03:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Adobe
[2010-04-01 20:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010-04-01 20:02:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010-04-01 20:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010-04-01 20:01:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010-04-01 20:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-04-01 19:58:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\XnView
[2010-04-01 19:48:26 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Google
[2010-04-01 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Deployment
[2010-04-01 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Apps
[2010-04-01 18:54:10 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010-04-01 18:42:41 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010-04-01 18:42:17 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010-04-01 18:42:17 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-04-01 18:42:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010-04-01 18:42:16 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010-04-01 18:42:16 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010-04-01 18:42:16 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010-04-01 18:42:15 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010-04-01 18:42:15 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010-04-01 18:42:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010-04-01 18:42:15 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010-04-01 18:42:09 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010-04-01 18:42:09 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010-04-01 18:42:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010-04-01 18:42:08 | 003,955,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010-04-01 18:42:08 | 003,899,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010-04-01 18:42:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010-04-01 18:41:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010-04-01 18:40:30 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Searches
[2010-04-01 18:40:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Identities
[2010-04-01 18:40:23 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Contacts
[2010-04-01 18:40:19 | 000,000,000 | --SD | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft
[2010-04-01 18:40:19 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Links
[2010-04-01 18:40:19 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Favorites
[2010-04-01 18:40:19 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Desktop
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\Temporary Internet Files
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Templates
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Start Menu
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\SendTo
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Recent
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\PrintHood
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\NetHood
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\My Documents
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Local Settings
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\History
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Cookies
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Application Data
[2010-04-01 18:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\Application Data
[2010-04-01 18:40:19 | 000,000,000 | -H-D | C] -- C:\Users\Alexander\AppData
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\VirtualStore
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Videos
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Pictures
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Music
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Microsoft
[2010-04-01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Media Center Programs
[2010-04-01 18:40:03 | 000,000,000 | ---D | C] -- C:\Recovery
[2010-04-01 18:40:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010-04-01 18:34:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010-04-01 18:34:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2009-05-14 21:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009-05-14 21:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2010-04-09 02:29:00 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-04-09 02:28:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-04-09 02:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-04-09 02:28:53 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2010-04-09 00:57:50 | 000,009,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-04-09 00:57:50 | 000,009,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-04-09 00:57:49 | 001,835,008 | -HS- | M] () -- C:\Users\Alexander\ntuser.dat
[2010-04-09 00:57:46 | 002,232,930 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010-04-09 00:57:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2010-04-09 00:55:58 | 000,000,146 | ---- | M] () -- D:\Desktop\fix.bat
[2010-04-09 00:55:58 | 000,000,146 | ---- | M] () -- C:\fix.bat
[2010-04-08 22:18:11 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\ntuser.dat{18960d50-434a-11df-8b2b-001a4d5d5b2a}.TMContainer00000000000000000002.regtrans-ms
[2010-04-08 22:18:11 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\ntuser.dat{18960d50-434a-11df-8b2b-001a4d5d5b2a}.TMContainer00000000000000000001.regtrans-ms
[2010-04-08 22:18:11 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander\ntuser.dat{18960d50-434a-11df-8b2b-001a4d5d5b2a}.TM.blf
[2010-04-08 22:10:06 | 000,684,666 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-04-08 22:10:06 | 000,585,948 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-04-08 22:10:06 | 000,096,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-04-08 21:51:02 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat
[2010-04-08 16:42:39 | 003,909,898 | R--- | M] () -- D:\Desktop\thxbytes.exe
[2010-04-08 16:35:52 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010-04-08 16:33:36 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133007958-3132792425-3873238371-1001UA.job
[2010-04-07 20:31:54 | 000,021,584 | ---- | M] () -- C:\Windows\System32\drivers\atapi.sys.vir
[2010-04-07 19:53:00 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133007958-3132792425-3873238371-1001Core.job
[2010-04-03 18:50:30 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\defogger_reenable
[2010-04-03 00:28:11 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010-04-03 00:27:30 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-02 16:14:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010-04-02 16:14:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010-04-02 16:14:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010-04-02 16:14:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010-04-02 13:51:17 | 000,002,167 | ---- | M] () -- D:\Desktop\Google Chrome.lnk
[2010-04-02 13:48:58 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-04-02 13:48:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-04-02 13:25:09 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-02 04:40:13 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2010 32-bit.lnk
[2010-04-02 04:39:50 | 000,017,588 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2010-04-02 04:32:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-04-01 20:54:14 | 000,001,061 | ---- | M] () -- D:\Desktop\Game - Unreal Development Kit.lnk
[2010-04-01 20:54:14 | 000,001,009 | ---- | M] () -- D:\Desktop\Editor - Unreal Development Kit.lnk
[2010-04-01 20:48:55 | 000,001,238 | ---- | M] () -- D:\Desktop\SpeedTree Compiler - Shortcut.lnk
[2010-04-01 20:48:55 | 000,001,229 | ---- | M] () -- D:\Desktop\SpeedTree Modeler - Shortcut.lnk
[2010-04-01 20:45:05 | 000,000,704 | ---- | M] () -- D:\Desktop\Crazybump.lnk
[2010-04-01 20:38:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010-04-01 20:26:18 | 000,001,690 | ---- | M] () -- D:\Desktop\Maya 2010.lnk
[2010-04-01 20:19:29 | 002,187,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-04-01 20:11:13 | 000,057,560 | ---- | M] () -- C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-04-01 20:07:26 | 000,000,838 | ---- | M] () -- D:\Desktop\Adobe Photoshop CS4.lnk
[2010-04-01 19:59:07 | 000,000,724 | ---- | M] () -- D:\Desktop\XnView.lnk
[2010-04-01 18:48:01 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010-04-01 18:48:01 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010-04-01 18:48:01 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010-04-01 18:43:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010-04-01 18:40:19 | 000,000,020 | -HS- | M] () -- C:\Users\Alexander\ntuser.ini
[2010-04-01 18:37:25 | 000,000,619 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010-04-01 18:35:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010-03-31 01:25:58 | 000,276,795 | ---- | M] () -- D:\Desktop\LoLghost.png
[2010-03-31 01:05:48 | 003,274,936 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmmd.dll
[2010-03-31 01:05:41 | 004,935,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\cg.dll
[2010-03-31 01:05:34 | 000,967,168 | ---- | M] () -- C:\Windows\System32\libxml2.dll
[2010-03-31 01:05:24 | 001,212,416 | ---- | M] () -- C:\Windows\System32\FCollada.dll
[2010-03-31 01:05:04 | 000,307,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\cgGL.dll
[2010-03-31 01:04:33 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010-03-31 01:04:27 | 001,101,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc80.dll
[2010-03-31 01:04:17 | 002,289,664 | ---- | M] (Interactive Data Visualization, Inc.) -- C:\Windows\System32\EyeCommon.dll
[2010-03-31 01:03:09 | 000,837,120 | ---- | M] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010-03-31 00:58:51 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010-03-31 00:58:09 | 000,127,488 | ---- | M] (Independent JPEG Group <www.ijg.org>) -- C:\Windows\System32\jpeg62.dll
[2010-03-31 00:58:09 | 000,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvtt.dll
[2010-03-31 00:57:46 | 000,888,832 | ---- | M] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2010-03-31 00:57:43 | 000,212,992 | ---- | M] () -- C:\Windows\System32\glew32.dll
[2010-03-31 00:57:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010-03-31 00:56:47 | 000,497,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libiomp5md.dll
[2010-03-31 00:56:27 | 000,161,792 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\System32\libpng12.dll
[2010-03-31 00:55:31 | 000,376,832 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\System32\libtiff3.dll
[2010-03-31 00:54:42 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vcomp.dll
[2010-03-31 00:54:42 | 000,059,904 | ---- | M] () -- C:\Windows\System32\zlib1.dll
[2010-03-31 00:54:42 | 000,024,576 | ---- | M] (Abysmal Software) -- C:\Windows\System32\ilut.dll
[2010-03-31 00:54:06 | 000,002,371 | ---- | M] () -- C:\Windows\System32\Microsoft.VC80.MFC.manifest
[2010-03-31 00:54:06 | 000,001,869 | ---- | M] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010-03-31 00:54:06 | 000,000,413 | ---- | M] () -- C:\Windows\System32\Microsoft.VC80.OpenMP.manifest
[2010-03-31 00:52:20 | 000,146,432 | ---- | M] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2010-03-31 00:51:38 | 000,069,632 | ---- | M] (Abysmal Software) -- C:\Windows\System32\ilu.dll
[2010-03-31 00:51:21 | 000,147,456 | ---- | M] () -- C:\Windows\System32\lib3ds.dll
[2010-03-30 15:34:44 | 000,000,162 | -H-- | M] () -- D:\My Documents\~$ick buy.docx
[2010-03-29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-03-29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-03-25 21:46:00 | 000,035,866 | ---- | M] () -- D:\My Documents\cc_20100325_204546.reg
[2010-03-22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- D:\Desktop\TDSSKiller.exe
[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2010-04-09 00:56:23 | 000,000,146 | ---- | C] () -- C:\fix.bat
[2010-04-09 00:55:58 | 000,000,146 | ---- | C] () -- D:\Desktop\fix.bat
[2010-04-08 22:05:51 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander\ntuser.dat{18960d50-434a-11df-8b2b-001a4d5d5b2a}.TMContainer00000000000000000002.regtrans-ms
[2010-04-08 22:05:51 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander\ntuser.dat{18960d50-434a-11df-8b2b-001a4d5d5b2a}.TMContainer00000000000000000001.regtrans-ms
[2010-04-08 22:05:51 | 000,065,536 | -HS- | C] () -- C:\Users\Alexander\ntuser.dat{18960d50-434a-11df-8b2b-001a4d5d5b2a}.TM.blf
[2010-04-08 21:51:02 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat
[2010-04-08 16:42:33 | 003,909,898 | R--- | C] () -- D:\Desktop\thxbytes.exe
[2010-04-08 16:41:38 | 000,004,104 | ---- | C] () -- C:\Users\Alexander\log.txt
[2010-04-03 18:50:30 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\defogger_reenable
[2010-04-03 15:39:18 | 001,746,986 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2010-04-03 14:45:25 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-04-03 00:28:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-04-03 00:27:30 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-02 15:44:41 | 000,004,064 | ---- | C] () -- C:\Users\Alexander\AppData\Local\139B3FA1-632E-412C-8F23-D8F25890F252.txt
[2010-04-02 14:08:07 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010-04-02 13:51:17 | 000,002,167 | ---- | C] () -- D:\Desktop\Google Chrome.lnk
[2010-04-02 13:41:13 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010-04-02 13:41:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-04-02 13:41:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-04-02 13:41:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-04-02 13:41:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-04-02 13:25:09 | 000,000,682 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-02 04:40:13 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2010 32-bit.lnk
[2010-04-02 04:32:39 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010-04-02 04:32:38 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010-04-02 04:31:59 | 000,004,064 | ---- | C] () -- C:\Users\Alexander\AppData\Local\F4C2B691-B759-4DD5-AC38-EE15391107EF.txt
[2010-04-01 20:57:47 | 000,001,061 | ---- | C] () -- D:\Desktop\Game - Unreal Development Kit.lnk
[2010-04-01 20:54:33 | 000,001,009 | ---- | C] () -- D:\Desktop\Editor - Unreal Development Kit.lnk
[2010-04-01 20:50:29 | 001,212,416 | ---- | C] () -- C:\Windows\System32\FCollada.dll
[2010-04-01 20:50:29 | 000,967,168 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2010-04-01 20:50:29 | 000,212,992 | ---- | C] () -- C:\Windows\System32\glew32.dll
[2010-04-01 20:50:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\lib3ds.dll
[2010-04-01 20:50:29 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010-04-01 20:50:29 | 000,002,371 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.MFC.manifest
[2010-04-01 20:50:29 | 000,001,869 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010-04-01 20:50:29 | 000,000,413 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.OpenMP.manifest
[2010-04-01 20:48:55 | 000,001,238 | ---- | C] () -- D:\Desktop\SpeedTree Compiler - Shortcut.lnk
[2010-04-01 20:48:55 | 000,001,229 | ---- | C] () -- D:\Desktop\SpeedTree Modeler - Shortcut.lnk
[2010-04-01 20:45:12 | 000,000,704 | ---- | C] () -- D:\Desktop\Crazybump.lnk
[2010-04-01 20:28:01 | 000,001,690 | ---- | C] () -- D:\Desktop\Maya 2010.lnk
[2010-04-01 20:13:12 | 000,000,838 | ---- | C] () -- D:\Desktop\Adobe Photoshop CS4.lnk
[2010-04-01 19:48:26 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133007958-3132792425-3873238371-1001UA.job
[2010-04-01 19:48:26 | 000,001,028 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133007958-3132792425-3873238371-1001Core.job
[2010-04-01 18:43:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010-04-01 18:40:19 | 001,835,008 | -HS- | C] () -- C:\Users\Alexander\ntuser.dat
[2010-04-01 18:40:19 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010-04-01 18:40:19 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010-04-01 18:40:19 | 000,262,144 | -HS- | C] () -- C:\Users\Alexander\ntuser.dat.LOG1
[2010-04-01 18:40:19 | 000,065,536 | -HS- | C] () -- C:\Users\Alexander\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010-04-01 18:40:19 | 000,000,020 | -HS- | C] () -- C:\Users\Alexander\ntuser.ini
[2010-04-01 18:40:19 | 000,000,000 | -HS- | C] () -- C:\Users\Alexander\ntuser.dat.LOG2
[2010-04-01 18:35:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010-04-01 18:34:41 | 2817,384,448 | -HS- | C] () -- C:\hiberfil.sys
[2010-04-01 13:04:45 | 000,000,724 | ---- | C] () -- D:\Desktop\XnView.lnk
[2010-03-31 01:25:55 | 000,276,795 | ---- | C] () -- D:\Desktop\LoLghost.png
[2010-03-30 15:34:44 | 000,000,162 | -H-- | C] () -- D:\My Documents\~$ick buy.docx
[2010-03-25 21:45:51 | 000,035,866 | ---- | C] () -- D:\My Documents\cc_20100325_204546.reg
[2010-01-24 22:38:42 | 000,042,280 | ---- | C] () -- C:\Windows\System32\wacomwucoinst3.dll
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-14 01:11:15 | 000,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys.vir

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010-04-01 20:19:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Adobe
[2010-04-02 15:26:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Autodesk
[2010-04-02 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
[2010-04-08 22:09:55 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Dropbox
[2010-04-03 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\GrabIt
[2010-04-01 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Identities
[2010-04-01 20:06:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Macromedia
[2010-04-02 13:25:11 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2009-07-14 09:20:18 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Media Center Programs
[2010-04-03 15:41:38 | 000,000,000 | --SD | M] -- C:\Users\Alexander\AppData\Roaming\Microsoft
[2010-04-09 02:30:13 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Skype
[2010-04-09 00:03:16 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\skypePM
[2010-04-01 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WinRAR
[2010-04-03 15:58:15 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WTablet
[2010-04-03 17:21:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\XnView

< %APPDATA%\*.exe /s >
[2010-02-26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010-04-03 01:21:11 | 000,089,831 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009-05-08 17:46:20 | 008,983,040 | ---- | M] (Unity Technologies ApS) -- C:\Users\Alexander\AppData\Roaming\Dropbox\cache\2010-04-07\Unity (deleted 4a0453cc-891200-3a4007f8341).exe
[2009-05-08 17:52:54 | 165,228,176 | ---- | M] (Unity Technologies ApS) -- C:\Users\Alexander\AppData\Roaming\Dropbox\cache\2010-04-07\UnitySetup-2.5.0 (deleted 4a045556-9d92e90-3a8007f8341).exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-13 20:52:20 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USERINIT.EXE >
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users