Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W7-64 Rootkit-ed?


  • This topic is locked This topic is locked
18 replies to this topic

#1 Teletype

Teletype

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 12 June 2010 - 12:03 AM

Anti-MalWare catches regularly new attempts to re-infect the PC with Winlogon which I originally found due to both kernels at 95-100% usage for no reason. Found that the Winlogon process had >7000 threads and consumed 700MB of memory. Got AMW which erased the infection and after buying it uses it to nab new attempts to reinfect the PC and to block access to malicious ip-addresses (always the same it seems...).

The problem remaining is that AMW, Symantec Endpoint, Ad-Aware, Spybot Search and Destroy, and lots of other tools find the PC to be "clean", still I get these attempts to hit me with Winlogon or making accesses to ip-addresses that AMW catches when the PC is left idle, even after having run a series of scans as the last thing done before leaving the PC alone, yet I find AMW reporting these attacks when I return to it... So I found on the AMW forums that a rootkit might be the culprit and that Combofix should be the tool to root it out. As I now have cloned the whole setup I felt it OK to run it on my own to see what I can find. Sadly it stops short telling me that it will not run under my W7-64. Same goes for Gmer which does not find system32\config\system as my config does not have this catalog there so it grays out all the top items on the checklist. I have the attach.txt and the dds.txt(zipped) though, which I have enclosed this post.

-Or tried to attach perhaps, as it gets stuck on uploading file for the attach.txt. I will try to send this first and include the file here below in this post.

I am grateful for any advice on how to proceed when running a Windows 7-64 and trying to look for and remove rootkits.
Teletype

Attach.txt follows here:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-05-09 13:24:36
System Uptime: 2010-06-11 18:11:33 (12 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770-DS3
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+ | Socket M2 | 2700/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 58 GiB total, 29,975 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 21,046 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 23,968 GiB free.
F: is FIXED (NTFS) - 49 GiB total, 16,094 GiB free.
G: is FIXED (NTFS) - 48 GiB total, 38,593 GiB free.
H: is FIXED (NTFS) - 48 GiB total, 23,83 GiB free.
I: is FIXED (NTFS) - 0 GiB total, 0,096 GiB free.
J: is FIXED (NTFS) - 116 GiB total, 112,59 GiB free.
K: is FIXED (NTFS) - 117 GiB total, 28,072 GiB free.
L: is FIXED (NTFS) - 117 GiB total, 85,183 GiB free.
M: is FIXED (NTFS) - 392 GiB total, 358,924 GiB free.
N: is CDROM ()
O: is CDROM ()
P: is Removable
Z: is FIXED (FAT32) - 10 GiB total, 6,791 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: SCSI Controller
Device ID: PCI\VEN_9004&DEV_8178&SUBSYS_00000000&REV_00\4&35E69562&0&38A4
Manufacturer:
Name: SCSI Controller
PNP Device ID: PCI\VEN_9004&DEV_8178&SUBSYS_00000000&REV_00\4&35E69562&0&38A4
Service:

Class GUID:
Description: LogicPort Logic Analyzer
Device ID: USB\VID_0403&PID_DC48\79241909
Manufacturer:
Name: LogicPort Logic Analyzer
PNP Device ID: USB\VID_0403&PID_DC48\79241909
Service:

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MP Memory Card
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_CANON&PROD_MP_MEMORY_CARD&REV_0100#7&25145F88&0&000000003ECD&0#
Manufacturer: Canon
Name: O:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_CANON&PROD_MP_MEMORY_CARD&REV_0100#7&25145F88&0&000000003ECD&0#
Service: WUDFRd

==== System Restore Points ===================

RP25: 2010-06-11 16:04:55 - Scheduled Checkpoint

==== Installed Programs ======================

50 FREE MP3s +1 Free Audiobook!
Acrobat.com
Acronis True Image Home
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
ANIWZCS2 Service
BankID Security Application 4.10.4
BitTorrent
D-Link Wireless N DWA-140
Diagnostic Utility
File Splitter and Joiner (FFSJ v3.3)
HD Tune Pro 4.50
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (3.0.4)
Nero 9 Essentials
neroxml
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Skype Toolbars
Skype™ 4.2
SpeedFan (remove only)
Spybot - Search & Destroy
Squeezebox Server 7.5.0
Unknown Device Identifier 7.00
Winamp
Winamp Detector Plug-in
Winamp Remote
Winamp Toolbar
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wuppy 1.0

==== Event Viewer Messages From Past Week ========

2010-06-12 05:28:23, Error: Service Control Manager [7023] - The sppuinotify service terminated with the following error: Access is denied.
2010-06-11 18:13:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
2010-06-11 18:12:49, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
2010-06-11 18:12:49, Error: Service Control Manager [7000] - The ANIWConn Service service failed to start due to the following error: The system cannot find the file specified.
2010-06-11 18:11:39, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
2010-06-11 18:11:39, Error: SRTSP [4] - Error loading virus definitions.
2010-06-06 20:32:23, Error: Service Control Manager [7016] - The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
2010-06-06 14:27:26, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Attached Files

  • Attached File  DDS.zip   6.55KB   9 downloads


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 AM

Posted 17 June 2010 - 07:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#3 Teletype

Teletype
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 19 June 2010 - 03:47 PM

Hello, and thank you for your interest in my dilemma.

I have my "old" desktop mainly running XP-Pro, which now has been upgraded to Quintuple boot into Windows 7-64 Ultimate, which I intend to use as my new main OS of choice after migrating all apps from XP. I will need to run XP-Mode for some apps but have problems with disappearing USB drivers which I still have to sort out. I have also just bought an Acer 7551G Laptop also running Windows 7-64 Ultimate, and these machines will be kept in sync for all purposes (including sent and received emails accounts, bookmarks, certificates and so on) But both machines have been hit with what I believe must be some sort of rootkit as I have only visited "nice" websites like Mozilla for getting Firefox and Thunderbird and other homes of the software I need to reinstall and/or upgrade. I got hit with Winlogon on both boxes , but Anti MalWare which I bought seems to keep it in check, but it regularly while either being used or left unattended finds attempts to access a number of IP-addresses which it blocks. It is the same story for both computers when running Windows 7, while the desktop box still seems to be uninfected on its XP-partitions when booted into those. I have also bought a program called Registrybooster by Uniblue, which have been run since my initial call for help, so I enclose the log files from that program on each box. I have run OTL and Sophos as instructed and these logs are also in the zip archives from the two boxes.

I see no clues yet, and would be very grateful for any further assistance in relieving the boxes from these "calls to home", which I find unnerving to say the least. I notice that often when I open a new Firefox window a call to one of these more and more familiar addresses will be blocked by AMW, but definitely not every time I open a window , once in 5-10 perhaps... I have tried to remove Firefox completely on one of the boxes and d/l the setup on another box with Symantec Endpoint and Anti MalWare installed on both boxes, transfer of the setup using an USB-stick, "virgin install" and still the blocked IP addresses keep popping up...

So all ideas are welcome!
Attached files Desktop.zip and Laptop.zip

Glenn

Attached Files


Edited by Teletype, 19 June 2010 - 03:51 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 AM

Posted 19 June 2010 - 07:14 PM

First thing to let you know is that there are no rootkits on 64 bit machines. Rootkits cannot exist on this system due to the security system in place that requires drivers to be signed to run and a protection which stops the kernel being patched by these pests.


Next, RegistryBooster is a registry cleaner.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

I would like to see any MBAM log which shows what you are explaining. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 Teletype

Teletype
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 21 June 2010 - 06:40 PM

I send you a copy of the latest saved log I have here. A number of times today have I been sitting near the computer, doing other things, and seeing the balloon tip about one of these blockages appear without my intervention.

Teletype

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 AM

Posted 28 June 2010 - 03:28 PM

Do you have the MBAM logs?
Posted Image
m0le is a proud member of UNITE

#7 Teletype

Teletype
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 30 June 2010 - 12:08 PM

Here are the logs currently on the two systems from MBAM. I have sadly not kept the old logs where I rooted out the winlogon infection. It seems like it does not keep the logs for so many days, as I have no current record of the attempts to reinfect the boxes with winlogon which have been reported in the "ballonhelp" messages in the bottom left corner of the screen. It is only streams of IP-blocks in the current logs.

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 AM

Posted 30 June 2010 - 04:11 PM

The IP address which keeps appearing is strange. We will run OTLnow which is a deeper scanner to check for malware attacks.

We need to disconnect the laptop and we can deal with the PC. It will get very confusing trying to deal with two at a time.

Please run OTL again and post (no attachments please) a new log.

Edited by m0le, 30 June 2010 - 04:13 PM.

Posted Image
m0le is a proud member of UNITE

#9 Teletype

Teletype
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 30 June 2010 - 08:49 PM

Hello again, I had to rerun OTL a few times before I found that the reason for extras.txt failing to appear was caused by the Extra Registry radio-button being set to none. Finally I changed it to use safelist and got the extras.txt too. Here they are:

OTL logfile created on: 2010-07-01 03:38:55 - Run 5
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\GB.GB-PC\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 73,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 391,78 Gb Total Space | 358,68 Gb Free Space | 91,55% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 21,04 Gb Free Space | 53,85% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 23,97 Gb Free Space | 61,36% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 16,37 Gb Free Space | 33,52% Space Free | Partition Type: NTFS
Drive G: | 48,34 Gb Total Space | 38,59 Gb Free Space | 79,84% Space Free | Partition Type: NTFS
Drive H: | 47,83 Gb Total Space | 23,97 Gb Free Space | 50,10% Space Free | Partition Type: NTFS
Drive I: | 117,63 Mb Total Space | 98,19 Mb Free Space | 83,47% Space Free | Partition Type: NTFS
Drive J: | 116,21 Gb Total Space | 112,59 Gb Free Space | 96,89% Space Free | Partition Type: NTFS
Drive K: | 117,19 Gb Total Space | 28,07 Gb Free Space | 23,95% Space Free | Partition Type: NTFS
Drive L: | 117,19 Gb Total Space | 85,18 Gb Free Space | 72,69% Space Free | Partition Type: NTFS
Drive M: | 58,41 Gb Total Space | 24,75 Gb Free Space | 42,38% Space Free | Partition Type: NTFS
Drive Z: | 9,76 Gb Total Space | 6,79 Gb Free Space | 69,60% Space Free | Partition Type: FAT32

Computer Name: GB-PC
Current User Name: GB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\GB.GB-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Users\GB.GB-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\GB.GB-PC\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (VSS) -- C:\Windows\Vss [2009-07-14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009-07-14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\4DE1.tmp (Sophos Plc)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)
DRV - (CSC) -- C:\Windows\CSC [2010-06-12 17:44:32 | 000,000,000 | ---D | M]
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100630.004\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100630.004\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-06-23 17:33:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-06-23 17:33:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010-06-18 02:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010-06-12 23:51:18 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Extensions
[2010-06-12 23:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-06-12 20:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010-07-01 00:21:02 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions
[2010-06-12 20:51:54 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010-06-12 20:51:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-06-12 20:51:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-06-12 20:51:54 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-06-12 20:51:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010-06-12 20:51:52 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010-06-12 20:51:54 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions\elemhidehelper@adblockplus.org
[2010-06-12 20:51:51 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\mozilla\Firefox\Profiles\ihmkmkwy.default\extensions\foxmarks@kei.com
[2010-07-01 00:21:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010-06-23 17:33:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010-06-13 12:35:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-23 17:33:04 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2010-06-23 17:33:04 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2010-06-13 12:35:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-06-23 17:33:05 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2010-04-04 01:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2010-04-01 19:42:59 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2010-04-01 19:42:59 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2010-04-01 19:42:59 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2010-04-01 19:42:59 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2010-04-01 19:42:59 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2010-04-01 19:42:59 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2010-04-01 19:42:59 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [7 Taskbar Tweaker] C:\7_Taskbar_Tweaker_x64\7 Taskbar Tweaker x64.exe ()
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Users\GB.GB-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\GB.GB-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-01-04 18:45:55 | 000,000,000 | ---D | M] - E:\AutoGK -- [ NTFS ]
O32 - AutoRun File - [2005-09-28 12:49:52 | 000,000,000 | -H-- | M] () - Z:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-06-30 17:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010-06-30 17:50:42 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\PC Suite
[2010-06-30 17:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010-06-30 17:45:34 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010-06-30 17:45:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010-06-30 17:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010-06-30 17:45:00 | 000,069,120 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll
[2010-06-30 17:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2010-06-30 17:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2010-06-30 17:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010-06-28 20:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010-06-26 16:39:32 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\MetaGeek,_LLC
[2010-06-26 16:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek
[2010-06-26 16:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DNSBench
[2010-06-25 10:45:12 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\Documents\Nero
[2010-06-25 10:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010-06-25 10:36:14 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Nero
[2010-06-25 10:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010-06-25 10:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010-06-25 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010-06-25 09:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010-06-25 09:53:19 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010-06-25 09:52:58 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010-06-25 09:52:37 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010-06-25 09:52:16 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010-06-25 09:51:55 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010-06-25 09:51:33 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010-06-23 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010-06-23 17:20:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010-06-23 17:20:04 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010-06-23 17:20:04 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010-06-23 17:20:04 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010-06-23 17:20:04 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010-06-23 17:20:04 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010-06-23 17:20:04 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010-06-23 17:20:04 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010-06-23 17:18:36 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010-06-23 17:18:36 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010-06-23 17:18:35 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010-06-23 17:18:34 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010-06-23 17:18:34 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010-06-23 17:18:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010-06-23 17:18:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010-06-23 17:18:31 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010-06-22 17:08:54 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Microsoft Games
[2010-06-21 13:23:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010-06-21 10:37:24 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Documents\My Dropbox
[2010-06-21 10:33:54 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Dropbox
[2010-06-20 12:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unknown Device Identifier
[2010-06-20 04:14:45 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\ElevatedDiagnostics
[2010-06-18 20:06:43 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\GB.GB-PC\Desktop\OTL.exe
[2010-06-18 09:52:49 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2010-06-18 02:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010-06-18 02:50:12 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Uniblue
[2010-06-18 02:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010-06-15 19:02:25 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Diagnostics
[2010-06-14 09:58:02 | 000,000,000 | ---D | C] -- C:\7_Taskbar_Tweaker_x64
[2010-06-13 19:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TextPad 4
[2010-06-13 19:09:59 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\TextPad
[2010-06-13 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-06-13 18:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogicPort
[2010-06-13 18:08:16 | 000,000,000 | ---D | C] -- C:\Windows\System\drivers
[2010-06-13 16:56:45 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\gnupg
[2010-06-13 16:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSudokuDeluxe
[2010-06-13 13:24:38 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Taskbar Shuffle
[2010-06-13 13:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010-06-13 13:00:19 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\Desktop\OpenOffice.org 3.2 (sv) Installation Files
[2010-06-13 12:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-06-13 12:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010-06-13 12:35:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-06-13 12:35:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-06-13 12:35:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-06-13 12:35:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-06-13 12:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010-06-13 03:43:04 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010-06-13 03:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RW-Everything
[2010-06-13 01:05:39 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\NeoSmart_Technologies
[2010-06-13 01:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2010-06-13 01:01:14 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Macromedia
[2010-06-13 01:01:14 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Adobe
[2010-06-13 00:47:48 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010-06-13 00:47:48 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010-06-13 00:47:47 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010-06-13 00:47:47 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010-06-13 00:47:45 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010-06-13 00:47:44 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010-06-13 00:47:44 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010-06-13 00:47:44 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010-06-13 00:47:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010-06-13 00:47:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010-06-13 00:47:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010-06-13 00:47:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010-06-13 00:47:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010-06-13 00:47:40 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010-06-13 00:47:40 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010-06-13 00:47:36 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010-06-13 00:47:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010-06-13 00:47:34 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010-06-13 00:47:34 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010-06-13 00:47:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010-06-13 00:47:33 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010-06-13 00:47:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010-06-13 00:47:33 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010-06-13 00:47:32 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010-06-13 00:47:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010-06-13 00:47:32 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010-06-13 00:47:32 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010-06-13 00:47:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010-06-13 00:47:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010-06-13 00:47:31 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010-06-13 00:47:31 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010-06-13 00:47:31 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010-06-13 00:47:31 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010-06-13 00:47:30 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010-06-13 00:47:28 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010-06-13 00:47:28 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010-06-13 00:47:25 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010-06-13 00:47:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010-06-13 00:47:21 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010-06-13 00:47:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010-06-13 00:47:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010-06-13 00:47:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010-06-13 00:47:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010-06-13 00:47:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010-06-13 00:47:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010-06-13 00:47:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010-06-13 00:47:11 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010-06-13 00:47:11 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010-06-13 00:39:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2010-06-13 00:39:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\sv-SE
[2010-06-13 00:39:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sv
[2010-06-13 00:39:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2010-06-13 00:39:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sv
[2010-06-13 00:39:15 | 000,000,000 | ---D | C] -- C:\Windows\sv-SE
[2010-06-13 00:24:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\sv-SE\bfe.dll.mui
[2010-06-13 00:24:23 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\sv-SE\tcpip.sys.mui
[2010-06-13 00:24:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\sv-SE\scfilter.sys.mui
[2010-06-13 00:24:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\sv-SE\qwavedrv.sys.mui
[2010-06-13 00:23:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\sv-SE\pacer.sys.mui
[2010-06-13 00:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\sv-SE\ndiscap.sys.mui
[2010-06-13 00:23:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\volsnap.sys.mui
[2010-06-13 00:23:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\usbport.sys.mui
[2010-06-13 00:23:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\usbhub.sys.mui
[2010-06-13 00:23:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vhdmp.sys.mui
[2010-06-13 00:23:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\portcls.sys.mui
[2010-06-13 00:23:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\wd.sys.mui
[2010-06-13 00:23:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\tpm.sys.mui
[2010-06-13 00:23:37 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\sv-SE\pscr.sys.mui
[2010-06-13 00:23:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\umbus.sys.mui
[2010-06-13 00:23:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\serscan.sys.mui
[2010-06-13 00:23:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\pcmcia.sys.mui
[2010-06-13 00:23:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\mpio.sys.mui
[2010-06-13 00:23:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\serial.sys.mui
[2010-06-13 00:23:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\i8042prt.sys.mui
[2010-06-13 00:23:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\msdsm.sys.mui
[2010-06-13 00:23:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\sermouse.sys.mui
[2010-06-13 00:23:30 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\mouclass.sys.mui
[2010-06-13 00:23:30 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\parport.sys.mui
[2010-06-13 00:23:30 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\rndismpx.sys.mui
[2010-06-13 00:23:30 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\rndismp6.sys.mui
[2010-06-13 00:23:30 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\mouhid.sys.mui
[2010-06-13 00:23:30 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\ataport.sys.mui
[2010-06-13 00:23:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\MTConfig.sys.mui
[2010-06-13 00:23:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vwifibus.sys.mui
[2010-06-13 00:23:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\amdide.sys.mui
[2010-06-13 00:23:27 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\afd.sys.mui
[2010-06-13 00:23:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\bfe.dll.mui
[2010-06-13 00:23:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\wdf01000.sys.mui
[2010-06-13 00:23:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\ws2ifsl.sys.mui
[2010-06-13 00:23:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\usbrpm.sys.mui
[2010-06-13 00:23:22 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\tcpip.sys.mui
[2010-06-13 00:23:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\tunnel.sys.mui
[2010-06-13 00:23:22 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\modem.sys.mui
[2010-06-13 00:23:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\fvevol.sys.mui
[2010-06-13 00:23:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\scfilter.sys.mui
[2010-06-13 00:23:11 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\rdbss.sys.mui
[2010-06-13 00:23:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\pacer.sys.mui
[2010-06-13 00:23:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\qwavedrv.sys.mui
[2010-06-13 00:23:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\partmgr.sys.mui
[2010-06-13 00:23:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\ntfs.sys.mui
[2010-06-13 00:23:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\nwifi.sys.mui
[2010-06-13 00:23:03 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\ndis.sys.mui
[2010-06-13 00:23:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\ndisuio.sys.mui
[2010-06-13 00:22:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\ndiscap.sys.mui
[2010-06-13 00:22:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\mountmgr.sys.mui
[2010-06-13 00:22:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\luafv.sys.mui
[2010-06-13 00:22:47 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\http.sys.mui
[2010-06-13 00:22:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\fltmgr.sys.mui
[2010-06-13 00:22:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\volmgrx.sys.mui
[2010-06-13 00:22:29 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrSerIb.sys.mui
[2010-06-13 00:22:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\pci.sys.mui
[2010-06-13 00:22:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\IPMIDrv.sys.mui
[2010-06-13 00:22:29 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\kbdclass.sys.mui
[2010-06-13 00:22:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\isapnp.sys.mui
[2010-06-13 00:22:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vdrvroot.sys.mui
[2010-06-13 00:22:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\mssmbios.sys.mui
[2010-06-13 00:22:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\ULIAGPKX.SYS.mui
[2010-06-13 00:22:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\pnpmem.sys.mui
[2010-06-13 00:22:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\NV_AGP.SYS.mui
[2010-06-13 00:22:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\kbdhid.sys.mui
[2010-06-13 00:22:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\AGP440.sys.mui
[2010-06-13 00:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\processr.sys.mui
[2010-06-13 00:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\intelppm.sys.mui
[2010-06-13 00:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\amdppm.sys.mui
[2010-06-13 00:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\amdk8.sys.mui
[2010-06-13 00:22:28 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\bthpan.sys.mui
[2010-06-13 00:22:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\wacompen.sys.mui
[2010-06-13 00:22:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\hdaudbus.sys.mui
[2010-06-13 00:22:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\HdAudio.sys.mui
[2010-06-13 00:22:28 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\hidbth.sys.mui
[2010-06-13 00:22:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\Dot4usb.sys.mui
[2010-06-13 00:22:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\BTHUSB.SYS.mui
[2010-06-13 00:22:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\disk.sys.mui
[2010-06-13 00:22:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\cdrom.sys.mui
[2010-06-13 00:22:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\ohci1394.sys.mui
[2010-06-13 00:22:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\1394ohci.sys.mui
[2010-06-13 00:22:27 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrSerId.sys.mui
[2010-06-13 00:22:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\battc.sys.mui
[2010-06-13 00:22:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\acpi.sys.mui
[2010-06-13 00:22:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\bthport.sys.mui
[2010-06-13 00:22:27 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\sv-SE\atikmdag.sys.mui
[2010-06-13 00:22:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\UAGP35.SYS.mui
[2010-06-13 00:22:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\GAGP30KX.SYS.mui
[2010-06-13 00:22:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrParwdm.sys.mui
[2010-06-13 00:22:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\bthenum.sys.mui
[2010-06-13 00:20:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010-06-13 00:17:42 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010-06-13 00:17:41 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010-06-13 00:17:40 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010-06-13 00:17:40 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010-06-13 00:17:36 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010-06-13 00:17:36 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010-06-13 00:17:33 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010-06-13 00:17:32 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010-06-13 00:17:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010-06-13 00:17:30 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010-06-13 00:17:30 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010-06-13 00:13:56 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010-06-13 00:13:55 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010-06-13 00:13:55 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010-06-13 00:13:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010-06-13 00:13:51 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010-06-13 00:13:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010-06-13 00:13:51 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010-06-13 00:13:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010-06-13 00:13:50 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010-06-13 00:13:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010-06-13 00:12:57 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010-06-13 00:12:57 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010-06-13 00:12:57 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010-06-13 00:12:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010-06-13 00:12:56 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010-06-13 00:12:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010-06-12 23:51:16 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Thunderbird
[2010-06-12 23:51:16 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Thunderbird
[2010-06-12 23:49:43 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Clipboarder
[2010-06-12 21:12:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010-06-12 21:12:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010-06-12 21:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010-06-12 21:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010-06-12 21:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010-06-12 21:10:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe 9 Reader Installer
[2010-06-12 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Adobe
[2010-06-12 21:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010-06-12 20:58:57 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Sidebar7
[2010-06-12 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Mozilla
[2010-06-12 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Mozilla
[2010-06-12 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\skypePM
[2010-06-12 20:38:51 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Skype
[2010-06-12 20:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010-06-12 20:38:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010-06-12 20:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-06-12 20:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010-06-12 20:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010-06-12 20:21:08 | 000,219,184 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[2010-06-12 20:19:43 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010-06-12 20:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010-06-12 20:19:20 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.DLL
[2010-06-12 20:19:20 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR71.DLL
[2010-06-12 20:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010-06-12 20:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010-06-12 20:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010-06-12 20:15:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010-06-12 19:57:01 | 000,000,000 | ---D | C] -- C:\Nerocd
[2010-06-12 19:56:47 | 000,000,000 | ---D | C] -- C:\WATremover
[2010-06-12 19:53:20 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Malwarebytes
[2010-06-12 19:53:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-06-12 19:53:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-06-12 19:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-06-12 19:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-06-12 19:41:43 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Symantec
[2010-06-12 19:40:05 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.DLL
[2010-06-12 19:40:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2010-06-12 19:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010-06-12 19:35:14 | 000,000,000 | ---D | C] -- C:\sep
[2010-06-12 19:11:35 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\WinRAR
[2010-06-12 19:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010-06-12 18:55:38 | 000,050,688 | ---- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys
[2010-06-12 18:55:37 | 000,027,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys
[2010-06-12 18:55:37 | 000,024,064 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys
[2010-06-12 18:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010-06-12 18:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010-06-12 18:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010-06-12 18:52:59 | 004,503,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010-06-12 18:52:59 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe
[2010-06-12 18:52:59 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010-06-12 18:52:59 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010-06-12 18:52:59 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010-06-12 18:52:57 | 021,005,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010-06-12 18:52:57 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010-06-12 18:52:57 | 002,907,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010-06-12 18:52:56 | 011,906,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010-06-12 18:52:56 | 009,386,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010-06-12 18:52:56 | 003,215,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010-06-12 18:52:56 | 002,106,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010-06-12 18:52:56 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010-06-12 18:52:56 | 000,384,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010-06-12 18:52:56 | 000,316,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010-06-12 18:52:55 | 005,444,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010-06-12 18:52:55 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010-06-12 18:52:55 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010-06-12 18:52:55 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010-06-12 18:52:54 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010-06-12 18:52:53 | 016,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010-06-12 18:52:53 | 001,592,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010-06-12 18:52:53 | 001,296,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010-06-12 18:52:53 | 000,254,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1914.dll
[2010-06-12 18:52:53 | 000,254,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010-06-12 18:52:50 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010-06-12 18:51:18 | 000,346,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010-06-12 18:51:18 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010-06-12 18:50:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010-06-12 18:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010-06-12 18:50:20 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010-06-12 18:50:20 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010-06-12 18:50:20 | 001,929,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010-06-12 18:50:20 | 001,660,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010-06-12 18:50:20 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010-06-12 18:50:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010-06-12 18:50:20 | 000,477,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010-06-12 18:50:20 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010-06-12 18:50:20 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010-06-12 18:50:20 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010-06-12 18:50:20 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010-06-12 18:50:20 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010-06-12 18:50:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010-06-12 18:50:20 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010-06-12 18:50:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010-06-12 18:50:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010-06-12 18:50:20 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010-06-12 18:50:20 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010-06-12 18:50:20 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010-06-12 18:50:20 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010-06-12 18:50:19 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010-06-12 18:50:19 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010-06-12 18:50:19 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010-06-12 18:50:19 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010-06-12 18:50:19 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010-06-12 18:50:19 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010-06-12 18:50:19 | 000,338,848 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010-06-12 18:50:19 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010-06-12 18:50:19 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010-06-12 18:50:19 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010-06-12 18:50:19 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010-06-12 18:50:19 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010-06-12 18:50:19 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010-06-12 18:50:19 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010-06-12 18:50:19 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010-06-12 18:50:18 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010-06-12 18:50:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010-06-12 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010-06-12 18:50:15 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010-06-12 18:50:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010-06-12 18:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010-06-12 18:49:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010-06-12 18:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010-06-12 18:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010-06-12 18:12:57 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Searches
[2010-06-12 18:12:48 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Identities
[2010-06-12 18:12:46 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Contacts
[2010-06-12 18:12:44 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\VirtualStore
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\AppData\Local\Temporary Internet Files
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Templates
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Start Menu
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\SendTo
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Recent
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\PrintHood
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\NetHood
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Documents\My Videos
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Documents\My Pictures
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Documents\My Music
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\My Documents
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Local Settings
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\AppData\Local\History
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Cookies
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\Application Data
[2010-06-12 18:12:31 | 000,000,000 | -HSD | C] -- C:\Users\GB.GB-PC\AppData\Local\Application Data
[2010-06-12 18:12:30 | 000,000,000 | --SD | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Microsoft
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Videos
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Saved Games
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Pictures
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Music
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Links
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Favorites
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Downloads
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Documents
[2010-06-12 18:12:30 | 000,000,000 | R--D | C] -- C:\Users\GB.GB-PC\Desktop
[2010-06-12 18:12:30 | 000,000,000 | -H-D | C] -- C:\Users\GB.GB-PC\AppData
[2010-06-12 18:12:30 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Temp
[2010-06-12 18:12:30 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Local\Microsoft
[2010-06-12 18:12:30 | 000,000,000 | ---D | C] -- C:\Users\GB.GB-PC\AppData\Roaming\Media Center Programs
[2010-06-12 18:06:56 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010-06-12 17:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010-06-12 17:44:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010-06-12 17:29:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-07-01 03:36:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-07-01 03:36:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-07-01 03:31:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-07-01 03:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-07-01 03:30:41 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010-07-01 03:27:33 | 001,835,008 | -HS- | M] () -- C:\Users\GB.GB-PC\NTUSER.DAT
[2010-07-01 03:27:29 | 003,873,727 | -H-- | M] () -- C:\Users\GB.GB-PC\AppData\Local\IconCache.db
[2010-06-30 19:01:17 | 001,466,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-06-30 19:01:17 | 000,625,500 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2010-06-30 19:01:17 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-06-30 19:01:17 | 000,123,668 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2010-06-30 19:01:17 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-06-30 18:57:20 | 000,001,964 | ---- | M] () -- C:\Users\GB.GB-PC\Desktop\MbamLogsLaptop.zip
[2010-06-30 18:55:04 | 000,007,129 | ---- | M] () -- C:\Users\GB.GB-PC\Desktop\ProtectionLogsLaptop.zip
[2010-06-30 18:50:39 | 000,002,418 | ---- | M] () -- C:\Users\GB.GB-PC\Desktop\MbamLogsDesktop.zip
[2010-06-30 18:48:58 | 000,004,209 | ---- | M] () -- C:\Users\GB.GB-PC\Desktop\ProtectionLogsDesktop.zip
[2010-06-30 17:50:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010-06-30 17:44:31 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010-06-30 17:42:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010-06-25 10:05:58 | 000,002,951 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010-06-25 10:05:09 | 000,002,883 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010-06-25 10:04:09 | 000,002,933 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010-06-25 10:02:47 | 000,003,089 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010-06-25 10:02:16 | 000,002,929 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010-06-25 09:54:00 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2010-06-21 10:37:24 | 000,001,019 | ---- | M] () -- C:\Users\GB.GB-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010-06-20 12:39:16 | 000,000,079 | ---- | M] () -- C:\Users\GB.GB-PC\Desktop\Huntersoft Free Download.url
[2010-06-20 04:12:43 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-06-19 22:02:10 | 000,043,900 | ---- | M] () -- C:\Users\GB.GB-PC\Desktop\Laptop.zip
[2010-06-19 21:41:21 | 000,046,985 | ---- | M] () -- C:\Users\GB.GB-PC\Desktop\Desktop_files.zip
[2010-06-18 21:52:55 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-06-18 20:06:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\GB.GB-PC\Desktop\OTL.exe
[2010-06-17 15:03:03 | 000,004,709 | ---- | M] () -- C:\Users\GB.GB-PC\Documents\RolandsNyaCert.p12
[2010-06-15 12:35:49 | 000,003,478 | ---- | M] () -- C:\Users\GB.GB-PC\Documents\Dovadoretur.rtf
[2010-06-14 09:50:37 | 000,289,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-06-13 18:08:19 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\LogicPort.lnk
[2010-06-13 17:32:16 | 000,062,952 | ---- | M] () -- C:\Users\GB.GB-PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-06-13 12:35:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-06-13 12:35:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-06-13 12:35:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-06-13 12:35:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-06-13 11:39:57 | 000,686,836 | ---- | M] () -- C:\Users\GB.GB-PC\Documents\AMac_Address_Change_v5.4.zip
[2010-06-13 03:06:18 | 000,000,933 | ---- | M] () -- C:\Users\GB.GB-PC\Desktop\RW-Everything.lnk
[2010-06-13 00:27:27 | 000,294,764 | ---- | M] () -- C:\Windows\SysNative\perfi01D.dat
[2010-06-13 00:27:27 | 000,037,052 | ---- | M] () -- C:\Windows\SysNative\perfd01D.dat
[2010-06-12 20:38:31 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-06-12 20:37:00 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010-06-12 20:35:55 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-06-12 20:19:51 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010-06-12 20:19:51 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010-06-12 20:19:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010-06-12 18:57:08 | 000,524,288 | -HS- | M] () -- C:\Users\GB.GB-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010-06-12 18:57:08 | 000,524,288 | -HS- | M] () -- C:\Users\GB.GB-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010-06-12 18:57:08 | 000,065,536 | -HS- | M] () -- C:\Users\GB.GB-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010-06-12 18:12:31 | 000,000,020 | -HS- | M] () -- C:\Users\GB.GB-PC\ntuser.ini
[2010-06-12 17:48:31 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010-06-12 17:48:31 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010-06-12 17:45:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010-06-02 21:21:20 | 000,219,184 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-06-30 18:59:44 | 000,007,129 | ---- | C] () -- C:\Users\GB.GB-PC\Desktop\ProtectionLogsLaptop.zip
[2010-06-30 18:59:30 | 000,001,964 | ---- | C] () -- C:\Users\GB.GB-PC\Desktop\MbamLogsLaptop.zip
[2010-06-30 18:50:39 | 000,002,418 | ---- | C] () -- C:\Users\GB.GB-PC\Desktop\MbamLogsDesktop.zip
[2010-06-30 18:48:58 | 000,004,209 | ---- | C] () -- C:\Users\GB.GB-PC\Desktop\ProtectionLogsDesktop.zip
[2010-06-30 17:50:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010-06-30 17:44:31 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010-06-30 17:42:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010-06-25 10:05:58 | 000,002,951 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010-06-25 10:05:09 | 000,002,883 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010-06-25 10:04:09 | 000,002,933 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010-06-25 10:02:47 | 000,003,089 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010-06-25 10:02:16 | 000,002,929 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010-06-25 09:54:00 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2010-06-21 10:37:24 | 000,001,019 | ---- | C] () -- C:\Users\GB.GB-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010-06-20 12:39:16 | 000,000,079 | ---- | C] () -- C:\Users\GB.GB-PC\Desktop\Huntersoft Free Download.url
[2010-06-20 04:12:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-06-19 22:05:13 | 000,043,900 | ---- | C] () -- C:\Users\GB.GB-PC\Desktop\Laptop.zip
[2010-06-19 21:37:43 | 000,046,985 | ---- | C] () -- C:\Users\GB.GB-PC\Desktop\Desktop_files.zip
[2010-06-17 15:03:01 | 000,004,709 | ---- | C] () -- C:\Users\GB.GB-PC\Documents\RolandsNyaCert.p12
[2010-06-15 12:35:49 | 000,003,478 | ---- | C] () -- C:\Users\GB.GB-PC\Documents\Dovadoretur.rtf
[2010-06-14 09:56:57 | 000,051,068 | ---- | C] () -- C:\7_Taskbar_Tweaker_x64.rar
[2010-06-13 18:08:19 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\LogicPort.lnk
[2010-06-13 11:39:23 | 000,686,836 | ---- | C] () -- C:\Users\GB.GB-PC\Documents\AMac_Address_Change_v5.4.zip
[2010-06-13 03:06:18 | 000,000,933 | ---- | C] () -- C:\Users\GB.GB-PC\Desktop\RW-Everything.lnk
[2010-06-13 00:42:49 | 000,294,764 | ---- | C] () -- C:\Windows\SysNative\perfi01D.dat
[2010-06-13 00:42:49 | 000,037,052 | ---- | C] () -- C:\Windows\SysNative\perfd01D.dat
[2010-06-13 00:42:48 | 000,625,500 | ---- | C] () -- C:\Windows\SysNative\perfh01D.dat
[2010-06-13 00:42:48 | 000,123,668 | ---- | C] () -- C:\Windows\SysNative\perfc01D.dat
[2010-06-12 21:10:58 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-06-12 20:38:31 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-06-12 20:37:00 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010-06-12 20:35:55 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-06-12 20:19:43 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010-06-12 20:19:43 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010-06-12 18:52:59 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010-06-12 18:51:18 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010-06-12 18:12:31 | 000,524,288 | -HS- | C] () -- C:\Users\GB.GB-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010-06-12 18:12:31 | 000,524,288 | -HS- | C] () -- C:\Users\GB.GB-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010-06-12 18:12:31 | 000,000,020 | -HS- | C] () -- C:\Users\GB.GB-PC\ntuser.ini
[2010-06-12 18:12:30 | 001,835,008 | -HS- | C] () -- C:\Users\GB.GB-PC\NTUSER.DAT
[2010-06-12 18:12:30 | 000,262,144 | -HS- | C] () -- C:\Users\GB.GB-PC\ntuser.dat.LOG1
[2010-06-12 18:12:30 | 000,065,536 | -HS- | C] () -- C:\Users\GB.GB-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010-06-12 18:12:30 | 000,000,000 | -HS- | C] () -- C:\Users\GB.GB-PC\ntuser.dat.LOG2
[2010-06-12 17:45:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010-06-12 17:43:59 | 535,683,071 | -HS- | C] () -- C:\hiberfil.sys
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010-07-01 03:31:42 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\Dropbox
[2010-06-30 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\gnupg
[2010-06-30 17:50:42 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\PC Suite
[2010-06-13 19:09:59 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\TextPad
[2010-06-12 23:55:38 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\Thunderbird
[2010-06-18 02:50:12 | 000,000,000 | ---D | M] -- C:\Users\GB.GB-PC\AppData\Roaming\Uniblue
[2009-07-14 07:08:49 | 000,007,062 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 2010-07-01 03:38:55 - Run 5
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\GB.GB-PC\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 73,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 391,78 Gb Total Space | 358,68 Gb Free Space | 91,55% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 21,04 Gb Free Space | 53,85% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 23,97 Gb Free Space | 61,36% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 16,37 Gb Free Space | 33,52% Space Free | Partition Type: NTFS
Drive G: | 48,34 Gb Total Space | 38,59 Gb Free Space | 79,84% Space Free | Partition Type: NTFS
Drive H: | 47,83 Gb Total Space | 23,97 Gb Free Space | 50,10% Space Free | Partition Type: NTFS
Drive I: | 117,63 Mb Total Space | 98,19 Mb Free Space | 83,47% Space Free | Partition Type: NTFS
Drive J: | 116,21 Gb Total Space | 112,59 Gb Free Space | 96,89% Space Free | Partition Type: NTFS
Drive K: | 117,19 Gb Total Space | 28,07 Gb Free Space | 23,95% Space Free | Partition Type: NTFS
Drive L: | 117,19 Gb Total Space | 85,18 Gb Free Space | 72,69% Space Free | Partition Type: NTFS
Drive M: | 58,41 Gb Total Space | 24,75 Gb Free Space | 42,38% Space Free | Partition Type: NTFS
Drive Z: | 9,76 Gb Total Space | 6,79 Gb Free Space | 69,60% Space Free | Partition Type: FAT32

Computer Name: GB-PC
Current User Name: GB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1FDA65E4-7C46-49AA-9721-A734125D68F3}" = Symantec Endpoint Protection
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7ECA1387-47E1-4AFF-AD8A-170E337ED4D4}" = OpenOffice.org 3.2
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{AC76BA86-7AD7-1053-7B44-A93000000001}" = Adobe Reader 9.3.2 - Svenska
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B498EC40-04DA-11DD-6784-0B58D97A18BE}" = LogicPort
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"EasyBCD" = EasyBCD 1.7.2
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RW-Everything_is1" = RW-Everything v1.4
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Unknown Device Identifier_is1" = Unknown Device Identifier 7.00
"Web Sudoku Deluxe_is1" = Web Sudoku Deluxe 1.2
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-06-12 13:40:23 | Computer Name = GB-PC | Source = SideBySide | ID = 16842785
Description = Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Symantec\Symantec
Endpoint Protection\SymCorpUI.exe. Den beroende sammansättningen Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error - 2010-06-12 13:40:23 | Computer Name = GB-PC | Source = SideBySide | ID = 16842785
Description = Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Symantec\Symantec
Endpoint Protection\SymCorpUI.exe. Den beroende sammansättningen Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error - 2010-06-12 13:53:43 | Computer Name = GB-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 2010-06-12 14:14:39 | Computer Name = GB-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

[ System Events ]
Error - 2010-06-28 14:58:23 | Computer Name = GB-PC | Source = EventLog | ID = 6008
Description = Den senaste avstängningen av datorn vid 20:55:14 den ?2010-?06-?28
skedde oväntat.

Error - 2010-06-28 14:58:56 | Computer Name = GB-PC | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: SAVRKBootTasks

Error - 2010-06-28 15:03:35 | Computer Name = GB-PC | Source = Service Control Manager | ID = 7016
Description = Tjänsten NVIDIA Stereoscopic 3D Driver Service registrerade ett ogiltigt
aktuellt läge 0.

Error - 2010-06-28 15:05:43 | Computer Name = GB-PC | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: SAVRKBootTasks

Error - 2010-06-30 09:18:55 | Computer Name = GB-PC | Source = bowser | ID = 8003
Description =

Error - 2010-06-30 11:45:29 | Computer Name = GB-PC | Source = Service Control Manager | ID = 7030
Description = Tjänsten ServiceLayer är markerad som en interaktiv tjänst. Systemet
är dock konfigurerat för att inte tillåta interaktiva tjänster. Tjänsten kommer
kanske inte att fungera korrekt.

Error - 2010-06-30 11:46:50 | Computer Name = GB-PC | Source = Service Control Manager | ID = 7016
Description = Tjänsten NVIDIA Stereoscopic 3D Driver Service registrerade ett ogiltigt
aktuellt läge 0.

Error - 2010-06-30 11:48:44 | Computer Name = GB-PC | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: SAVRKBootTasks

Error - 2010-06-30 21:27:37 | Computer Name = GB-PC | Source = Service Control Manager | ID = 7016
Description = Tjänsten NVIDIA Stereoscopic 3D Driver Service registrerade ett ogiltigt
aktuellt läge 0.

Error - 2010-06-30 21:31:35 | Computer Name = GB-PC | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: SAVRKBootTasks


< End of report >


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 AM

Posted 05 July 2010 - 06:43 PM

Nothing at all on the logs.

Please run ESET and let's see if there's anything leftover

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 Teletype

Teletype
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 07 July 2010 - 01:15 PM

I just want to report that Eset has been running for 16 hours now, but has a very long way to go yet, so the results may take a few days before being ready if I judge the percentage done versus what is left, just so you know that I will probably not be able to have the result inside the 48 hours normally alloted for a reply. So I will return ASAP, but most probably long after 48 hours have passed.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 AM

Posted 07 July 2010 - 03:35 PM

That's not exactly a normal scan. I will note that you may take a little longer to reply here.

Keep me informed of the scan progress.
Posted Image
m0le is a proud member of UNITE

#13 Teletype

Teletype
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 07 July 2010 - 06:08 PM

Current results:

Attached File  eset.JPG   36.95KB   4 downloads

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 AM

Posted 07 July 2010 - 06:40 PM

Do you have an unusual amount of files on your PC, would you say?

Should be done soon anyway. whistling.gif
Posted Image
m0le is a proud member of UNITE

#15 Teletype

Teletype
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 08 July 2010 - 02:30 AM

Yes, I have huge amounts of files of all sorts and sizes, almost no MP3's or movies though, so I am a bit of an odd fish in the pond. If you are looking for something out of the ordinary and have difficulties finding it, please let me take a peek in my stashes before you give up on the idea. -I have quite often been able to dig up something useful, and it is done due to my passion for collecting and spreading information and knowledge to anyone interested in expanding their knowledge or wisdom or whatever you want to call it. -Learning for the fun of it, as I like to explain it to those who ask.
So any help you can give me with the problem on hand will be appreciated not only by me, but by lots of others who like to browse my collections and make good use of them.
Bye for now, hoping to have a reply with the Eset result soon...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users