Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus, scanning fails to find it


  • This topic is locked This topic is locked
19 replies to this topic

#1 nbr13

nbr13

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 11 October 2011 - 06:24 AM

Hi gurus!

I have been struggling a few days trying to remove a redirect virus on my computer. Running various tools (e.g. MBAM, TDSSKiller, ComboFix) and following different guides without any luck. Finally, I now turn to you for help. I have followed your Preparation Guide (http://www.bleepingcomputer.com/forums/topic34773.html) and attached you find the GMER log file.

I had to download the dds.scr and GMER from another machine and move it to the infected machine with a USB stick. The reason is that the virus block access to beepingcomputer.com/download/anti-virus. I get a 404 when trying to access your resources. The main page at beepingcomputer.com get redirected to http://computertrainingcenterr.info/?rid=935824&rname=beepingcomputer.com&OptId=10

No dds.scr script log attached as it runs about one minute (printing out several hash marks) then it hangs. Tested both in Windows normal and in safe mode. This is actually the same result as with ComboFix, it runs for a few minutes then it hangs without printing any stages passed. I left it over night one time just to be sure not to kill it too quick.

GMER running witout any problems. Log attached. (EDIT: actually no, I got a file too big error when trying to upload - what to do?)

Thanks in advance for your help!

Regards /Peter

Edited by nbr13, 11 October 2011 - 06:30 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:20 PM

Posted 16 October 2011 - 05:08 AM

Hi,

but you were able to download COmboFix? Could you pleas share the log of combofix in your next reply.
Please try zipping the gmer log before attaching it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 nbr13

nbr13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 16 October 2011 - 06:59 AM

Hi Myrti,

Attached the GMER log in gzip format.

Yes I have run ComboFix but, as I wrote, it hangs after a few minutes. The last printout from ComboFix is "However, scan times for badly infected machines may easily double". I do not see any "Completed Stage_X". And I have left the machine over night one time to be sure not to abort ComboFix before finished, but no more printouts from ComboFix.

Version of ComboFix used is 11.10.10.4.

How can I share ComboFix log? Where can I find it? My assumption was that the log report was generated when ComboFix finished.

Thanks /Peter

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:20 PM

Posted 16 October 2011 - 07:02 AM

Hi,

please try running OTL instead of dds.scr:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

If ComboFix stalled, then there will be no log. I'm sorry I missed that in your initial post.

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 nbr13

nbr13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 16 October 2011 - 07:50 AM

OTL logfile created on: 2011-10-16 14:29:03 - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Monika\Skrivbord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,71% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 37,26 Gb Total Space | 22,03 Gb Free Space | 59,13% Space Free | Partition Type: NTFS
Drive E: | 14,40 Gb Total Space | 14,40 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: MONIKA2 | User Name: Monika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-10-16 14:25:20 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monika\Skrivbord\OTL.exe
PRC - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-02-18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-10-29 16:07:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program\Lenovo\System Update\SUService.exe
PRC - [2010-09-21 00:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010-09-17 18:54:24 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010-09-17 18:51:38 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010-09-17 18:51:06 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Program\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010-09-17 18:46:16 | 000,237,568 | ---- | M] (Lenovo ) -- C:\Program\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010-09-17 18:46:06 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010-08-25 02:28:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010-08-25 02:28:00 | 000,053,248 | ---- | M] () -- C:\Program\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010-07-27 18:05:00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010-04-26 14:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program\Lenovo\ZOOM\TpScrex.exe
PRC - [2010-04-23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010-04-07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010-04-01 15:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009-11-24 14:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009-02-27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program\Intel\WiFi\bin\EvtEng.exe
PRC - [2009-02-27 07:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009-02-27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program\Delade filer\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008-03-04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program\Delade filer\Lenovo\Scheduler\tvtsched.exe
PRC - [2007-09-26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program\Delade filer\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006-06-29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004-10-14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002-10-08 23:28:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
PRC - [2002-09-20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011-10-16 14:13:46 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011-10-16 14:11:57 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011-10-16 14:11:51 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011-10-16 14:11:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011-10-16 14:11:32 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011-10-16 14:11:00 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011-10-16 14:09:42 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011-10-16 14:09:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011-10-16 14:09:33 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011-10-16 14:09:17 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011-10-16 14:08:42 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011-10-16 14:08:17 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011-10-16 14:08:02 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011-10-16 14:07:55 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011-10-16 14:07:44 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011-02-06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program\Delade filer\Apple\Apple Application Support\zlib1.dll
MOD - [2010-11-23 21:24:32 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_sv_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010-11-23 21:24:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_sv_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010-11-23 21:24:30 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-11-23 00:54:16 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010-11-22 21:09:55 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.24579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010-11-22 21:09:55 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3559.24643__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010-11-22 21:09:55 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.24560__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:55 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010-11-22 21:09:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.24575__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010-11-22 21:09:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.24569__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:54 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.24658__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010-11-22 21:09:54 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3559.24638__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:54 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.24568__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:54 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:54 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:53 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:53 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.24659__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.24625__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010-11-22 21:09:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:52 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:51 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3559.24608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:51 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3559.24633__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010-11-22 21:09:50 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3559.24639__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:50 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.24570__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:50 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3559.24582__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:50 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:50 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:50 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3559.24585__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:50 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:49 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3559.24602__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:49 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:49 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010-11-22 21:09:49 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3559.24586__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010-11-22 21:09:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:49 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010-11-22 21:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010-11-22 21:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010-11-22 21:09:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010-11-22 21:09:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010-11-22 21:09:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010-11-22 21:09:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010-11-22 21:09:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010-11-22 21:09:47 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010-11-22 21:09:46 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010-11-22 21:09:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010-11-22 21:09:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010-11-22 21:09:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010-11-22 21:09:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010-11-22 21:09:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010-11-22 21:09:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010-11-22 21:09:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2010-11-22 21:09:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010-11-22 21:09:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010-11-22 21:09:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010-11-22 21:09:45 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010-11-22 21:09:45 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010-11-22 21:09:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010-11-22 21:09:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010-11-22 21:09:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010-11-22 21:09:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010-11-22 21:09:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010-11-22 21:09:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010-11-22 21:09:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010-11-22 21:09:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010-11-22 21:09:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010-11-22 21:09:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010-11-22 21:09:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2010-11-22 21:09:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010-11-22 21:09:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010-11-22 21:09:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010-11-22 21:09:43 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.24686__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010-11-22 21:09:43 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010-11-22 21:09:43 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010-11-22 21:09:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.24667__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010-11-22 21:09:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010-11-22 21:09:43 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010-11-22 21:09:43 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010-11-22 21:09:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010-11-22 21:09:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010-11-22 21:09:43 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010-11-22 21:09:42 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.24653__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010-11-22 21:09:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.24651__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010-11-22 21:09:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010-11-22 21:09:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010-11-22 21:09:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010-11-22 21:09:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010-11-22 21:09:42 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010-11-22 21:09:42 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010-11-22 21:09:42 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.24555__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010-11-22 21:09:41 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.24647__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010-11-22 21:09:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.24574__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010-11-22 21:09:41 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.24557__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010-11-22 21:09:41 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.24559__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010-11-22 21:09:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010-11-22 21:09:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010-11-22 21:09:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010-11-22 21:09:40 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.24565__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010-11-22 21:09:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010-11-22 21:09:39 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.24558__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010-11-22 21:09:39 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.24557__90ba9c70f846762e\APM.Server.dll
MOD - [2010-11-22 21:09:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010-11-22 21:09:39 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.24652__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010-11-22 21:09:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010-11-22 21:09:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.24556__90ba9c70f846762e\AEM.Server.dll
MOD - [2010-09-17 19:33:22 | 000,044,032 | ---- | M] () -- C:\Program\ThinkPad\ConnectUtilities\Res\SV\GUIHlprRes.dll
MOD - [2010-09-17 19:33:12 | 000,229,376 | ---- | M] () -- C:\Program\ThinkPad\ConnectUtilities\Res\SV\IconRes.dll
MOD - [2010-09-17 19:32:48 | 000,077,824 | ---- | M] () -- C:\Program\ThinkPad\ConnectUtilities\Res\SV\SvcHlprRes.dll
MOD - [2010-08-25 02:28:00 | 000,081,920 | ---- | M] () -- C:\Program\ThinkPad\Utilities\SV-SE\PWMUIAux.resources.dll
MOD - [2010-08-25 02:28:00 | 000,054,784 | ---- | M] () -- C:\Program\ThinkPad\Utilities\SV\PWRMGRRO.DLL
MOD - [2010-08-25 02:28:00 | 000,053,248 | ---- | M] () -- C:\Program\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010-08-25 02:28:00 | 000,037,888 | ---- | M] () -- C:\Program\ThinkPad\Utilities\SV\PWRMGRRT.DLL
MOD - [2010-07-01 20:25:40 | 000,247,144 | ---- | M] () -- C:\Program\ThinkPad\TpShocks\MUI\041d\TpShocks.dll
MOD - [2009-05-15 16:01:26 | 000,016,384 | R--- | M] () -- C:\Program\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009-02-27 20:23:48 | 000,311,296 | ---- | M] () -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\pdfshell.SVE
MOD - [2009-02-27 07:51:14 | 000,200,704 | ---- | M] () -- C:\Program\Intel\WiFi\bin\iWMSProv.dll
MOD - [2006-06-29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2002-10-08 23:28:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011-02-18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-10-29 16:07:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010-09-17 18:46:16 | 000,237,568 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010-09-17 18:46:06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010-08-25 02:28:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010-08-25 02:28:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010-04-07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010-04-07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009-02-27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009-02-27 07:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009-02-27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008-03-04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program\Delade filer\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007-09-26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program\Delade filer\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006-06-29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002-09-20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011-08-31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-08-25 02:28:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010-08-25 02:28:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010-06-16 14:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2010-06-16 14:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009-09-29 17:06:14 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-03-13 15:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2008-09-23 09:24:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\shbecr.sys -- (Tdsshbecr)
DRV - [2008-08-13 18:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008-05-12 21:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008-05-12 19:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008-01-07 15:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007-05-02 12:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007-03-09 03:57:02 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007-02-19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006-10-02 02:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006-10-02 02:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006-09-26 15:13:00 | 000,014,848 | ---- | M] (Lenovo, Ltd. and IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2006-09-26 15:13:00 | 000,006,528 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2005-10-09 22:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2005-09-28 18:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005-01-25 16:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-01-25 16:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005-01-25 16:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-630328440-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.svd.se/
IE - HKU\S-1-5-21-1409082233-630328440-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1409082233-630328440-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKU\S-1-5-21-1409082233-630328440-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 BF E5 D1 47 8B CB 01 [binary data]
IE - HKU\S-1-5-21-1409082233-630328440-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-630328440-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program\Mozilla Thunderbird\components [2011-08-23 21:02:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program\Mozilla Thunderbird\plugins

[2010-11-24 23:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Application Data\Mozilla\Extensions
[2010-11-24 23:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2003-07-28 18:18:28 | 000,000,710 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program\ThinkPad\Program\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program\Delade filer\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-630328440-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-630328440-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290375530221 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5617604-EEE1-4BC8-996C-B50223BBEF43}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Monika\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Monika\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-11-21 23:15:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a65ba8f-f5b5-11df-93f6-ce7cadaba9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{5a65ba8f-f5b5-11df-93f6-ce7cadaba9f6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-10-16 14:28:10 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monika\Skrivbord\OTL.exe
[2011-10-16 13:56:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-10-11 10:18:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Monika\Skrivbord\dds.scr
[2011-10-11 00:00:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-10-10 22:24:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-10-10 22:22:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-10-10 22:22:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-10-10 22:22:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-10-10 22:22:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-10-10 22:20:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-10-10 22:20:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-10-10 22:20:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Monika\Start-meny\Program\Administrationsverktyg
[2011-09-23 22:28:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Monika\Recent
[2011-09-23 22:24:59 | 000,000,000 | ---D | C] -- C:\Program\CCleaner
[2011-09-23 22:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monika\Application Data\Malwarebytes
[2011-09-23 22:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes' Anti-Malware
[2011-09-23 22:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-09-23 22:10:09 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-09-23 22:10:09 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-10-16 14:28:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011-10-16 14:26:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011-10-16 14:25:55 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011-10-16 14:25:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-10-16 14:25:20 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monika\Skrivbord\OTL.exe
[2011-10-16 14:23:42 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Slltr.job
[2011-10-16 14:23:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-10-16 14:23:33 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-10-16 14:06:59 | 000,523,592 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2011-10-16 14:06:59 | 000,502,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-10-16 14:06:59 | 000,111,190 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2011-10-16 14:06:59 | 000,087,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-10-16 14:03:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-10-11 10:48:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Monika\Skrivbord\nisse.exe
[2011-10-11 10:15:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Monika\Skrivbord\dds.scr
[2011-10-10 22:24:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-10-03 10:31:34 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011-09-26 11:41:40 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011-09-26 11:41:40 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011-09-26 11:41:40 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011-09-26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011-09-23 23:26:53 | 000,265,590 | ---- | M] () -- C:\Documents and Settings\Monika\Mina dokument\cc_20110923_232551.reg
[2011-09-23 22:25:00 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\CCleaner.lnk
[2011-09-23 22:10:13 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2011-09-23 19:47:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-10-16 14:03:03 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-10-11 10:50:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Monika\Skrivbord\nisse.exe
[2011-10-10 22:24:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-10-10 22:24:51 | 000,260,784 | RHS- | C] () -- C:\cmldr
[2011-10-10 22:22:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-10-10 22:22:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-10-10 22:22:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-10-10 22:22:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-10-10 22:22:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-09-23 23:29:51 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-09-23 23:25:57 | 000,265,590 | ---- | C] () -- C:\Documents and Settings\Monika\Mina dokument\cc_20110923_232551.reg
[2011-09-23 22:25:00 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\CCleaner.lnk
[2011-09-23 22:10:13 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2011-01-19 22:42:56 | 000,052,736 | RHS- | C] () -- C:\WINDOWS\System32\duserh.dll
[2010-12-04 01:41:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-11-24 23:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-11-23 22:34:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-11-23 01:01:45 | 003,837,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat
[2010-11-22 21:54:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010-11-22 21:50:50 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010-11-22 21:50:49 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010-11-22 21:49:23 | 000,002,086 | ---- | C] () -- C:\WINDOWS\System32\SMBIOS.bin
[2010-11-22 21:44:23 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010-11-22 21:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-11-22 21:06:53 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-11-22 21:06:52 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-11-22 20:59:49 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010-11-22 00:00:24 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-11-21 23:54:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010-11-21 23:19:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-11-21 23:12:34 | 000,021,700 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-05-27 00:10:02 | 000,014,772 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-27 00:10:00 | 000,022,298 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-27 00:09:58 | 000,014,614 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005-06-10 14:59:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003-07-28 18:51:16 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003-07-28 18:35:50 | 000,274,932 | ---- | C] () -- C:\WINDOWS\System32\perfi01D.dat
[2003-07-28 18:35:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003-07-28 18:35:49 | 000,523,592 | ---- | C] () -- C:\WINDOWS\System32\perfh01D.dat
[2003-07-28 18:35:49 | 000,502,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003-07-28 18:35:47 | 000,033,234 | ---- | C] () -- C:\WINDOWS\System32\perfd01D.dat
[2003-07-28 18:35:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003-07-28 18:35:44 | 000,111,190 | ---- | C] () -- C:\WINDOWS\System32\perfc01D.dat
[2003-07-28 18:35:44 | 000,087,980 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003-07-28 18:34:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-07-28 18:33:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-07-28 18:25:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003-07-28 18:25:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003-07-28 18:15:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003-07-28 18:13:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003-06-24 15:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002-10-08 23:28:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TpScrLk.exe

< End of report >

#6 nbr13

nbr13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 16 October 2011 - 07:51 AM

OTL Extras logfile created on: 2011-10-16 14:29:03 - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Monika\Skrivbord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,71% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 37,26 Gb Total Space | 22,03 Gb Free Space | 59,13% Space Free | Partition Type: NTFS
Drive E: | 14,40 Gb Total Space | 14,40 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: MONIKA2 | User Name: Monika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - kompatibilitetsläge (HTTP-in)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program\Spotify\spotify.exe" = C:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024D73F0-1C49-2340-8AC3-5234AAA560C0}" = ccc-core-static
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = ThinkPad SATA Power Management Driver
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Anpassat tangentbord
"{24F9E04D-4CD5-3979-76F9-C1C6E78471AB}" = CCC Help Italian
"{296D775C-839A-3618-8D5C-E2B588C5CD12}" = Microsoft .NET Framework 4 Extended SVE Language Pack
"{3305E24F-1192-0424-8A25-39713FD92728}" = Skins
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C938B6-F72A-4D92-B8B5-A1F0F9B1DC76}" = Handelsbankens kortläsare
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA7A736-0B03-565C-1139-83FE890F0AF3}" = CCC Help French
"{43A1FE83-D39F-3779-8D48-D6D19EE7AC48}" = CCC Help Chinese Traditional
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Aktivt skyddssystem
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{66CA5E58-0D03-A75D-16EF-68258DE0DFC3}" = CCC Help English
"{6BC292E6-5C85-4620-C1D0-A2FEAFD5D135}" = CCC Help Japanese
"{6CE851D7-DD98-489A-9227-5BBE08E7064B}" = ThinkVantage Fingerprint Software
"{7579A17B-0E6C-9EF3-D022-30729A24B399}" = CCC Help Chinese Standard
"{77701BFD-3A86-34B0-A9EC-0D7440C6D8AF}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE
"{7BAA2000-5B8D-66DD-DBE7-089671AC118B}" = ccc-utility
"{7C2BD022-2B09-1F6D-D6C1-AD2A591E7537}" = Catalyst Control Center Core Implementation
"{7D7152AF-581B-316F-8CA4-15342C3EFA4B}" = Microsoft .NET Framework 3.5 Language Pack SP1 - sve
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{806DB796-7082-C63F-284E-62245284A417}" = CCC Help Dutch
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{9028041D-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional med FrontPage
"{9030041D-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}" = Microsoft .NET Framework 1.1 Swedish Language Pack
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energispararen
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E23D97-145F-29BF-81DE-DAEC1E5AB237}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8FA2AC0-3875-B59F-917F-719982FB1BE8}" = CCC Help Portuguese
"{AA8CF3BD-6717-3B70-83BF-377426410A66}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE
"{AC76BA86-7AD7-1053-7B44-A94000000001}" = Adobe Reader 9.4.3 - Svenska
"{AE1A0B0E-2EC7-656A-711A-0E7E8D4AB5CF}" = CCC Help Spanish
"{B016DE7B-CA2D-5EFD-9591-A109E67119BD}" = CCC Help Swedish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A92EF9-D14C-937F-742E-D272938DC590}" = CCC Help Korean
"{C60AAF4C-A72C-36E0-8CA4-41FF753D74F6}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D702172D-8D17-D9EC-B661-42FA268575AF}" = Catalyst Control Center Localization All
"{DAA3F236-CEEC-C6CC-12C2-AB1B75C8BC09}" = CCC Help German
"{E09CEE8B-1DCD-C628-A8EA-2B56D61DDEFA}" = ccc-core-preinstall
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Programvaran Intel® PROSet för trådlösa WiFi-anslutningar
"{F3439243-1BAC-7250-D346-2642655F95ED}" = Catalyst Control Center Graphics Full Existing
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-konfigurering
"{FF2AFF73-099E-0BB5-AE87-B044D3D7DE78}" = Catalyst Control Center Graphics Light
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Hjälp för avinstallation av program
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"ie8" = Windows Internet Explorer 8
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - sve" = Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended SVE Language Pack" = Microsoft .NET Framework 4 Extended Language Pack - SVE
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OnScreenDisplay" = Visa på skärmen
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Personal" = BankID säkerhetsprogram 4.17.0
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentationshanteraren
"ProInst" = Intel PROSet Wireless
"Spotify" = Spotify
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TPKBDLED" = Scroll Lock Indicator Utility
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-04-14 21:11:51 | Computer Name = MONIKA2 | Source = Windows Search Service | ID = 3013
Description = Det går inte att uppdatera posten <C:\CONFIG.MSI\1294B4C.RBS> i hash-mappningen.

Kontext:
program , katalog SystemIndex Information: En enhet som är ansluten till datorn fungerar
inte. (0x8007001f)

Error - 2011-04-14 21:17:34 | Computer Name = MONIKA2 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2011-04-15 16:17:39 | Computer Name = MONIKA2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2011-04-15 16:17:39 | Computer Name = MONIKA2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2313

Error - 2011-04-15 16:17:39 | Computer Name = MONIKA2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2313

Error - 2011-04-16 15:54:16 | Computer Name = MONIKA2 | Source = Application Error | ID = 1000
Description = Felaktigt program , version 0.0.0.0, felaktig modul unknown, version
0.0.0.0, felaktig adress 0x00000000.

Error - 2011-04-16 16:24:21 | Computer Name = MONIKA2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2011-04-16 16:24:21 | Computer Name = MONIKA2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3906

Error - 2011-04-16 16:24:21 | Computer Name = MONIKA2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3906

Error - 2011-04-17 05:39:50 | Computer Name = MONIKA2 | Source = Application Error | ID = 1004
Description = Felaktigt program svchost.exe, version 0.0.0.0, felaktig modul unknown,
version 0.0.0.0, felaktig adress 0x00000000.

[ System Events ]
Error - 2011-10-11 04:38:52 | Computer Name = MONIKA2 | Source = DCOM | ID = 10005
Description = DCOM fick felet %1084 vid försök att starta tjänsten EventSystem med
argumenten för att köra servern: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-10-11 04:39:13 | Computer Name = MONIKA2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten DHCP Client är beroende av tjänsten NetBios over Tcpip. Den
sistnämnda kunde inte starta på grund av följande fel: %%31

Error - 2011-10-11 04:39:13 | Computer Name = MONIKA2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten DNS Client är beroende av tjänsten TCP/IP Protocol Driver.
Den sistnämnda kunde inte starta på grund av följande fel: %%31

Error - 2011-10-11 04:39:13 | Computer Name = MONIKA2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten TCP/IP NetBIOS Helper är beroende av tjänsten AFD Networking
Support Environment. Den sistnämnda kunde inte starta på grund av följande fel:
%%31

Error - 2011-10-11 04:39:13 | Computer Name = MONIKA2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten Apple Mobile Device är beroende av tjänsten TCP/IP Protocol
Driver. Den sistnämnda kunde inte starta på grund av följande fel: %%31

Error - 2011-10-11 04:39:13 | Computer Name = MONIKA2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten Bonjour-tjänst är beroende av tjänsten TCP/IP Protocol Driver.
Den sistnämnda kunde inte starta på grund av följande fel: %%31

Error - 2011-10-11 04:39:13 | Computer Name = MONIKA2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten IPSEC Services är beroende av tjänsten IPSEC driver. Den
sistnämnda kunde inte starta på grund av följande fel: %%31

Error - 2011-10-11 04:39:13 | Computer Name = MONIKA2 | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: AFD ANC Fips IBMTPCHK intelppm IPSec lenovo.smi MRxSmb NetBIOS NetBT RasAcd
Rdbss
Smapint
Tcpip
TDSMAPI
TPHKDRV
TPPWRIF
TSMAPIP

Error - 2011-10-11 05:51:40 | Computer Name = MONIKA2 | Source = atapi | ID = 262153
Description = Enheten \Device\Ide\IdePort0 har inte svarat inom den angivna tidsgränsen.

Error - 2011-10-11 05:53:06 | Computer Name = MONIKA2 | Source = atapi | ID = 262153
Description = Enheten \Device\Ide\IdePort0 har inte svarat inom den angivna tidsgränsen.


< End of report >

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:20 PM

Posted 16 October 2011 - 01:39 PM

Hi,

Do these names/folders lok familiar, did you install them:C:\Documents and Settings\Monika\Skrivbord and C:\Documents and Settings\Monika\Start-meny\Program\Administrationsverktyg?

Could you please also run a scan with aswMBR:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 nbr13

nbr13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 16 October 2011 - 02:40 PM

Hi,

Sorry for the Swedish OS version :)

"C:\Documents and Settings\Monika\Skrivbord" is the normal Desktop path, so that folder is well known.

"C:\Documents and Settings\Monika\Start-meny\Program\Administrationsverktyg" seems a bit strange though. The translation would be Administration Tools. When I check the details of the folder it's created October 10 2011. This is the same day as I was working with the machine trying to find the problem. I have not created the folder. The folder contains only one hidden file, it's called "desktop.ini" and the content is:

[.ShellClassInfo]
LocalizedResourceName=@shell32.dll,-21762

Here's the AVAST log:
---
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-16 21:05:44
-----------------------------
21:05:44.171 OS Version: Windows 5.1.2600 Service Pack 3
21:05:44.171 Number of processors: 1 586 0xD08
21:05:44.171 ComputerName: MONIKA2 UserName: Monika
21:05:44.921 Initialize success
21:06:27.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:06:27.656 Disk 0 Vendor: FUJITSU_MHV2040AH 00840096 Size: 38154MB BusType: 3
21:06:29.671 Disk 0 MBR read successfully
21:06:29.671 Disk 0 MBR scan
21:06:29.671 Disk 0 Windows XP default MBR code
21:06:29.671 Disk 0 scanning sectors +78140160
21:06:29.734 Disk 0 scanning C:\WINDOWS\system32\drivers
21:06:38.375 Service scanning
21:06:39.593 Modules scanning
21:07:15.296 Disk 0 trace - called modules:
21:07:15.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:07:15.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc1ab8]
21:07:15.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007e[0x89d922d8]
21:07:15.328 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d9b940]
21:07:15.843 Scan finished successfully
21:08:16.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Monika\Skrivbord\MBR.dat"
21:08:16.968 The log file has been saved successfully to "C:\Documents and Settings\Monika\Skrivbord\aswMBR.txt"

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:20 PM

Posted 16 October 2011 - 03:42 PM

Hi,

it would seem that this is fine then. Administrative tools is part of the nromal windows OS. What about the following task: C:\WINDOWS\tasks\Slltr.job Did you create that?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 nbr13

nbr13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 16 October 2011 - 04:22 PM

The task you mention, I have no idea what that is. It does not show up when I navigate to the Tasks folder in Windows Explorer... need to use the cmd window and "dir /a" to see it's there.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:20 PM

Posted 16 October 2011 - 05:18 PM

Hi,

ok, please run RogueKiller next then:

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 nbr13

nbr13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 17 October 2011 - 01:19 AM

RogueKiller V6.1.3 [10/14/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Monika [Admin rights]
Mode: Scan -- Date : 10/17/2011 07:51:09

Bad processes: 0

Registry Entries: 2
[RANDOMNAME] HKLM\[...]\Run : PSQLLauncher ("C:\Program\ThinkVantage Fingerprint Software\launcher.exe" /startup) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:20 PM

Posted 18 October 2011 - 03:53 PM

Hi,

that did not see the job either. I'd propose to kill the file and see if that helps with your google redirects;

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    [2011-10-16 14:23:42 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Slltr.job
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 nbr13

nbr13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 19 October 2011 - 01:21 AM

========== OTL ==========
C:\WINDOWS\tasks\Slltr.job moved successfully.

OTL by OldTimer - Version 3.2.30.0 log created on 10192011_072226

#15 nbr13

nbr13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 19 October 2011 - 01:22 AM

OTL logfile created on: 2011-10-19 07:29:45 - Run 2
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Monika\Skrivbord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,62% Memory free
3,85 Gb Paging File | 3,37 Gb Available in Paging File | 87,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 37,26 Gb Total Space | 22,29 Gb Free Space | 59,82% Space Free | Partition Type: NTFS
Drive E: | 14,40 Gb Total Space | 14,40 Gb Free Space | 99,96% Space Free | Partition Type: FAT32

Computer Name: MONIKA2 | User Name: Monika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Monika\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Program\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Program\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program\Delade filer\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program\Delade filer\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program\Delade filer\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\TpScrLk.exe ()
PRC - C:\Program\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program\Delade filer\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_sv_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_sv_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.24579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3559.24643__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.24560__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.24575__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.24569__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.24658__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3559.24638__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.24568__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.24659__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.24625__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3559.24608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3559.24633__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3559.24639__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.24570__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3559.24582__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3559.24585__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3559.24602__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3559.24586__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.24686__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.24667__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.24653__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.24651__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.24555__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.24647__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.24574__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.24557__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.24559__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.24565__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.24558__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.24557__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.24652__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.24556__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Program\ThinkPad\ConnectUtilities\Res\SV\GUIHlprRes.dll ()
MOD - C:\Program\ThinkPad\ConnectUtilities\Res\SV\IconRes.dll ()
MOD - C:\Program\ThinkPad\ConnectUtilities\Res\SV\SvcHlprRes.dll ()
MOD - C:\Program\ThinkPad\Utilities\SV-SE\PWMUIAux.resources.dll ()
MOD - C:\Program\ThinkPad\Utilities\SV\PWRMGRRO.DLL ()
MOD - C:\Program\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Program\ThinkPad\Utilities\SV\PWRMGRRT.DLL ()
MOD - C:\Program\ThinkPad\TpShocks\MUI\041d\TpShocks.dll ()
MOD - C:\Program\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program\Intel\WiFi\bin\iWMSProv.dll ()
MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()
MOD - C:\WINDOWS\system32\TpScrLk.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SUService) -- c:\Program\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Program\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Program\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (DozeSvc) -- C:\Program\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (TPHKSVC) -- C:\Program\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel® -- C:\Program\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TVT Scheduler) -- C:\Program\Delade filer\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program\Delade filer\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (DozeHDD) -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (Tdsshbecr) -- C:\WINDOWS\system32\drivers\shbecr.sys (Todos Data System AB)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (TPDiskPM) -- C:\WINDOWS\System32\drivers\TPDiskPM.sys (Lenovo, Ltd. and IBM Corporation)
DRV - (TPInput) -- C:\WINDOWS\system32\drivers\TPInput.sys (Lenovo, Ltd. and IBM Corporation.)
DRV - (TPM) -- C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.svd.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 BF E5 D1 47 8B CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.1.11

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010-11-23 00:54:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program\Mozilla Thunderbird\components [2011-08-23 21:02:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program\Mozilla Thunderbird\plugins

[2010-11-24 23:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Application Data\Mozilla\Extensions
[2010-11-24 23:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2003-07-28 18:18:28 | 000,000,710 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program\ThinkPad\Program\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program\Delade filer\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290375530221 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5617604-EEE1-4BC8-996C-B50223BBEF43}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Monika\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Monika\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-11-21 23:15:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a65ba8f-f5b5-11df-93f6-ce7cadaba9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{5a65ba8f-f5b5-11df-93f6-ce7cadaba9f6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-10-19 07:22:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-10-17 07:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monika\Skrivbord\RK_Quarantine
[2011-10-16 21:05:35 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Monika\Skrivbord\aswMBR.exe
[2011-10-16 14:28:10 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monika\Skrivbord\OTL.exe
[2011-10-16 13:56:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-10-11 10:18:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Monika\Skrivbord\dds.scr
[2011-10-11 00:00:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-10-10 22:24:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-10-10 22:22:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-10-10 22:22:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-10-10 22:22:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-10-10 22:22:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-10-10 22:20:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-10-10 22:20:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-10-10 22:20:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Monika\Start-meny\Program\Administrationsverktyg
[2011-09-23 22:28:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Monika\Recent
[2011-09-23 22:24:59 | 000,000,000 | ---D | C] -- C:\Program\CCleaner
[2011-09-23 22:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monika\Application Data\Malwarebytes
[2011-09-23 22:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes' Anti-Malware
[2011-09-23 22:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-09-23 22:10:09 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-09-23 22:10:09 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-10-19 07:33:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011-10-19 07:33:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011-10-19 07:27:04 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011-10-19 07:26:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-10-19 07:26:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-10-17 07:49:42 | 000,717,312 | ---- | M] () -- C:\Documents and Settings\Monika\Skrivbord\RogueKiller.exe
[2011-10-16 21:08:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Monika\Skrivbord\MBR.dat
[2011-10-16 21:04:16 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Monika\Skrivbord\aswMBR.exe
[2011-10-16 14:25:20 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monika\Skrivbord\OTL.exe
[2011-10-16 14:23:33 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-10-16 14:06:59 | 000,523,592 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2011-10-16 14:06:59 | 000,502,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-10-16 14:06:59 | 000,111,190 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2011-10-16 14:06:59 | 000,087,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-10-16 14:03:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-10-11 10:48:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Monika\Skrivbord\nisse.exe
[2011-10-11 10:15:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Monika\Skrivbord\dds.scr
[2011-10-10 22:24:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-10-03 10:31:34 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011-09-26 11:41:40 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011-09-26 11:41:40 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011-09-26 11:41:40 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011-09-26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011-09-23 23:26:53 | 000,265,590 | ---- | M] () -- C:\Documents and Settings\Monika\Mina dokument\cc_20110923_232551.reg
[2011-09-23 22:25:00 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\CCleaner.lnk
[2011-09-23 22:10:13 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2011-09-23 19:47:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-10-17 07:50:40 | 000,717,312 | ---- | C] () -- C:\Documents and Settings\Monika\Skrivbord\RogueKiller.exe
[2011-10-16 21:08:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Monika\Skrivbord\MBR.dat
[2011-10-16 14:03:03 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-10-11 10:50:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Monika\Skrivbord\nisse.exe
[2011-10-10 22:24:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-10-10 22:24:51 | 000,260,784 | RHS- | C] () -- C:\cmldr
[2011-10-10 22:22:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-10-10 22:22:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-10-10 22:22:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-10-10 22:22:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-10-10 22:22:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-09-23 23:29:51 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-09-23 23:25:57 | 000,265,590 | ---- | C] () -- C:\Documents and Settings\Monika\Mina dokument\cc_20110923_232551.reg
[2011-09-23 22:25:00 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\CCleaner.lnk
[2011-09-23 22:10:13 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2011-01-19 22:42:56 | 000,052,736 | RHS- | C] () -- C:\WINDOWS\System32\duserh.dll
[2010-12-04 01:41:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-11-24 23:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-11-23 22:34:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-11-23 01:01:45 | 003,837,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat
[2010-11-22 21:54:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010-11-22 21:50:50 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010-11-22 21:50:49 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010-11-22 21:49:23 | 000,002,086 | ---- | C] () -- C:\WINDOWS\System32\SMBIOS.bin
[2010-11-22 21:44:23 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010-11-22 21:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-11-22 21:06:53 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-11-22 21:06:52 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-11-22 20:59:49 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010-11-22 00:00:24 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-11-21 23:54:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010-11-21 23:19:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-11-21 23:12:34 | 000,021,700 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-05-27 00:10:02 | 000,014,772 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-27 00:10:00 | 000,022,298 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-27 00:09:58 | 000,014,614 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005-06-10 14:59:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003-07-28 18:51:16 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003-07-28 18:35:50 | 000,274,932 | ---- | C] () -- C:\WINDOWS\System32\perfi01D.dat
[2003-07-28 18:35:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003-07-28 18:35:49 | 000,523,592 | ---- | C] () -- C:\WINDOWS\System32\perfh01D.dat
[2003-07-28 18:35:49 | 000,502,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003-07-28 18:35:47 | 000,033,234 | ---- | C] () -- C:\WINDOWS\System32\perfd01D.dat
[2003-07-28 18:35:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003-07-28 18:35:44 | 000,111,190 | ---- | C] () -- C:\WINDOWS\System32\perfc01D.dat
[2003-07-28 18:35:44 | 000,087,980 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003-07-28 18:34:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-07-28 18:33:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-07-28 18:25:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003-07-28 18:25:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003-07-28 18:15:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003-07-28 18:13:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003-06-24 15:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002-10-08 23:28:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TpScrLk.exe

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users