Hi deltalima,
Thanks for helping me out with this!
First, I failed to do the second task. Running Gmer. I have tried to run Gmer many times earlier, but always failed.
Below is the error message i got as usual.
z10hn0xd.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
Here follows the logs you requested.
Thanks
pimse
OTL log
OTL logfile created on: 2010-04-27 15:56:01 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Per\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 27,48 Gb Free Space | 56,29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 48,83 Gb Total Space | 28,46 Gb Free Space | 58,29% Space Free | Partition Type: NTFS
Drive G: | 97,65 Gb Total Space | 23,75 Gb Free Space | 24,32% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 102,78 Gb Total Space | 7,93 Gb Free Space | 7,71% Space Free | Partition Type: NTFS
Computer Name: DUO
Current User Name: Per
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Per\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation)
PRC - G:\Program Files\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Per\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)
========== Win32 Services (SafeList) ========== SRV - (NMSAccessU) -- File not found
SRV - (Samsung UPD Service) -- C:\WINDOWS\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (ImDskSvc) -- C:\WINDOWS\system32\imdsksvc.exe (Olof Lagerkvist)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
========== Driver Services (SafeList) ========== DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ImDisk) -- C:\WINDOWS\system32\drivers\imdisk.sys (Olof Lagerkvist)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (AWEAlloc) -- C:\WINDOWS\system32\drivers\awealloc.sys (Olof Lagerkvist)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (atapi) -- C:\WINDOWS\system32\DRIVERS\atapi.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (Maplom) -- C:\WINDOWS\system32\drivers\maplom.sys (Jacal Consulting Pty Ltd)
DRV - (a347bus) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys ( )
DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )
DRV - (axsaki) -- C:\WINDOWS\system32\drivers\axsaki.sys ( )
DRV - (axskbus) -- C:\WINDOWS\system32\drivers\axskbus.sys ( )
DRV - (msgame) -- C:\WINDOWS\system32\drivers\msgame.sys (Microsoft Corporation)
DRV - (hidgame) -- C:\WINDOWS\system32\drivers\hidgame.sys (Microsoft Corporation)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-1454471165-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://se.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1454471165-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKU\S-1-5-21-1454471165-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 99 F1 6B 45 DE C9 01 [binary data]
IE - HKU\S-1-5-21-1454471165-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.leta.se/"
FF - prefs.js..extensions.enabledItems: {F33233B3-EDB1-41f4-8482-917AB190E647}:3.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {21cfaec0-dbb3-11dc-95ff-0800200c9a66}:1.1.2.4
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-23 23:13:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-24 11:21:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-23 21:15:21 | 000,000,000 | ---D | M]
[2009-04-08 19:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Per\Application Data\Mozilla\Extensions
[2010-04-24 01:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions
[2010-04-23 22:53:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-23 22:53:53 | 000,000,000 | ---D | M] (Easy DragToGo) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
[2010-04-23 22:53:53 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010-04-23 22:53:53 | 000,000,000 | ---D | M] (Tab Saver!) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2010-04-23 23:09:47 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010-04-23 22:53:53 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010-04-23 22:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010-04-23 22:53:52 | 000,000,000 | ---D | M] (Add Bookmark Here) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{F33233B3-EDB1-41f4-8482-917AB190E647}
[2010-04-23 22:53:52 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010-04-23 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\firefox@red-cog.com
[2010-04-23 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2010-04-24 00:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-24 00:35:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-04-24 11:21:01 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010-04-01 19:42:59 | 000,001,470 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2010-04-01 19:42:59 | 000,002,670 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2010-04-01 19:42:59 | 000,000,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2010-04-01 19:42:59 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2010-04-01 19:42:59 | 000,000,951 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml
O1 HOSTS File: ([2007-07-27 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Hard Disk Sentinel] G:\Program Files\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupda ... 2062205156 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044}
http://81.232.99.43:60108/activex/AMC.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-14 06:32:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010-04-27 15:46:42 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Per\Desktop\OTL.exe
[2010-04-26 18:42:29 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml2a.dll
[2010-04-26 18:42:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2010-04-26 18:42:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2010-04-26 18:42:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Samsung
[2010-04-26 18:42:01 | 000,218,112 | ---- | C] (SEC) -- C:\WINDOWS\System32\SIPDUtil.dll
[2010-04-26 18:42:01 | 000,157,552 | ---- | C] (SS) -- C:\WINDOWS\System32\spd__ci.exe
[2010-04-26 18:42:01 | 000,141,680 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\WINDOWS\System32\SUPDSvcA.dll
[2010-04-26 18:42:01 | 000,132,464 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\WINDOWS\System32\SUPDSvc.exe
[2010-04-26 18:42:01 | 000,065,536 | ---- | C] (SS) -- C:\WINDOWS\System32\spd__ci.dll
[2010-04-26 18:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2010-04-26 18:29:30 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010-04-25 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010-04-25 13:25:29 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010-04-24 11:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010-04-24 11:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010-04-24 11:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\Application Data\Foxit
[2010-04-24 11:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010-04-24 11:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\Application Data\JAM Software
[2010-04-24 11:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2010-04-24 11:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010-04-24 11:08:28 | 000,019,968 | ---- | C] (Olof Lagerkvist) -- C:\WINDOWS\System32\drivers\imdisk.sys
[2010-04-24 11:08:28 | 000,009,216 | ---- | C] (Olof Lagerkvist) -- C:\WINDOWS\System32\drivers\awealloc.sys
[2010-04-24 11:08:27 | 000,080,384 | ---- | C] (Olof Lagerkvist) -- C:\WINDOWS\System32\imdisk.cpl
[2010-04-24 11:08:27 | 000,035,840 | ---- | C] (Olof Lagerkvist) -- C:\WINDOWS\System32\imdisk.exe
[2010-04-24 11:08:27 | 000,010,240 | ---- | C] (Olof Lagerkvist) -- C:\WINDOWS\System32\imdsksvc.exe
[2010-04-24 11:02:51 | 000,741,744 | ---- | C] (RealVNC Ltd. ) -- C:\Documents and Settings\Per\My Documents\vnc-4_1_3-x86_win32.exe
[2010-04-24 11:02:34 | 267,940,236 | ---- | C] (UBCD4Win Team - Benjamin Burrows ) -- C:\Documents and Settings\Per\My Documents\UBCD4WinV350.exe
[2010-04-24 11:02:24 | 021,663,557 | ---- | C] (Samsung ) -- C:\Documents and Settings\Per\My Documents\SamsungUniversalPrintDriver_PS.exe
[2010-04-24 11:01:46 | 011,714,981 | ---- | C] (Extensoft) -- C:\Documents and Settings\Per\My Documents\FreeTaskManager.exe
[2010-04-24 11:01:42 | 013,062,272 | ---- | C] (Fengtao Software Inc. ) -- C:\Documents and Settings\Per\My Documents\DVDFab6070.exe
[2010-04-24 11:01:39 | 000,670,072 | ---- | C] (Sysinternals -
www.sysinternals.com) -- C:\Documents and Settings\Per\My Documents\autoruns.exe
[2010-04-24 11:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\WNC-0301V3(CD)
[2010-04-24 11:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\WNC-0301USBV3(CD)
[2010-04-24 11:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\winbuild
[2010-04-24 11:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\Video Converter
[2010-04-24 11:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\SysinternalsSuite
[2010-04-24 11:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\Spotify_ripper
[2010-04-24 10:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\siv
[2010-04-24 10:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\nod32ubcd
[2010-04-24 10:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\New Folder
[2010-04-24 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\My Downloads
[2010-04-24 10:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\joomla
[2010-04-24 10:47:26 | 004,411,392 | ---- | C] (Gabest) -- C:\Documents and Settings\Per\Desktop\mplayerc.exe
[2010-04-24 10:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\f305
[2010-04-24 10:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\ENG
[2010-04-24 10:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\dvds
[2010-04-24 10:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\bp
[2010-04-24 10:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\bin2iso
[2010-04-24 10:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\belos
[2010-04-24 10:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\Alcohol 120%
[2010-04-24 08:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\DoctorWeb
[2010-04-24 02:37:44 | 000,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2010-04-24 02:37:44 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2010-04-24 02:37:43 | 000,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2010-04-24 02:37:42 | 000,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2010-04-24 02:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sygate
[2010-04-24 01:49:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-04-24 01:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-04-24 01:38:50 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010-04-24 01:38:46 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010-04-24 01:37:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010-04-24 01:37:40 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010-04-24 01:37:30 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010-04-24 01:29:30 | 000,278,016 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010-04-24 01:26:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-04-24 01:10:18 | 001,304,576 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Per\Desktop\Norman_Sinowal_Cleaner.exe
[2010-04-24 01:10:17 | 001,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Per\Desktop\install_flash_player.exe
[2010-04-24 01:10:17 | 000,069,632 | ---- | C] (Auto Debug System) -- C:\Documents and Settings\Per\Desktop\KillProcess.exe
[2010-04-24 01:10:14 | 013,062,272 | ---- | C] (Fengtao Software Inc. ) -- C:\Documents and Settings\Per\Desktop\DVDFab6070.exe
[2010-04-24 01:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\Desktop\txt
[2010-04-24 01:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\Desktop\New Folder (6)
[2010-04-24 01:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\Local Settings\Application Data\Spotify
[2010-04-24 01:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\Application Data\Spotify
[2010-04-24 01:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\McafeeRootkitDetective
[2010-04-24 01:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Per\My Documents\Hämtade filer
[2010-04-24 00:39:04 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010-04-24 00:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010-04-24 00:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-04-24 00:35:17 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-04-24 00:35:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-04-24 00:35:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-04-24 00:35:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-04-23 21:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\MAPILab Ltd
[2010-04-23 21:32:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010-04-23 21:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010-04-03 22:55:32 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010-04-03 22:55:32 | 004,075,520 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010-04-03 22:55:32 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010-04-03 22:55:32 | 002,030,184 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010-04-03 22:55:32 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010-04-03 19:23:18 | 000,278,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010-04-03 19:23:16 | 013,670,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010-04-03 19:23:16 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010-04-03 19:23:16 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010-04-03 19:22:54 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009-04-04 17:02:56 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2009-04-04 17:02:56 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2003-03-30 21:38:18 | 000,102,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axsaki.sys
[2003-03-28 11:58:42 | 000,008,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axskbus.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010-04-27 15:56:28 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E51E9111-755F-4990-99AB-39BEABF9B266}.job
[2010-04-27 15:54:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-04-27 15:53:54 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-04-27 15:53:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-27 15:53:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-27 15:52:42 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Per\NTUSER.DAT
[2010-04-27 15:47:09 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\z10hn0xd.exe
[2010-04-27 15:46:46 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Per\Desktop\OTL.exe
[2010-04-27 15:45:13 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-04-27 15:45:13 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-04-27 15:45:12 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-27 15:17:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Per\ntuser.ini
[2010-04-26 20:21:53 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\MemberImport.xls
[2010-04-26 17:54:35 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Per\My Documents\rik.xls
[2010-04-26 17:54:35 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Per\My Documents\Bok1.xls
[2010-04-25 17:46:51 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-25 13:25:28 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010-04-25 00:58:06 | 005,845,068 | -H-- | M] () -- C:\Documents and Settings\Per\Local Settings\Application Data\IconCache.db
[2010-04-24 17:58:19 | 000,002,406 | ---- | M] () -- C:\Documents and Settings\Per\My Documents\cc_20100424_175817.reg
[2010-04-24 17:58:07 | 000,015,076 | ---- | M] () -- C:\Documents and Settings\Per\My Documents\cc_20100424_175804.reg
[2010-04-24 17:55:36 | 000,029,894 | ---- | M] () -- C:\Documents and Settings\Per\My Documents\cc_20100424_175533.reg
[2010-04-24 11:47:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-04-24 11:38:28 | 000,002,163 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010-04-24 11:21:22 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010-04-24 11:08:59 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010-04-24 10:45:08 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\HTTrack Website Copier.lnk
[2010-04-24 10:45:02 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\CCleaner.lnk
[2010-04-24 10:44:57 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\DVD Shrink 3.2.lnk
[2010-04-24 10:44:13 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\Look@LAN.lnk
[2010-04-24 10:44:00 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\Game Jackal.lnk
[2010-04-24 10:43:53 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2010-04-24 10:43:39 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\Shortcut to AboutTime.exe.lnk
[2010-04-24 10:43:34 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\XnView.lnk
[2010-04-24 10:43:27 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\Shortcut to audacity.exe.lnk
[2010-04-24 10:43:26 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\Shortcut to EasyClea.exe.lnk
[2010-04-24 08:25:34 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\Hard Disk Sentinel.lnk
[2010-04-24 08:25:21 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\DVD Decrypter.lnk
[2010-04-24 08:25:10 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\GT Legends.lnk
[2010-04-24 02:32:37 | 009,228,440 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\spf.exe
[2010-04-24 02:24:23 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010-04-24 02:19:21 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-24 01:31:48 | 000,064,752 | ---- | M] () -- C:\Documents and Settings\Per\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-04-24 01:08:02 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\Spotify.lnk
[2010-04-24 00:55:25 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\Age of Empires II.lnk
[2010-04-24 00:39:08 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IL-2 Sturmovik 1946.lnk
[2010-04-24 00:30:05 | 000,000,486 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010-04-24 00:29:39 | 000,000,642 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-23 22:43:33 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-04-23 21:41:43 | 000,000,139 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010-04-22 22:30:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\NTREGOPT.lnk
[2010-04-22 22:30:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\ERUNT.lnk
[2010-04-22 22:28:01 | 000,794,112 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\The_Comedian.exe
[2010-04-22 21:57:53 | 001,304,576 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Per\Desktop\Norman_Sinowal_Cleaner.exe
[2010-04-22 14:54:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\settings.dat
[2010-04-22 12:56:25 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Per\My Documents\SmitfraudFix.exe
[2010-04-22 07:32:04 | 000,001,414 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\shutdown.exe.lnk
[2010-04-21 23:51:09 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Per\Desktop\E-mail.lnk
[2010-04-17 11:42:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Per\My Documents\Webkamera Gång.doc
[2010-04-12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-04-12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-04-12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-04-12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-04-03 22:55:32 | 014,757,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010-04-03 22:55:32 | 011,647,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010-04-03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010-04-03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010-04-03 22:55:32 | 006,432,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010-04-03 22:55:32 | 004,075,520 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010-04-03 22:55:32 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010-04-03 22:55:32 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010-04-03 22:55:32 | 002,030,184 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010-04-03 22:55:32 | 001,097,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010-04-03 22:55:32 | 000,600,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010-04-03 22:55:32 | 000,600,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2010-04-03 22:55:32 | 000,227,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010-04-03 22:55:32 | 000,227,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010-04-03 22:55:32 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010-04-03 22:55:32 | 000,025,755 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010-04-03 22:55:32 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010-04-03 19:23:18 | 000,278,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010-04-03 19:23:16 | 013,670,504 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010-04-03 19:23:16 | 000,145,000 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010-04-03 19:23:16 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010-04-03 19:22:54 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010-04-03 19:22:32 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010-04-27 15:47:08 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\z10hn0xd.exe
[2010-04-26 20:21:53 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\MemberImport.xls
[2010-04-26 18:42:29 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010-04-26 18:42:05 | 000,011,502 | ---- | C] () -- C:\WINDOWS\Dr. Printer Icon.ico
[2010-04-26 18:42:01 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll
[2010-04-26 18:42:01 | 000,260,464 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe
[2010-04-26 18:42:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll
[2010-04-26 18:42:01 | 000,000,363 | ---- | C] () -- C:\WINDOWS\System32\spd__l.smt
[2010-04-26 17:48:53 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Bok1.xls
[2010-04-25 13:25:28 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010-04-24 17:58:18 | 000,002,406 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\cc_20100424_175817.reg
[2010-04-24 17:58:06 | 000,015,076 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\cc_20100424_175804.reg
[2010-04-24 17:55:34 | 000,029,894 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\cc_20100424_175533.reg
[2010-04-24 11:21:22 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010-04-24 11:08:59 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010-04-24 11:03:02 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\You.doc
[2010-04-24 11:03:02 | 000,001,321 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\yellow.png
[2010-04-24 11:02:54 | 002,208,984 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\WW2_108.EXE
[2010-04-24 11:02:54 | 000,032,800 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\WRT54GLV1_v4.30.7.cfg
[2010-04-24 11:02:49 | 004,770,227 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\verktygsstallet_med_priser.pdf
[2010-04-24 11:02:49 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Webkamera Gång.doc
[2010-04-24 11:02:34 | 003,079,715 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Tweaking Companion for Windows Vista (Tweakguides, 2007).pdf
[2010-04-24 11:02:30 | 103,937,719 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\The Art Of Woodworking Vol 18 - Outdoor Furniture.pdf
[2010-04-24 11:02:30 | 012,216,170 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\SysinternalsSuite.zip
[2010-04-24 11:02:30 | 003,279,751 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Swiftamatic_8_Serv_Man_0863.pdf
[2010-04-24 11:02:30 | 000,165,379 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Spotify_ripper.rar
[2010-04-24 11:02:30 | 000,050,677 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\TageN.png
[2010-04-24 11:02:30 | 000,014,532 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\tagenylander.pdf
[2010-04-24 11:02:26 | 002,888,232 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Spotify Installer.exe
[2010-04-24 11:02:25 | 002,292,413 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\smide.pdf
[2010-04-24 11:02:25 | 001,318,647 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\siv.zip
[2010-04-24 11:02:25 | 000,123,722 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Sjukersättning.pdf
[2010-04-24 11:02:25 | 000,096,084 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Sjukpenninggrundande inkomst - information till dig som studerar, är arbetslös, har sjukersättning,.pdf
[2010-04-24 11:02:24 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\rol-biWO 2008026930 20080306.doc
[2010-04-24 11:02:24 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Robban 850.doc
[2010-04-24 11:02:23 | 008,834,504 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\RMSetup.exe
[2010-04-24 11:02:23 | 004,211,811 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\PV_Design_45 HY30-3245-uk-02-2007.pdf
[2010-04-24 11:02:23 | 001,980,651 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\PV_Catalog.pdf
[2010-04-24 11:02:23 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\rik.xls
[2010-04-24 11:02:23 | 000,001,305 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\red.png
[2010-04-24 11:02:21 | 034,021,481 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Produktbok2007.pdf
[2010-04-24 11:02:21 | 001,309,584 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\ProcessMonitor.zip
[2010-04-24 11:02:21 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\persbios.bin
[2010-04-24 11:02:21 | 000,028,595 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\processkill.zip
[2010-04-24 11:02:09 | 000,676,135 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Om du är sjuk och inte kan arbeta.pdf
[2010-04-24 11:02:09 | 000,393,334 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\nussbaum2.jpg
[2010-04-24 11:02:09 | 000,354,630 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\nussbaum1.jpg
[2010-04-24 11:02:09 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\nod32ubcd.zip
[2010-04-24 11:01:56 | 002,991,563 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\MBD-I-D945GSEJT-manual.pdf
[2010-04-24 11:01:56 | 001,262,858 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\mobil_refill_priserSamtTjan081202.pdf
[2010-04-24 11:01:56 | 000,981,457 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\lcdmonitor_STXsorozat.pdf
[2010-04-24 11:01:56 | 000,195,383 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\mbookmark.xml
[2010-04-24 11:01:56 | 000,052,111 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\motorer.pdf
[2010-04-24 11:01:56 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Minska risk för fukt på vinden.doc
[2010-04-24 11:01:51 | 000,771,658 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\l225.pdf
[2010-04-24 11:01:51 | 000,743,728 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\l220.pdf
[2010-04-24 11:01:50 | 003,108,547 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\K800__UG_R1a_SV.pdf
[2010-04-24 11:01:50 | 002,518,490 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\katalog.pdf
[2010-04-24 11:01:50 | 001,788,208 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\kampanj.pdf
[2010-04-24 11:01:50 | 000,132,804 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\index.php
[2010-04-24 11:01:49 | 003,354,819 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\IBMThinkpadA31.pdf
[2010-04-24 11:01:49 | 000,417,792 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\HP Color LaserJet 2605 Series Printer.doc
[2010-04-24 11:01:49 | 000,127,091 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\HP Laserjet Guide TD 200812.pdf
[2010-04-24 11:01:49 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\I den här artikeln beskrivs återställning av en dator med Windows XP.doc
[2010-04-24 11:01:48 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Hans Bergströms artikel om.doc
[2010-04-24 11:01:48 | 000,006,957 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\hdsentinel.png
[2010-04-24 11:01:48 | 000,001,300 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\green.png
[2010-04-24 11:01:44 | 072,673,280 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\FreeNAS-i386-LiveCD-0.7RC1.4735.iso
[2010-04-24 11:01:44 | 000,933,717 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\FarmTractor#6PSMay50.pdf
[2010-04-24 11:01:44 | 000,169,746 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\FPFAI-UK-DSLROUTERG-AA.pdf
[2010-04-24 11:01:44 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Files named @.jpg.fnd
[2010-04-24 11:01:44 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Files named @.jpg (2).fnd
[2010-04-24 11:01:43 | 006,013,893 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\EeePC4G_web.pdf
[2010-04-24 11:01:43 | 003,054,046 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\FarmTractor#4.pdf
[2010-04-24 11:01:43 | 000,933,145 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\FarmTractor#2.pdf
[2010-04-24 11:01:43 | 000,728,297 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\FarmTractor#5PMFM47.pdf
[2010-04-24 11:01:43 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Elpriset smyghöjs för två miljoner svenskar.doc
[2010-04-24 11:01:43 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Eftersom du bygga en brant trappa.doc
[2010-04-24 11:01:43 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\EseTLicense.reg
[2010-04-24 11:01:42 | 002,894,611 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Convertible_76_Serv_Man_1174.pdf
[2010-04-24 11:01:42 | 001,338,145 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Convertible_76_IPL_1972.pdf
[2010-04-24 11:01:42 | 000,370,473 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Customize_Joomla's_Default_Template[1].pdf
[2010-04-24 11:01:42 | 000,049,753 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Disk report 2010 03 10.html
[2010-04-24 11:01:42 | 000,013,886 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\config-freenas.local-20100306122725.xml
[2010-04-24 11:01:40 | 000,756,177 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Cement-Mixer.pdf
[2010-04-24 11:01:40 | 000,294,087 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Building a Standard Image of Windows 7 Step-by-Step Guide.doc.docx
[2010-04-24 11:01:40 | 000,083,155 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\bios.ini
[2010-04-24 11:01:40 | 000,024,093 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\Bransle_Maflex_2009.pdf
[2010-04-24 11:01:40 | 000,009,187 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\bin2iso.zip
[2010-04-24 11:01:37 | 007,198,798 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\4725.pdf
[2010-04-24 11:01:37 | 002,616,830 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\5000_Series_Op_Man_0881.pdf
[2010-04-24 11:01:37 | 000,588,661 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\37-120.pdf
[2010-04-24 11:01:37 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\6a61ng02.0
[2010-04-24 11:01:37 | 000,023,055 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\advis.mht
[2010-04-24 11:01:37 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Per\My Documents\~$You.doc
[2010-04-24 11:00:24 | 004,032,807 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\The Psychedelic Furs - Pretty In Pink.mp3
[2010-04-24 11:00:24 | 003,306,393 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\Thorleifs - Aldrig nånsin glömmer jag dig.mp3
[2010-04-24 11:00:23 | 003,668,766 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\Erik Grönwall - Run To The Hills.mp3
[2010-04-24 02:32:31 | 009,228,440 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\spf.exe
[2010-04-24 01:29:30 | 000,082,944 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-04-24 01:29:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010-04-24 01:10:21 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\Sandboxed Web Browser.lnk
[2010-04-24 01:10:21 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\Shortcut to AboutTime.exe.lnk
[2010-04-24 01:10:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\settings.dat
[2010-04-24 01:10:20 | 023,834,246 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\publication.pdf
[2010-04-24 01:10:20 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\NTREGOPT.lnk
[2010-04-24 01:10:18 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\LaunchEAW.exe
[2010-04-24 01:10:17 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\HTTrack Website Copier.lnk
[2010-04-24 01:10:15 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\esetsmartinstaller_enu.exe
[2010-04-24 01:10:15 | 002,162,688 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\fixntldr.iso
[2010-04-24 01:10:15 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\ERUNT.lnk
[2010-04-24 01:10:15 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\E-mail.lnk
[2010-04-24 01:10:14 | 003,704,042 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\D_Z3_SW.pdf
[2010-04-24 01:10:14 | 000,819,347 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\BoPC_KotOR_Troubleshooting.rtf
[2010-04-24 01:10:14 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\DVD Shrink 3.2.lnk
[2010-04-24 01:05:30 | 009,324,333 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\Windows6.1-KB947821-x86-RC.msu
[2010-04-24 01:05:30 | 005,497,090 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\The Key To Metal Bumping.pdf
[2010-04-24 01:05:30 | 000,794,112 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\The_Comedian.exe
[2010-04-24 01:05:30 | 000,766,337 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\Tröja.pdf
[2010-04-24 01:05:30 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\trappa.xls
[2010-04-24 01:05:30 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\Winbuilder lx76hfcxaf.lnk
[2010-04-24 01:05:30 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\Spotify.lnk
[2010-04-24 01:05:30 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\start.bat
[2010-04-24 01:05:26 | 022,191,482 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\snoslunga.wmv
[2010-04-24 01:05:26 | 000,001,414 | ---- | C] () -- C:\Documents and Settings\Per\Desktop\shutdown.exe.lnk
[2010-04-24 01:00:59 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\SmitfraudFix.exe
[2010-04-24 01:00:52 | 001,728,150 | ---- | C] () -- C:\Documents and Settings\Per\My Documents\McafeeRootkitDetective.zip
[2010-04-24 00:35:54 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-04-03 22:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010-04-03 22:55:32 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010-04-03 19:22:32 | 000,276,202 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010-04-03 19:22:32 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009-04-24 12:48:52 | 000,000,139 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009-04-12 16:23:21 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\7-ZIP32.DLL
[2009-04-09 22:19:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009-04-04 22:53:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009-04-04 16:43:25 | 000,002,163 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009-03-14 19:44:48 | 000,000,486 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-02-04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007-10-04 10:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007-07-27 14:00:00 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2006-08-16 16:13:34 | 001,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2004-10-15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004-05-27 16:52:52 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\mslffv1.dll
[2003-04-08 12:35:24 | 000,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997-06-14 04:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94EAB850
< End of report >
Extras log
OTL Extras logfile created on: 2010-04-27 15:56:01 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Per\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 27,48 Gb Free Space | 56,29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 48,83 Gb Total Space | 28,46 Gb Free Space | 58,29% Space Free | Partition Type: NTFS
Drive G: | 97,65 Gb Total Space | 23,75 Gb Free Space | 24,32% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 102,78 Gb Total Space | 7,93 Gb Free Space | 7,71% Space Free | Partition Type: NTFS
Computer Name: DUO
Current User Name: Per
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1454471165-1844237615-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Look@LAN\LookAtLan.exe" = F:\Program Files\Look@LAN\LookAtLan.exe:*:Enabled:Look@LAN -- File not found
"G:\Program Files\Spotify\spotify.exe" = G:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\WINDOWS\system32\SUPDSvc.exe" = C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{29384623-4136-4C13-B112-B647464783CA}" = ESET NOD32 Antivirus
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}" = Duplicate Email Remover
"{9111041D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BurnInTest_is1" = BurnInTest v5.3 Standard
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImDisk" = ImDisk Virtual Disk Driver
"ImgBurn" = ImgBurn
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"Interactive Repair Manuals" = Interactive Repair Manuals
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Look@LAN_1.0" = Look@LAN 2.50 Build 35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Personal" = BankID Security Application 4.10.2
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SEF2000DeinstKey" = SuperEF2000
"Shockwave" = Shockwave
"SpeedFan" = SpeedFan (remove only)
"ToolBook II 6.1 Runtime Files" = ToolBook II 6.1 Runtime Files
"Totalcmd" = Total Commander (Remove or Repair)
"TreeSize Free_is1" = TreeSize Free V2.3.1
"UBCD4Win_is1" = UBCD4Win 3.22
"Update Service" = Update Service
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WWII Fighters" = Jane's Combat Simulations WWII Fighters
"xampp" = XAMPP 1.7.1
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2010-04-23 19:18:04 | Computer Name = DUO | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.
Error - 2010-04-23 19:21:16 | Computer Name = DUO | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.
Error - 2010-04-23 19:21:25 | Computer Name = DUO | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.
Error - 2010-04-23 19:21:30 | Computer Name = DUO | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.
Error - 2010-04-23 19:21:45 | Computer Name = DUO | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.
Error - 2010-04-23 19:25:21 | Computer Name = DUO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 2010-04-23 19:25:21 | Computer Name = DUO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 2010-04-23 19:25:21 | Computer Name = DUO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 2010-04-23 19:25:21 | Computer Name = DUO | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 2010-04-23 20:23:54 | Computer Name = DUO | Source = SmcService | ID = 0
Description =
[ System Events ]
Error - 2009-04-19 13:51:08 | Computer Name = DUO | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 2009-04-19 13:51:08 | Computer Name = DUO | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 2009-04-19 13:51:08 | Computer Name = DUO | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 2009-04-19 13:51:08 | Computer Name = DUO | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 2009-04-19 13:51:08 | Computer Name = DUO | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 2009-04-29 15:57:30 | Computer Name = DUO | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.205 for the Network Card with network
address 001FD0D59FD4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 2009-04-30 09:42:57 | Computer Name = DUO | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.201 for the Network Card with network
address 001FD0D59FD4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 2009-05-01 04:05:18 | Computer Name = DUO | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.200 for the Network Card with network
address 001FD0D59FD4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 2009-05-01 09:35:43 | Computer Name = DUO | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 2009-05-01 09:35:43 | Computer Name = DUO | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
< End of report >
Combofix log
ComboFix 10-04-15.05 - Per 2010-04-17 8:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3197.2759 [GMT 2:00]
Running from: c:\documents and settings\Per\My Documents\Hämtade filer\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\~57EB.tmp
C:\~AB41.tmp
c:\documents and settings\Per\Application Data\EurekaLog
c:\documents and settings\Per\Application Data\inst.exe
c:\windows\eSellerateEngine.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.
2010-04-16 10:46 . 2010-04-16 10:46 -------- d-----w- c:\program files\AskBarDis
2010-04-16 10:43 . 2010-04-16 10:43 -------- d-----w- c:\documents and settings\Per\Application Data\Foxit Software
2010-04-14 12:52 . 2010-04-14 12:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-14 12:52 . 2010-04-14 12:52 -------- d-----w- c:\program files\Microsoft
2010-04-03 13:49 . 2010-04-03 13:49 -------- d-----w- c:\program files\Defraggler
2010-03-31 17:16 . 2010-03-31 17:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 17:16 . 2010-03-31 17:16 503808 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-35683776-n\msvcp71.dll
2010-03-31 17:16 . 2010-03-31 17:16 499712 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-35683776-n\jmc.dll
2010-03-31 17:16 . 2010-03-31 17:16 348160 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-35683776-n\msvcr71.dll
2010-03-31 17:16 . 2010-03-31 17:16 61440 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21e63a1f-n\decora-sse.dll
2010-03-31 17:16 . 2010-03-31 17:16 12800 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21e63a1f-n\decora-d3d.dll
2010-03-31 15:08 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-31 15:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-29 14:48 . 2010-02-03 12:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-29 14:47 . 2010-03-29 14:47 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-21 09:14 . 2010-03-21 08:29 38784 ----a-w- c:\documents and settings\Per\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-21 08:29 . 2010-03-21 08:29 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-21 08:29 . 2010-03-21 08:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-21 08:29 . 2010-04-17 06:44 -------- d-----w- C:\Voddler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 06:29 . 2009-04-04 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 06:28 . 2009-05-23 12:59 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-16 19:49 . 2009-06-04 18:29 -------- d-----w- c:\documents and settings\Per\Application Data\Spotify
2010-04-16 09:50 . 2009-04-19 08:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-14 12:55 . 2009-11-12 14:58 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-05 17:17 . 2009-04-04 20:51 -------- d-----w- c:\documents and settings\Per\Application Data\XnView
2010-04-03 07:50 . 2009-11-10 22:59 -------- d-----w- c:\documents and settings\Per\Application Data\Petroglyph
2010-04-03 07:49 . 2009-11-10 21:42 -------- d-----w- c:\program files\LucasArts
2010-04-01 16:14 . 2009-04-04 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-31 17:15 . 2009-04-08 16:54 -------- d-----w- c:\program files\Java
2010-03-29 22:46 . 2009-04-04 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-04-04 06:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 08:29 . 2010-01-31 17:48 -------- d-----w- c:\program files\Voddler
2010-03-17 15:39 . 2009-04-04 20:49 -------- d-----w- c:\documents and settings\Per\Application Data\Audacity
2010-03-10 06:15 . 2007-07-27 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 17:55 . 2009-06-05 12:05 -------- d-----w- c:\program files\Samsung
2010-03-09 17:01 . 2009-10-27 19:45 -------- d-----w- c:\documents and settings\Per\Application Data\DVD Flick
2010-03-09 02:28 . 2009-04-08 16:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 11:56 . 2009-08-31 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-06 10:15 . 2009-04-04 18:01 -------- d-----w- c:\documents and settings\Per\Application Data\RipIt4Me
2010-02-25 06:24 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2007-07-27 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 11:39 . 2010-02-19 11:39 7668 ----a-w- c:\windows\system32\drivers\RKREVEAL150.SYS
2010-02-16 14:08 . 2007-07-27 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2007-07-27 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2007-07-27 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 22:14 . 2010-02-08 22:14 25214 ----a-r- c:\documents and settings\Per\Application Data\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
2010-02-08 22:14 . 2010-02-08 22:14 25214 ----a-r- c:\documents and settings\Per\Application Data\Microsoft\Installer\{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}\ARPPRODUCTICON.exe
2006-05-03 09:06 . 2009-10-27 19:33 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-10-27 19:33 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-10-27 19:33 216064 --sh--r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 16:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2007-07-27 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="f:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"Hard Disk Sentinel"="f:\program files\Hard Disk Sentinel\HDSentinel.exe" [2009-02-24 3198464]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"VoddlerNet Manager"="c:\program files\Voddler\service\VNetManager.exe" [2010-03-18 580296]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-25 1820040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2010-1-1 939920]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 00:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Look@LAN\\LookAtLan.exe"=
"f:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Program Files\\Voddler\\service\\voddler.exe"=
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-04-04 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-04-04 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-09-11 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-09-11 96408]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-10-06 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-10-06 41424]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-10-30 90112]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2007-11-10 29728]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-10-30 27632]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-10-02 103568]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 VoddlerNet;VoddlerNet;c:\program files\Voddler\service\voddler.exe [2010-03-18 1160912]
S3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2009-03-14 200320]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-04-19 13224]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\drivers\imdisk.sys [2009-06-12 19968]
S3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2009-06-12 10240]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-04-18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-04-18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-04-18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-04-18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-04-18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-04-18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-04-18 115752]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2009-06-05 127656]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2009-05-31 49656]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-10-06 94992]
S3 VirtualDK;VirtualDK;c:\ubcd4win350\UBCD4Win\vdk.sys [2009-10-10 16283]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-25 1107336]
.
Contents of the 'Scheduled Tasks' folder
2010-04-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{E51E9111-755F-4990-99AB-39BEABF9B266}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -
hxxp://81.232.99.43:60108/activex/AMC.cabFF - ProfilePath - c:\documents and settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.leta.se/FF - component: c:\documents and settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll
FF - plugin: c:\program files\Voddler\plugin\npvoddler.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} - c:\program files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-17 08:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7B2528]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb811cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f57cb8
\Driver\atapi -> 0x8a7b2528
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"D140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
f:\program files\Sygate\SPF\smc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-17 08:58:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-17 06:58
Pre-Run: 9 085 779 968 bytes free
Post-Run: 9 344 004 096 bytes free
- - End Of File - - C11A71882F37265315A2405CB7E84160