OTL logfile created on: 2012-03-18 20:54:54 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\suntzu\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
4,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,26% Memory free
8,00 Gb Paging File | 5,29 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 35,65 Gb Free Space | 36,51% Space Free | Partition Type: NTFS
Drive K: | 97,66 Gb Total Space | 14,21 Gb Free Space | 14,55% Space Free | Partition Type: NTFS
Drive L: | 270,44 Gb Total Space | 231,95 Gb Free Space | 85,77% Space Free | Partition Type: NTFS
Drive R: | 1006,64 Gb Total Space | 727,41 Gb Free Space | 72,26% Space Free | Partition Type: NTFS
Drive S: | 390,62 Gb Total Space | 208,87 Gb Free Space | 53,47% Space Free | Partition Type: NTFS
Drive Z: | 232,88 Gb Total Space | 187,23 Gb Free Space | 80,40% Space Free | Partition Type: NTFS
 
Computer Name: NOSTROMO | User Name: suntzu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-03-18 15:23:09 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\suntzu\Desktop\OTL.exe
PRC - [2012-01-17 07:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
PRC - [2012-01-15 02:24:22 | 002,127,296 | -H-- | M] (Gadu-Gadu S.A.) -- C:\Program Files (x86)\Gadu-Gadu\gg.exe
PRC - [2012-01-13 20:49:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-01-03 14:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011-12-06 20:46:14 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Update\realsched.exe
PRC - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-10-14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-09-07 20:03:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-08-26 07:00:22 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011-08-26 07:00:19 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011-08-24 02:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011-08-24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011-08-02 07:17:38 | 001,242,448 | ---- | M] (Valve Corporation) -- K:\Games\Steam\steam.exe
PRC - [2011-04-15 00:59:24 | 000,135,170 | ---- | M] () -- C:\Program Files (x86)\AFLICS\AfterFLICS.exe
PRC - [2011-02-22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010-03-25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009-11-25 14:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2008-05-02 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012-03-18 18:49:05 | 000,192,512 | ---- | M] () -- C:\Users\suntzu\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012-03-18 18:49:05 | 000,172,032 | ---- | M] () -- C:\Users\suntzu\AppData\Local\Temp\sfareca00001.dll
MOD - [2012-03-15 21:33:50 | 020,297,512 | ---- | M] () -- K:\Games\Steam\bin\libcef.dll
MOD - [2012-03-15 21:33:48 | 001,099,576 | ---- | M] () -- K:\Games\Steam\bin\avcodec-53.dll
MOD - [2012-03-15 21:33:48 | 000,907,048 | ---- | M] () -- K:\Games\Steam\bin\chromehtml.dll
MOD - [2012-03-15 21:33:48 | 000,190,776 | ---- | M] () -- K:\Games\Steam\bin\avformat-53.dll
MOD - [2012-03-15 21:33:48 | 000,123,192 | ---- | M] () -- K:\Games\Steam\bin\avutil-51.dll
MOD - [2012-02-26 19:44:08 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011-10-14 23:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011-09-07 20:02:59 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2008-05-02 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2008-03-20 10:17:48 | 000,106,496 | -H-- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libiax2.dll
MOD - [2008-03-20 10:17:44 | 000,061,440 | -H-- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libjb.dll
MOD - [2007-10-25 12:51:16 | 000,198,656 | -H-- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libcurl.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011-12-19 19:58:59 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:[b]64bit:[/b] - [2011-05-03 02:16:48 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2011-02-22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:[b]64bit:[/b] - [2010-10-21 08:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:[b]64bit:[/b] - [2010-10-21 08:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008-05-02 01:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012-01-17 07:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe -- (NIS)
SRV - [2012-01-13 20:49:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-08-26 07:00:22 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011-08-26 07:00:19 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011-08-24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011-04-15 00:59:24 | 000,135,170 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AFLICS\AfterFLICS.exe -- (AfterFLICS v3)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-12-22 10:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007-05-31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012-03-17 03:43:25 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2012-01-18 00:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2012-01-18 00:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symefa64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2012-01-18 00:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306010.008\ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2012-01-18 00:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306010.008\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2012-01-18 00:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306010.008\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:[b]64bit:[/b] - [2011-12-19 19:59:15 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:[b]64bit:[/b] - [2011-11-30 00:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306010.008\ccsetx64.sys -- (ccSet_NIS)
DRV:[b]64bit:[/b] - [2011-07-25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2011-07-08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011-06-10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-10-05 12:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:[b]64bit:[/b] - [2010-10-05 12:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:[b]64bit:[/b] - [2010-10-05 12:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:[b]64bit:[/b] - [2010-04-07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009-07-09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-09-12 09:31:29 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:[b]64bit:[/b] - [2008-09-12 09:31:29 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:[b]64bit:[/b] - [2008-09-12 09:31:16 | 000,131,584 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0836.sys -- (SaiK0836)
DRV:[b]64bit:[/b] - [2008-02-29 02:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2008-02-29 02:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - [2008-02-29 02:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:[b]64bit:[/b] - [2007-01-17 13:32:00 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder2.sys -- (Spyder2)
DRV - [2012-03-18 04:20:25 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120317.009\ex64.sys -- (NAVEX15)
DRV - [2012-03-18 04:20:25 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120317.009\eng64.sys -- (NAVENG)
DRV - [2012-03-17 09:34:19 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012-03-17 01:03:34 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012-03-16 16:03:06 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120316.005\IDSviA64.sys -- (IDSVia64)
DRV - [2012-03-02 18:59:42 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120302.001_514\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011-08-25 13:06:52 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/12/21 21:23:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011-08-24 02:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html"
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\suntzu\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\suntzu\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\suntzu\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-04-25 16:21:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-01-13 20:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012-03-17 01:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012-03-18 18:50:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-12-06 20:46:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011-04-25 11:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\suntzu\AppData\Roaming\mozilla\Extensions
[2012-03-17 01:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\suntzu\AppData\Roaming\mozilla\Firefox\Profiles\chv72pug.default\extensions
[2012-03-17 00:28:00 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\suntzu\AppData\Roaming\mozilla\Firefox\Profiles\chv72pug.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66}
[2012-03-13 22:18:09 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\suntzu\AppData\Roaming\mozilla\Firefox\Profiles\chv72pug.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012-02-18 02:57:41 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Users\suntzu\AppData\Roaming\mozilla\Firefox\Profiles\chv72pug.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}
[2011-12-24 12:40:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\suntzu\AppData\Roaming\mozilla\Firefox\Profiles\chv72pug.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-03-17 01:14:17 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\suntzu\AppData\Roaming\mozilla\Firefox\Profiles\chv72pug.default\extensions\fastdial@telega.phpnet.us
[2011-11-09 19:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-04-27 20:03:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-04-29 18:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-23 12:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-11-09 19:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012-01-13 20:19:11 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012-03-17 01:07:56 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
() (No name found) -- C:\USERS\SUNTZU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CHV72PUG.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SUNTZU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CHV72PUG.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SUNTZU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CHV72PUG.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
[2011-09-07 20:03:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-01-01 09:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2010-01-01 09:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 09:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 09:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 09:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 09:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2011-05-29 15:56:12 | 000,001,189 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    activate.adobe.com
O1 - Hosts: 127.0.0.1    practivate.adobe.com
O1 - Hosts: 127.0.0.1    ereg.adobe.com
O1 - Hosts: 127.0.0.1    activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1    wip3.adobe.com
O1 - Hosts: 127.0.0.1    3dns-3.adobe.com
O1 - Hosts: 127.0.0.1    3dns-2.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1    ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1    activate-sea.adobe.com
O1 - Hosts: 127.0.0.1    wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1    activate-sjc0.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:[b]64bit:[/b] - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Steam] K:\Games\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\suntzu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B7C351D-B627-4D6E-AC15-C88D05C34401}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-05-03 02:00:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{846713b6-6ecf-11e0-89f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{846713b6-6ecf-11e0-89f1-806e6f6e6963}\Shell\AutoRun\command - "" = M:\install.EXE id= ver=1.0.0.0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-03-18 20:48:44 | 000,000,000 | ---D | C] -- C:\Users\suntzu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-03-18 20:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
[2012-03-18 20:46:33 | 004,438,697 | ---- | C] (Swearware) -- C:\Users\suntzu\Desktop\ComboFix.exe
[2012-03-18 19:16:26 | 000,000,000 | ---D | C] -- C:\Users\suntzu\Desktop\gmer
[2012-03-18 15:23:09 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\suntzu\Desktop\OTL.exe
[2012-03-18 12:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2012-03-17 03:43:14 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symnets.sys
[2012-03-17 03:43:13 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symefa64.sys
[2012-03-17 03:43:13 | 000,738,936 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1306010.008\srtsp64.sys
[2012-03-17 03:43:13 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symds64.sys
[2012-03-17 03:43:13 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1306010.008\ironx64.sys
[2012-03-17 03:43:13 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1306010.008\srtspx64.sys
[2012-03-17 03:43:12 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1306010.008\ccsetx64.sys
[2012-03-17 03:43:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1306010.008
[2012-03-17 01:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012-03-17 00:36:55 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012-03-17 00:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012-03-17 00:36:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012-03-16 23:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012-03-16 23:45:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012-03-16 23:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012-03-16 23:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012-03-16 23:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012-03-16 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012-03-14 20:37:53 | 000,000,000 | -HSD | C] -- C:\Users\suntzu\AppData\Local\cc26d584
[2012-02-29 22:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Logitech
[2011-12-06 20:46:55 | 000,016,896 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\wmdmhelper.dll
[2011-12-06 20:46:53 | 000,641,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rjbres.dll
[2011-12-06 20:46:53 | 000,361,984 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rjdlg.dll
[2011-12-06 20:46:53 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files (x86)\dunzip32.dll
[2011-12-06 20:46:53 | 000,034,304 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rjprog.dll
[2011-12-06 20:46:52 | 000,045,056 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\ierjplug.dll
[2011-12-06 20:46:52 | 000,009,728 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\fixrjb.exe
[2011-12-06 20:46:51 | 001,115,376 | ---- | C] (Gracenote) -- C:\Program Files (x86)\cddbmusicid.dll
[2011-12-06 20:46:51 | 000,943,344 | ---- | C] (Gracenote) -- C:\Program Files (x86)\cddblink.dll
[2011-12-06 20:46:49 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\cddbcontrol.dll
[2011-12-06 20:46:49 | 000,045,056 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\mmcdda32.dll
[2011-12-06 20:46:49 | 000,023,552 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\tnetdtct.dll
[2011-12-06 20:46:48 | 000,074,240 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\tsasdk.dll
[2011-12-06 20:46:48 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\tpasdk.dll
[2011-12-06 20:46:47 | 000,067,584 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpwa3260.dll
[2011-12-06 20:46:47 | 000,045,728 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpshellsearch.dll
[2011-12-06 20:46:43 | 000,375,416 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\realconverter.exe
[2011-12-06 20:46:43 | 000,349,304 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\convert.exe
[2011-12-06 20:46:41 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Program Files (x86)\mc_enc_mp4v.dll
[2011-12-06 20:46:38 | 000,381,040 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\realtrimmer.exe
[2011-12-06 20:46:38 | 000,129,648 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\realshare.exe
[2011-12-06 20:46:36 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dbghelp.dll
[2011-12-06 20:46:35 | 000,072,192 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rjwmapln.dll
[2011-12-06 20:46:31 | 000,046,592 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpau3260.dll
[2011-12-06 20:46:22 | 000,088,064 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\hxaudiodevicehook.dll
[2011-12-06 20:46:22 | 000,029,824 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rndevicedbbuilder.exe
[2011-12-06 20:46:21 | 000,116,888 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rdsf3260.dll
[2011-12-06 20:46:21 | 000,086,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpplugprot.dll
[2011-12-06 20:46:21 | 000,064,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpshell.dll
[2011-12-06 20:46:18 | 000,499,312 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\realplay.exe
[2011-12-06 20:46:18 | 000,018,072 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rphelperapp.exe
[2011-12-06 20:46:18 | 000,010,240 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\realjbox.exe
[2011-12-06 20:46:15 | 000,439,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\recordingmanager.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-03-18 20:58:25 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012-03-18 20:48:44 | 000,003,003 | ---- | M] () -- C:\Users\suntzu\Desktop\HiJackThis.lnk
[2012-03-18 20:46:51 | 004,438,697 | ---- | M] (Swearware) -- C:\Users\suntzu\Desktop\ComboFix.exe
[2012-03-18 20:42:43 | 001,402,880 | ---- | M] () -- C:\Users\suntzu\Desktop\HiJackThis.msi
[2012-03-18 20:29:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1256575789-3278778996-1398490880-1000UA.job
[2012-03-18 18:56:34 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-18 18:56:34 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-18 18:48:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-18 18:48:31 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-18 15:23:09 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\suntzu\Desktop\OTL.exe
[2012-03-18 01:29:01 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1256575789-3278778996-1398490880-1000Core.job
[2012-03-17 14:31:14 | 001,911,318 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\Cat.DB
[2012-03-17 03:43:25 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012-03-17 03:43:25 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012-03-17 03:43:25 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012-03-09 21:49:09 | 000,000,600 | ---- | M] () -- C:\Users\suntzu\AppData\Roaming\winscp.rnd
[2012-03-01 22:36:46 | 001,672,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-03-01 22:36:46 | 000,741,328 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-03-01 22:36:46 | 000,655,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-03-01 22:36:46 | 000,155,924 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-03-01 22:36:46 | 000,121,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-02-27 08:11:21 | 005,090,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-02-26 19:44:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-02-25 07:08:39 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\isolate.ini
[2012-02-22 21:20:29 | 000,000,132 | ---- | M] () -- C:\Users\suntzu\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-03-18 20:48:44 | 000,003,003 | ---- | C] () -- C:\Users\suntzu\Desktop\HiJackThis.lnk
[2012-03-18 20:42:42 | 001,402,880 | ---- | C] () -- C:\Users\suntzu\Desktop\HiJackThis.msi
[2012-03-17 14:30:49 | 001,911,318 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\Cat.DB
[2012-03-17 03:43:14 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symnet64.cat
[2012-03-17 03:43:14 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symnet.inf
[2012-03-17 03:43:13 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symds64.cat
[2012-03-17 03:43:13 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\srtspx64.cat
[2012-03-17 03:43:13 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symefa64.cat
[2012-03-17 03:43:13 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\srtsp64.cat
[2012-03-17 03:43:13 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\iron.cat
[2012-03-17 03:43:13 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symefa.inf
[2012-03-17 03:43:13 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symds.inf
[2012-03-17 03:43:13 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\srtsp64.inf
[2012-03-17 03:43:13 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\srtspx64.inf
[2012-03-17 03:43:13 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\iron.inf
[2012-03-17 03:43:12 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\ccsetx64.cat
[2012-03-17 03:43:12 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\ccsetx64.inf
[2012-03-17 03:43:00 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\symvtcer.dat
[2012-03-17 03:43:00 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1306010.008\isolate.ini
[2012-03-17 00:36:55 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012-03-17 00:36:55 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012-03-14 21:31:50 | 367,306,752 | ---- | C] () -- C:\Users\suntzu\Desktop\Stargate Sg1.6x01 Redemption (Part 1) Fov Www!Osiolek!Com.avi
[2012-01-07 02:35:39 | 000,000,600 | ---- | C] () -- C:\Users\suntzu\AppData\Roaming\winscp.rnd
[2011-12-06 20:46:52 | 000,002,851 | ---- | C] () -- C:\Program Files (x86)\cdroms.cfg
[2011-12-06 20:46:48 | 000,027,278 | ---- | C] () -- C:\Program Files (x86)\frw.bmp
[2011-12-06 20:46:47 | 000,119,808 | ---- | C] () -- C:\Program Files (x86)\waiting.avi
[2011-12-06 20:46:47 | 000,057,762 | ---- | C] () -- C:\Program Files (x86)\howto.chm
[2011-12-06 20:46:47 | 000,040,154 | ---- | C] () -- C:\Program Files (x86)\realplay.chm
[2011-12-06 20:46:47 | 000,016,296 | ---- | C] () -- C:\Program Files (x86)\realtfon.fon
[2011-12-06 20:46:43 | 000,800,292 | ---- | C] () -- C:\Program Files (x86)\converter.vs
[2011-12-06 20:46:38 | 000,045,405 | ---- | C] () -- C:\Program Files (x86)\sharemedia.vs
[2011-12-06 20:46:38 | 000,001,209 | ---- | C] () -- C:\Program Files (x86)\flvplay.swf
[2011-12-06 20:46:31 | 000,055,043 | ---- | C] () -- C:\Program Files (x86)\presets.rnx
[2011-12-06 20:46:31 | 000,028,013 | ---- | C] () -- C:\Program Files (x86)\RealNetworks License.html
[2011-12-06 20:46:31 | 000,028,013 | ---- | C] () -- C:\Program Files (x86)\playrlic.html
[2011-12-06 20:46:31 | 000,000,480 | ---- | C] () -- C:\Program Files (x86)\keys.dat
[2011-12-06 20:46:28 | 000,943,150 | ---- | C] () -- C:\Program Files (x86)\normal.vs
[2011-12-06 20:46:28 | 000,061,495 | ---- | C] () -- C:\Program Files (x86)\ssimages.vs
[2011-12-06 20:46:21 | 000,001,030 | ---- | C] () -- C:\Program Files (x86)\autoplaylist.dat
[2011-12-06 20:46:21 | 000,000,050 | ---- | C] () -- C:\Program Files (x86)\strs23.dat
[2011-12-06 20:46:21 | 000,000,013 | ---- | C] () -- C:\Program Files (x86)\strs26.dat
[2011-12-06 20:46:18 | 000,017,846 | ---- | C] () -- C:\Program Files (x86)\videotest.rm
[2011-12-06 20:46:18 | 000,000,221 | ---- | C] () -- C:\Program Files (x86)\subscription.rnx
[2011-12-06 20:46:18 | 000,000,177 | ---- | C] () -- C:\Program Files (x86)\freeoffers.rnx
[2011-11-29 15:43:58 | 000,007,605 | ---- | C] () -- C:\Users\suntzu\AppData\Local\Resmon.ResmonCfg
[2011-10-14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-07-17 20:09:16 | 000,000,032 | ---- | C] () -- C:\Windows\WINCMD.INI
[2011-06-29 19:09:25 | 000,000,760 | ---- | C] () -- C:\Users\suntzu\AppData\Roaming\setup_ldm.iss
[2011-06-29 17:43:40 | 000,281,880 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-06-29 17:43:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-06-29 17:43:38 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011-06-21 00:37:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011-06-09 21:41:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-05-26 21:36:10 | 000,014,336 | ---- | C] () -- C:\Users\suntzu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-08 22:44:23 | 000,000,132 | ---- | C] () -- C:\Users\suntzu\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011-05-03 02:11:00 | 001,647,458 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-04-25 17:04:21 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-04-25 17:04:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-04-25 17:04:20 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-04-25 17:04:20 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-04-25 17:04:20 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-04-25 16:49:00 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 1419 bytes -> C:\Users\suntzu\AppData\Local\W0SSC3xAIN:qSMnGQ1BssGaWe6ddTtrh32JbYvV
@Alternate Data Stream - 1373 bytes -> C:\ProgramData\Microsoft:AuFfMzDrnhevQlrjYjHg1yv
@Alternate Data Stream - 1296 bytes -> C:\Users\suntzu\AppData\Local\Temp:Zng48W907CMOocuUud1M51GEse
@Alternate Data Stream - 1293 bytes -> C:\ProgramData\Microsoft:VAOEhAbu9NpOpd4fizfR4DKkTA2iN
@Alternate Data Stream - 1262 bytes -> C:\ProgramData\Microsoft:YvL64vu6AA5Z6gwvUcRMW

< End of report >