GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-07 14:10:11 Windows 5.1.2600 Service Pack 3 Running: tf9g4c5y.exe ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\DRIVERS\nvmini.sys (*** hidden *** ) [AUTO] nvmini <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@ImagePath system32\DRIVERS\nvmini.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@DisplayName NVIDIA Compatible Windows Miniport Driver Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@Tag 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@Group Pointer Port Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet003\Services\nvmini (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\nvmini@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\nvmini@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\nvmini@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\nvmini@ImagePath system32\DRIVERS\nvmini.sys Reg HKLM\SYSTEM\ControlSet003\Services\nvmini@DisplayName NVIDIA Compatible Windows Miniport Driver Reg HKLM\SYSTEM\ControlSet003\Services\nvmini@Tag 7 Reg HKLM\SYSTEM\ControlSet003\Services\nvmini@Group Pointer Port Reg HKLM\SYSTEM\ControlSet003\Services\nvmini\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\nvmini\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Gliwice\Application Data\Wpnanw.exe Wpnanw Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@xpsp1res.dll,-10078 Chooses default programs for certain activities, such as Web browsing or sending e-mail, and specifies which programs are accessible from the Start menu, desktop, and other locations. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Application\updates\0\updater.exe GG application Software Updater ---- Files - GMER 1.0.15 ---- File C:\DELL\drivers\R96000\autorun.inf 25 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash24464\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash24464\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash24464\B\11 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash24464\B\11\06824d01 20873 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache\A\EB 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache\A\EB\80522d01 29344 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash11478\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash11478\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash15724\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash15724\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash15724\B\FD 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash15724\B\FD\E1277d01 5416830 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash18467\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash18467\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash19169\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash19169\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash26500\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash26500\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash26962\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash26962\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash29358\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash29358\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash41\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash41\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash6334\A 0 bytes File C:\Documents and Settings\Gliwice\Application Data\GG\Profiles\mj0wgugw.22199628\Cache.Trash6334\B 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i\stg 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i\stg\player 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i\stg\player\10219-660,wpplayer.swf 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i\stg\player\10220-892,wpplayer.swf 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i\stg\player\10227-246,wpplayer.swf 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i\tsw 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i\tsw\tswApp2.swf 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\a.wpimg.pl\a\i\tsw\tswApp2.swf\tsw.sol 35 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\i.wp.pl\a 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\i.wp.pl\a\i 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\i.wp.pl\a\i\wptv2 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\i.wp.pl\a\i\wptv2\2010 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\i.wp.pl\a\i\wptv2\2010\wptvApp.swf 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Macromedia\Flash Player\#SharedObjects\9XVTDED7\i.wp.pl\a\i\wptv2\2010\wptvApp.swf\wptv.sol 86 bytes File C:\Documents and Settings\Gliwice\Application Data\Sun\Java\AU 0 bytes File C:\Documents and Settings\Gliwice\Application Data\Sun\Java\AU\au.cab 570413 bytes File C:\Documents and Settings\Gliwice\Application Data\Sun\Java\AU\au.msi 183808 bytes File C:\Documents and Settings\Gliwice\Application Data\Wpnanw.exe 236458 bytes executable File C:\Documents and Settings\Gliwice\Desktop\autorun.inf 45 bytes File C:\Documents and Settings\Gliwice\GG dysk\.ggdrivecache\a 0 bytes File C:\Documents and Settings\Gliwice\GG dysk\.ggdrivecache\a\4 0 bytes File C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Profiles\pj48ya5t.default\Cache\A 0 bytes File C:\Documents and Settings\Gliwice\Local Settings\Application Data\GG\Profiles\pj48ya5t.default\Cache\B 0 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\Rar$EXa0.493\AUTORUN.INF 64 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\Rar$EXa0.528\AUTORUN.INF 64 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\Rar$EXa0.918\autorun.inf 43 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\CProgram FilesOpera\region\au 0 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\CProgram FilesOpera\region\au\bookmarks.adr 8151 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\CProgram FilesOpera\region\au\standard_speeddial.ini 1161 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\UTPS\common\AutoRun 0 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\UTPS\common\AutoRun\AutoRunSetup.exe 415411 bytes executable File C:\Documents and Settings\Gliwice\Local Settings\Temp\UTPS\common\AutoRun\AutoRunUninstall.exe 169997 bytes executable File C:\Documents and Settings\Gliwice\Local Settings\Temp\UTPS\Telia_C07\AutoRun 0 bytes File C:\Documents and Settings\Gliwice\Local Settings\Temp\UTPS\Telia_C07\AutoRun\AutoRunSetup.exe 436768 bytes executable File C:\Documents and Settings\Gliwice\Local Settings\Temp\UTPS\Telia_C07\AutoRun\AutoRunUninstall.exe 176344 bytes executable File C:\Documents and Settings\Gliwice\My Documents\tyu\autorun.inf 54 bytes File C:\Documents and Settings\Gliwice\My Documents\Mobile_Partner_UTPS11.302.09.00.03\AUTORUN.INF 47 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\GoogleBreakpad 212748 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Info.plist 1024 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Inspector 123720 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Info.plist 1302 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS\Reporter 91380 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\PkgInfo 8 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\de.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\de.lproj\Localizable.strings 470 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\English.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\English.lproj\Breakpad.nib 12664 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\English.lproj\Localizable.strings 1972 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\en_GB.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\en_GB.lproj\Localizable.strings 433 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\es.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\es.lproj\Localizable.strings 466 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\fr.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\fr.lproj\Localizable.strings 475 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\it.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\it.lproj\Localizable.strings 443 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\ja.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\ja.lproj\Localizable.strings 539 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\nl.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\nl.lproj\Localizable.strings 450 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_CN.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_CN.lproj\Localizable.strings 381 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_TW.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_TW.lproj\Localizable.strings 384 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\GoogleBreakpad 212748 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Info.plist 1024 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Inspector 123720 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Info.plist 1302 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS\Reporter 91380 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\PkgInfo 8 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\de.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\de.lproj\Localizable.strings 470 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\English.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\English.lproj\Breakpad.nib 12664 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\English.lproj\Localizable.strings 1972 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\en_GB.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\en_GB.lproj\Localizable.strings 433 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\es.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\es.lproj\Localizable.strings 466 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\fr.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\fr.lproj\Localizable.strings 475 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\goArrow.png 3591 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\it.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\it.lproj\Localizable.strings 443 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\ja.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\ja.lproj\Localizable.strings 539 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\nl.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\nl.lproj\Localizable.strings 450 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\ReporterIcon.icns 170816 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_CN.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_CN.lproj\Localizable.strings 381 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_TW.lproj 0 bytes File C:\Program Files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_TW.lproj\Localizable.strings 384 bytes File C:\Program Files\Nero\Nero8\Nero Burning Rom\SecurDisc\Autorun.inf 30 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Compress 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Compress\Zlib 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Compress\Zlib\autosplit.ix 95 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Compress\Zlib\Zlib.dll 77960 bytes executable File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Mail 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Mail\Internet 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Mail\Internet\autosplit.ix 275 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Win32 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Win32\API 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Win32\API\API.dll 32879 bytes executable File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Win32\API\Callback 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Win32\API\Callback\Callback.dll 24701 bytes executable File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Win32API 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Win32API\Registry 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\Win32API\Registry\Registry.dll 155770 bytes executable File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\XML 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\XML\Parser 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\XML\Parser\Expat 0 bytes File C:\Program Files\Nokia\Phoenix\tp\perl\site\lib\auto\XML\Parser\Expat\Expat.dll 135305 bytes executable File C:\Program Files\Opera\region\au 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\nlpsolver\help\bo 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\nlpsolver\help\bo\com.sun.star.comp.Calc.NLPSolver 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\nlpsolver\help\bo\com.sun.star.comp.Calc.NLPSolver\Options.xhp 11733 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\nlpsolver\help\bo\com.sun.star.comp.Calc.NLPSolver\Usage.xhp 3440 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\com.sun.PresenterScreen-windows_x86 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\com.sun.PresenterScreen-windows_x86\presenter.xhp 8978 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\help.db_ 472 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\help.ht_ 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\help.idxl 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\help.idxl\segments.gen 20 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\help.idxl\segments_3 45 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\help.idxl\_0.cfs 1343 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\help.jar 1854 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\presenter-screen\help\bo\help.key_ 109 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\wiki-publisher\help\bo 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\wiki-publisher\help\bo\com.sun.wiki-publisher 0 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\wiki-publisher\help\bo\com.sun.wiki-publisher\wiki.xhp 8776 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\wiki-publisher\help\bo\com.sun.wiki-publisher\wikiaccount.xhp 4295 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\wiki-publisher\help\bo\com.sun.wiki-publisher\wikiformats.xhp 7989 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\wiki-publisher\help\bo\com.sun.wiki-publisher\wikisend.xhp 4206 bytes File C:\Program Files\LibreOffice 3.5\share\extensions\wiki-publisher\help\bo\com.sun.wiki-publisher\wikisettings.xhp 3820 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo 0 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\caption 0 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\caption\com.sun.wiki-publisher%2Fwiki.xhp 187 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\caption\com.sun.wiki-publisher%2Fwikiaccount.xhp 24 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\caption\com.sun.wiki-publisher%2Fwikiformats.xhp 325 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\caption\com.sun.wiki-publisher%2Fwikisend.xhp 40 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\caption\com.sun.wiki-publisher%2Fwikisettings.xhp 40 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\content 0 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\content\com.sun.wiki-publisher%2Fwiki.xhp 3069 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\content\com.sun.wiki-publisher%2Fwikiaccount.xhp 979 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\content\com.sun.wiki-publisher%2Fwikiformats.xhp 3697 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\content\com.sun.wiki-publisher%2Fwikisend.xhp 789 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\content\com.sun.wiki-publisher%2Fwikisettings.xhp 625 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\help.db_ 3213 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\help.ht_ 2772 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\help.jar 10788 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10xvq.tmp\bo\help.key_ 217 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo 0 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\caption 0 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\caption\com.sun.star.comp.Calc.NLPSolver%2FOptions.xhp 73 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\caption\com.sun.star.comp.Calc.NLPSolver%2FUsage.xhp 16 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\content 0 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\content\com.sun.star.comp.Calc.NLPSolver%2FOptions.xhp 3213 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\content\com.sun.star.comp.Calc.NLPSolver%2FUsage.xhp 1260 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\help.db_ 508 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\help.ht_ 0 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\help.jar 4500 bytes File C:\Program Files\LibreOffice 3.5\share\prereg\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\lu10ybt.tmp\bo\help.key_ 236 bytes File C:\Program Files\LibreOffice 3.5\share\samples\bo 0 bytes File C:\Program Files\Mobile Partner\AutoRun 0 bytes File C:\Program Files\SgTool\nvm 0 bytes File C:\Program Files\SgTool\nvm\F480_Repair.nvm 892443 bytes File C:\Program Files\SgTool\nvm\I5500_Repair.nvm 478692 bytes File C:\Program Files\SgTool\nvm\I9000-Repair.img 6553600 bytes File C:\Program Files\SgTool\nvm\I9001_Repair.nvm 577043 bytes File C:\Program Files\SgTool\nvm\I900_Repair.nvm 163464 bytes File C:\Program Files\SgTool\nvm\I9100-Repair.img 20971520 bytes File C:\Program Files\SgTool\nvm\I927-Repair.img 12582912 bytes File C:\Program Files\SgTool\nvm\I9300-Repair.img 20971520 bytes File C:\Program Files\SgTool\nvm\S5660_Repair.nvm 480010 bytes File C:\Program Files\SgTool\nvm\S7500_Repair.nvm 496569 bytes File C:\Program Files\SgTool\nvm\T479B_Repair.nvm 502686 bytes File C:\Program Files\SgTool\nvm\T669_Repair.nvm 92236 bytes File C:\Program Files\SgTool\nvm\T749_Repair.nvm 650765 bytes File C:\Program Files\SgTool\nvm\T989_Repair.nvm 33351 bytes File C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll 18944 bytes executable File C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll 19968 bytes executable File C:\WINDOWS\linkinfo.dll 46592 bytes executable File C:\WINDOWS\system32\drivers\nvmini.sys 17152 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\system32\linkinfo.dll 19968 bytes executable ---- EOF - GMER 1.0.15 ----