Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Browser hijack, called xzm

Started by msmarc , Nov 27 2010 08:12 AM

Please log in to reply

#1
msmarc

Posted 27 November 2010 - 08:12 AM

New Member

Member
4 posts

Hello,

I've been infected with some sort of browser hijack for about two weeks now. If I search something on google or bing and click on a result it will redirect me to a random page. Some of the pages are caught by Firefox because they have malware on them. Other pages are more random. I also get redirects when I enter a URL in the address bar, but not always. I wouldn't even say it happens 100% of the time, maybe more like 70%. I have no problems with my homepage. Also, in Google(or Bing) if I click on the cached version of the site from the search results I will almost never get redirected.

Here's a common URL that I am often redirected to:
hxxp://through-n.com/clickn.php?fb=WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qRTRPbnR6T2pnNkltWmxaV1JmYzJWMElqdHpPakU2SWpJaU8zTTZOem9pYzNWaVlXWm1k ...

Here's another random one:
hxxp://www.sport.it/?adn=tsh

It effects Firefox, Chrome, Internet Explorer. I don't see any symptoms in Safari. In Opera I don't get page redirects like in the other browsers but sometimes pages just won't load at all, which makes me think it's still being effected.

I've tried to clean things up with Avira AntiVir, Windows Defender (which found nothing), Ad-Aware, Malware Bytes, and Hijack This. Ad-Aware found something called VirToolWin32.Obfuscator.hg!b1. MalwareBytes found something called TapiUnattendb.exe. Hijack This found something called Xzm. unfortunately I can't find the logs for Hijack This. All of these found items have been removed/quarantined or deleted.

I think that it came from a torrent download. Sometimes those downloads have files in them that are caught by antivirus but aren't actually viruses. I may have been careless and let one pass, not realizing it was malicious.

By the way, I'm in Italy right now, on Italian internet, not sure if that makes a difference.

OTL logfile created on: 1/27/2006 2:46:28 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Seven\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 29.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 147.31 Gb Free Space | 63.28% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: SEVEN-PC | User Name: Seven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 10:52:46 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/22 10:52:46 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/02 21:25:52 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 21:25:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/02 21:25:51 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/27 07:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 07:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/09 16:06:22 | 000,061,440 | ---- | M] (Apache Software Foundation) -- c:\YouTrack\bin\tomcat6.exe
PRC - [2010/01/21 06:13:56 | 011,967,952 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
PRC - [2010/01/15 04:18:58 | 035,836,360 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
PRC - [2010/01/14 21:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/08 06:47:24 | 000,392,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2009/12/15 00:43:20 | 000,515,560 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2006/01/27 14:41:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Seven\Downloads\OTL.exe

========== Modules (SafeList) ==========

MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2006/01/27 14:41:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Seven\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/11/22 10:52:46 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/10 12:10:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/02 21:25:52 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/02 21:25:51 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 16:06:22 | 000,061,440 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\YouTrack\bin\tomcat6.exe -- (YouTrack)
SRV - [2009/12/15 00:43:20 | 000,515,560 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

========== Driver Services (SafeList) ==========

DRV - [2010/11/25 18:48:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/24 14:18:30 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/22 10:52:52 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/02 21:25:52 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/09/23 08:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/16 01:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/20 13:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/24 16:26:28 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC BF C2 45 2C 8A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/26 14:48:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 14:47:58 | 000,000,000 | ---D | M]

[2010/11/26 14:48:29 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\mozilla\Extensions
[2045/03/01 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\juw8b2km.default\extensions
[2010/11/26 14:49:56 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\juw8b2km.default\extensions\[email protected]
[2045/03/01 21:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/31 10:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/31 10:45:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/26 20:49:52 | 000,001,330 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (COmeaHelper Object) - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Program Files\JetBrains\Omea\IexploreOmeaW.dll (JetBrains Inc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {35402C01-1777-4159-9ABA-3480BA70D90A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip and Edit - C:\Program Files\JetBrains\Omea\IexploreOmeaW.dll (JetBrains Inc)
O8 - Extra context menu item: Clip and Save - C:\Program Files\JetBrains\Omea\IexploreOmeaW.dll (JetBrains Inc)
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Subscribe to Feed - C:\Program Files\JetBrains\Omea\IexploreOmeaW.dll (JetBrains Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/26 21:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/26 20:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/11/26 20:08:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010/11/26 20:07:49 | 000,000,000 | ---D | C] -- C:\Users\Seven\Adobe Flash Builder 4
[2010/11/26 19:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/26 14:48:19 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Mozilla
[2010/11/25 18:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/11/25 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\DAEMON Tools Lite
[2010/11/25 18:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/11/23 12:00:09 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Threat Expert
[2010/11/23 10:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/22 23:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/22 12:40:35 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Opera
[2010/11/22 12:40:35 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Opera
[2010/11/22 12:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/11/22 10:52:57 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/11/22 10:52:54 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/11/22 10:48:41 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Sunbelt Software
[2010/11/22 10:48:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/22 10:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/11/22 10:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/21 22:28:29 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Apps
[2010/11/21 15:22:12 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\ottico_design
[2010/11/21 11:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/21 11:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/20 17:57:53 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/19 13:13:58 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\ottico
[2010/11/11 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\Adobe
[2010/11/11 14:37:43 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Avira
[2010/11/11 11:15:53 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\vlc
[2010/11/11 11:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/11/10 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/11/03 11:02:24 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\WinRAR
[2010/11/03 11:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/31 10:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/31 10:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/10/30 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Microsoft_Corporation
[2010/10/30 17:55:39 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\javascript
[2010/10/29 14:13:49 | 000,000,000 | R--D | C] -- C:\EsseDiCom (MAMMUT-SERVER)
[2010/10/29 13:11:40 | 000,000,000 | ---D | C] -- C:\Users\Seven\PhpstormProjects
[2010/10/29 13:11:10 | 000,000,000 | ---D | C] -- C:\Users\Seven\.WebIde10
[2010/10/29 12:49:16 | 000,000,000 | ---D | C] -- C:\teamsysdata
[2010/10/29 12:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2010/10/29 11:02:58 | 000,000,000 | ---D | C] -- C:\Users\Seven\WebstormProjects
[2010/10/29 10:55:34 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\JetBrains
[2010/10/29 10:50:34 | 000,000,000 | ---D | C] -- C:\YouTrack
[2010/10/29 10:49:24 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\JetBrains
[2010/10/29 10:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\JetBrains
[2010/10/26 18:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/10/26 18:43:58 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\uTorrent
[2010/10/26 09:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/21 15:43:48 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\Version Cue
[2010/10/21 15:43:46 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\AdobeStockPhotos
[2010/10/21 14:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/19 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\Updater5
[2010/10/19 12:20:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/19 12:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/19 12:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/17 21:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2010/10/17 21:50:13 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\Sports Interactive
[2010/10/17 21:50:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2010/10/17 21:50:11 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Sports Interactive
[2010/10/17 18:06:40 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/10/17 18:06:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/10/17 17:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Football Manager 2010
[2010/10/17 17:23:31 | 000,000,000 | ---D | C] -- C:\Users\Seven\Desktop\Football Manager 2010
[2010/10/15 18:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/13 10:18:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/10/10 20:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/10/10 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\eMule
[2010/10/10 20:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010/10/10 20:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/10/10 20:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/10 20:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/10 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/10 20:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/10/07 14:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/10/07 14:01:19 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Last.fm
[2010/10/07 14:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2010/10/07 09:45:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/05 15:24:35 | 000,000,000 | ---D | C] -- C:\Users\Seven\.zenmap
[2010/10/05 15:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/10/05 15:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap
[2010/10/05 14:47:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2010/10/05 14:47:23 | 000,000,000 | ---D | C] -- C:\inetpub
[2010/10/05 14:37:21 | 000,000,000 | ---D | C] -- C:\PsTools
[2010/10/04 09:08:24 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\skypePM
[2010/10/04 09:07:55 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Skype
[2010/10/04 09:07:37 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/10/04 09:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/04 09:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/09/30 12:25:07 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\JQuery
[2010/09/29 15:49:14 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\mIRC
[2010/09/29 15:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010/09/29 11:28:16 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Users\Seven\Desktop\putty.exe
[2010/09/29 09:18:15 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\WinZip
[2010/09/29 09:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/09/29 09:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/09/29 09:10:23 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\FileZilla
[2010/09/29 09:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/09/28 11:07:23 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Apple Computer
[2010/09/28 11:07:23 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Apple Computer
[2010/09/28 11:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/09/28 11:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/28 11:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/28 11:03:52 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Apple
[2010/09/28 11:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/09/28 10:22:49 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Google
[2010/09/28 10:21:53 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\essedicom
[2010/09/28 10:12:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/28 10:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/09/28 09:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/28 09:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/28 09:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/12 01:18:12 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/09/12 00:19:38 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/09/12 00:18:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/09/11 18:07:39 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Diagnostics
[2010/09/11 16:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/09/11 16:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/11 16:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/09/11 16:38:16 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Adobe
[2010/09/11 16:32:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/09/11 16:32:39 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/09/11 16:32:39 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/09/11 16:32:39 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/09/11 16:32:39 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/09/11 16:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/09/11 16:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/11 16:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/09/11 16:22:59 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Macromedia
[2010/09/11 16:22:59 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Adobe
[2010/09/11 16:22:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/09/11 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Mozilla
[2010/09/11 16:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/11 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\ElevatedDiagnostics
[2010/09/11 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite
[2010/09/11 15:57:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\wocaffe
[2010/09/11 15:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrueSuite
[2010/09/11 15:57:49 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/09/11 15:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2010/09/11 15:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/09/11 15:25:27 | 000,000,000 | R--D | C] -- C:\Users\Seven\Searches
[2010/09/11 15:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/11 15:25:19 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Identities
[2010/09/11 15:25:17 | 000,000,000 | R--D | C] -- C:\Users\Seven\Contacts
[2010/09/11 15:25:06 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\VirtualStore
[2010/09/11 15:25:04 | 000,000,000 | --SD | C] -- C:\Users\Seven\AppData\Roaming\Microsoft
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Videos
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Saved Games
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Pictures
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Music
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Links
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Favorites
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Downloads
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Documents
[2010/09/11 15:25:04 | 000,000,000 | R--D | C] -- C:\Users\Seven\Desktop
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\AppData\Local\Temporary Internet Files
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Templates
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Start Menu
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\SendTo
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Recent
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\PrintHood
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\NetHood
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Documents\My Videos
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Documents\My Pictures
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Documents\My Music
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\My Documents
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Local Settings
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\AppData\Local\History
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Cookies
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\Application Data
[2010/09/11 15:25:04 | 000,000,000 | -HSD | C] -- C:\Users\Seven\AppData\Local\Application Data
[2010/09/11 15:25:04 | 000,000,000 | -H-D | C] -- C:\Users\Seven\AppData
[2010/09/11 15:25:04 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Temp
[2010/09/11 15:25:04 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Microsoft
[2010/09/11 15:25:04 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Media Center Programs
[2010/09/11 15:25:00 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/09/11 15:24:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/16 01:45:44 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2010/07/16 01:45:44 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll
[2010/07/16 01:45:44 | 000,035,088 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2009/12/03 15:48:44 | 000,625,224 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\System32\drivers\ATSwpWDF.sys
[2009/11/06 09:10:22 | 030,127,432 | ---- | C] (Sports Interactive) -- C:\Users\Seven\AppData\Roaming\fm.exe
[2009/07/14 08:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2009/07/14 08:49:48 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2009/07/14 08:49:48 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2009/07/14 08:49:45 | 000,000,000 | -HSD | C] -- C:\Windows\BitLockerDiscoveryVolumeContents
[2009/07/14 08:49:45 | 000,000,000 | ---D | C] -- C:\Windows\RemotePackages
[2009/07/14 08:49:45 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\winrm
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCN
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\slmgr
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\UMDF\en-US
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\en-US
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\en
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\DigitalLocker
[2009/07/14 05:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\0409
[2009/07/14 05:56:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Printing_Admin_Scripts
[2009/07/14 05:55:09 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\en-US\pscr.sys.mui
[2009/07/14 05:55:07 | 000,032,256 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\en-US\yk62x86.sys.mui
[2009/07/14 05:54:41 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerId.sys.mui
[2009/07/14 05:54:41 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerIb.sys.mui
[2009/07/14 05:54:41 | 000,009,728 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\en-US\ltmdmnt.sys.mui
[2009/07/14 05:54:41 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrParwdm.sys.mui
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2009/07/14 05:53:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2009/07/14 05:53:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WinBioPlugIns
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WinBioDatabase
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\twain_32
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\restore
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\Performance
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\Offline Web Pages
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\FxsTmp
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Maker
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\diagnostics
[2009/07/14 05:52:30 | 000,000,000 | ---D | C] -- C:\Windows\addins
[2009/07/14 05:34:21 | 000,000,000 | ---D | C] -- C:\Windows\debug
[2009/07/14 05:34:16 | 000,000,000 | ---D | C] -- C:\Windows\Setup
[2009/07/14 05:34:13 | 000,000,000 | ---D | C] -- C:\Windows\ServiceProfiles
[2009/07/14 05:34:06 | 000,000,000 | --SD | C] -- C:\Windows\System32\Microsoft
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-TW
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-HK
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CN
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\winsxs
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\winevt
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\wfp
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\Web
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\wdi
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\wbem
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\Vss
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\uk-UA
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\tr-TR
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\tracing
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\th-TH
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\Tasks
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Tasks
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\TAPI
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sysprep
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sv-SE
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sr-Latn-CS
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sppui
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\spp
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\spool
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Speech
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\SMI
[2009/07/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sl-SI
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\UMDF
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\sk-SK
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Setup
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ru-RU
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ro-RO
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Recovery
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ras
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt-PT
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt-BR
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\pl-PL
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\oobe
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\nl-NL
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\NetworkList
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\NDF
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\nb-NO
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\MUI
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Msdtc
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\migwiz
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\migration
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\manifeststore
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\lv-LV
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\lt-LT
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\LogFiles
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ko-KR
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ja-JP
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\it-IT
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\inetsrv
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\IME
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\icsxml
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ias
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\hu-HU
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\hr-HR
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\he-IL
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\GroupPolicyUsers
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\GroupPolicy
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\fr-FR
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\fi-FI
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\et-EE
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\etc
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-ES
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\en-US
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\el-GR
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\DriverStore
[2009/07/14 03:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\system
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\Speech
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\servicing
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\security
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\schemas
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\SchCache
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\Resources
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\PolicyDefinitions
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\PLA
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\ModemLogs
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft.NET
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Dism
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\de-DE
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\da-DK
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\cs-CZ
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\config
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\com
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\CodeIntegrity
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Boot
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\bg-BG
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\ar-SA
[2009/07/14 03:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\AdvancedInstallers
[2009/07/14 03:37:06 | 000,000,000 | R-SD | C] -- C:\Windows\Media
[2009/07/14 03:37:06 | 000,000,000 | R-SD | C] -- C:\Windows\Fonts
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\LiveKernelReports
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\L2Schemas
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\inf
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\IME
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Help
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Globalization
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Cursors
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Branding
[2009/07/14 03:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Boot
[2009/07/14 03:37:05 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft
[2009/07/14 03:37:05 | 000,000,000 | R-SD | C] -- C:\Windows\assembly
[2009/07/14 03:37:05 | 000,000,000 | R--D | C] -- C:\Users
[2009/07/14 03:37:05 | 000,000,000 | R--D | C] -- C:\Program Files
[2009/07/14 03:37:05 | 000,000,000 | -H-D | C] -- C:\ProgramData
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Mail
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Windows
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\microsoft shared
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Windows\AppPatch
[2009/07/14 03:37:05 | 000,000,000 | ---D | C] -- C:\Windows\AppCompat
[2009/07/14 03:36:15 | 000,000,000 | -HSD | C] -- C:\$Recycle.Bin
[2009/07/14 01:59:16 | 000,013,568 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys
[2009/07/14 01:59:14 | 000,017,408 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\brcoinst.dll
[2009/07/14 01:59:02 | 000,062,336 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys
[2009/07/14 01:58:59 | 000,005,248 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/07/14 01:58:35 | 000,011,904 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys
[2009/07/14 01:58:27 | 000,012,160 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2009/07/14 01:57:25 | 000,272,128 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys
[2009/07/14 00:25:34 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2009/07/13 23:54:14 | 000,026,624 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\drivers\hcw85cir.sys
[2009/07/13 23:09:19 | 000,095,824 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_fc.sys
[2009/07/13 23:09:18 | 000,096,848 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2009/07/13 23:09:18 | 000,089,168 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas.sys
[2009/07/13 23:09:18 | 000,077,888 | ---- | C] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2009/07/13 23:09:18 | 000,054,864 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas2.sys
[2009/07/13 23:09:17 | 000,235,584 | ---- | C] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys
[2009/07/13 23:09:17 | 000,086,608 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2009/07/13 23:09:17 | 000,076,368 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2009/07/13 23:09:16 | 000,297,552 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2009/07/13 23:09:16 | 000,146,512 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/06/10 22:40:10 | 001,035,776 | ---- | C] (LSI Corp) -- C:\Windows\System32\drivers\AGRSM.sys
[2009/06/10 22:20:26 | 000,070,720 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2009/06/10 22:20:03 | 000,159,312 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\amdsbs.sys
[2009/06/10 22:19:35 | 000,030,800 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2009/06/10 22:19:19 | 000,453,712 | ---- | C] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2009/06/10 22:19:05 | 000,422,976 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[2006/01/27 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\com.adobe.bridge.PublishPanel
[2006/01/27 14:00:46 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Malwarebytes
[2006/01/27 14:00:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2006/01/27 14:00:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2006/01/27 14:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/01/27 14:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/26 20:49:52 | 000,001,330 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/26 20:02:06 | 000,000,600 | ---- | M] () -- C:\Users\Seven\AppData\Local\PUTTY.RND
[2010/11/26 18:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/11/26 18:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/11/26 18:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/11/26 18:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/11/26 14:48:24 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/11/26 14:48:05 | 000,001,909 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/25 18:48:20 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/11/24 14:18:30 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/23 14:16:49 | 386,837,755 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/22 12:40:29 | 000,000,827 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/11/22 10:52:54 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/11/22 10:48:03 | 000,001,124 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/21 22:24:54 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2010/11/11 14:02:06 | 000,007,603 | ---- | M] () -- C:\Users\Seven\AppData\Local\Resmon.ResmonCfg
[2010/11/07 21:10:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/04 10:16:44 | 000,447,789 | ---- | M] () -- C:\Users\Seven\Documents\jsconf.pdf
[2010/11/03 23:11:05 | 000,002,928 | ---- | M] () -- C:\Users\Seven\_viminfo
[2010/11/02 21:25:52 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/02 15:25:27 | 000,000,203 | ---- | M] () -- C:\Users\Seven\.bash_history
[2010/11/01 17:53:52 | 000,000,916 | -H-- | M] () -- C:\Users\Seven\.gitk
[2010/10/31 18:08:00 | 000,000,183 | ---- | M] () -- C:\Users\Seven\.gitconfig
[2010/10/29 14:12:25 | 000,001,614 | ---- | M] () -- C:\Users\Seven\Desktop\MAMMUT-SERVER - Shortcut.lnk
[2010/10/29 13:10:20 | 000,000,936 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\JetBrains PhpStorm 1.0.2.lnk
[2010/10/29 13:00:04 | 000,038,428 | ---- | M] () -- C:\Users\Seven\Documents\settings.jar
[2010/10/29 12:06:08 | 000,001,850 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2010/10/29 10:49:15 | 000,000,828 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Omea.lnk
[2010/10/29 10:47:53 | 000,000,936 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\JetBrains WebStorm 1.0.2.lnk
[2010/10/25 10:47:07 | 000,000,601 | ---- | M] () -- C:\Users\Seven\Documents\canvas_test.html
[2010/10/17 20:22:21 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/10/17 17:39:50 | 000,000,808 | ---- | M] () -- C:\Users\Seven\Desktop\Football Manager 2010.lnk
[2010/09/29 11:28:17 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Users\Seven\Desktop\putty.exe
[2010/09/28 11:05:07 | 000,002,503 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/23 08:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/09/23 08:46:08 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/09/12 00:22:02 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/09/11 16:18:23 | 000,001,407 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/11 16:04:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/11 15:57:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
[2010/07/16 01:45:44 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2010/07/16 01:45:44 | 000,096,784 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll
[2010/07/16 01:45:44 | 000,053,299 | ---- | M] () -- C:\Windows\System32\pthreadVC.dll
[2010/07/16 01:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\drivers\ATSwpWDF.sys
[2009/12/02 18:39:02 | 020,317,504 | ---- | M] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/11/06 09:10:22 | 030,127,432 | ---- | M] (Sports Interactive) -- C:\Users\Seven\AppData\Roaming\fm.exe
[2009/09/23 18:45:20 | 000,039,440 | ---- | M] () -- C:\Windows\System32\iglhxs32.vp
[2009/09/23 17:45:12 | 001,921,265 | ---- | M] () -- C:\Windows\System32\iglhxa32.cpa
[2009/09/23 17:45:12 | 000,060,254 | ---- | M] () -- C:\Windows\System32\iglhxg32.vp
[2009/09/23 17:45:12 | 000,060,226 | ---- | M] () -- C:\Windows\System32\iglhxc32.vp
[2009/09/23 17:45:12 | 000,060,015 | ---- | M] () -- C:\Windows\System32\iglhxo32.vp
[2009/09/23 17:45:12 | 000,001,090 | ---- | M] () -- C:\Windows\System32\iglhxa32.vp
[2009/07/14 05:56:51 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2009/07/14 05:47:13 | 000,009,216 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2009/07/14 05:42:29 | 000,001,244 | ---- | M] () -- C:\Windows\System32\migwiz.lnk
[2009/07/14 05:42:26 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2009/07/14 05:37:42 | 000,000,290 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2009/07/14 05:37:42 | 000,000,272 | ---- | M] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/07/14 03:09:40 | 000,010,240 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerId.sys.mui
[2009/07/14 03:07:42 | 000,009,728 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\en-US\ltmdmnt.sys.mui
[2009/07/14 03:04:20 | 000,010,240 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerIb.sys.mui
[2009/07/14 03:03:46 | 000,003,584 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\en-US\pscr.sys.mui
[2009/07/14 03:03:08 | 000,032,256 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\en-US\yk62x86.sys.mui
[2009/07/14 03:02:36 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrParwdm.sys.mui
[2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\amdsbs.sys
[2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas.sys
[2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys
[2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_fc.sys
[2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas2.sys
[2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2009/07/14 02:15:21 | 000,093,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2009/07/14 02:15:00 | 000,073,728 | ---- | M] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:15:00 | 000,064,000 | ---- | M] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 02:15:00 | 000,017,408 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\brcoinst.dll
[2009/07/14 02:14:28 | 000,066,048 | ---- | M] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys
[2009/07/14 01:34:40 | 000,291,294 | ---- | M] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 01:34:38 | 000,031,548 | ---- | M] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 00:06:14 | 000,004,453 | ---- | M] () -- C:\Windows\System32\odbcconf.rsp
[2009/07/13 23:58:08 | 000,043,131 | ---- | M] () -- C:\Windows\mib.bin
[2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\drivers\hcw85cir.sys
[2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys
[2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys
[2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys
[2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/07/13 23:38:23 | 000,071,951 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) -- C:\Windows\System32\drivers\AGRSM.sys
[2009/07/13 22:41:56 | 000,053,552 | ---- | M] () -- C:\Windows\System32\dosx.exe
[2009/07/13 22:41:05 | 000,000,718 | ---- | M] () -- C:\Windows\System32\mscdexnt.exe
[2009/07/13 22:41:04 | 000,002,842 | ---- | M] () -- C:\Windows\System32\redir.exe
[2009/07/13 22:41:02 | 000,000,882 | ---- | M] () -- C:\Windows\System32\share.exe
[2009/07/13 22:41:02 | 000,000,882 | ---- | M] () -- C:\Windows\System32\fastopen.exe
[2009/07/13 22:41:01 | 000,019,694 | ---- | M] () -- C:\Windows\System32\GRAPHICS.COM
[2009/07/13 22:40:59 | 000,014,710 | ---- | M] () -- C:\Windows\System32\KB16.COM
[2009/07/13 22:40:57 | 000,007,052 | ---- | M] () -- C:\Windows\System32\nlsfunc.exe
[2009/07/13 22:40:57 | 000,001,131 | ---- | M] () -- C:\Windows\System32\LOADFIX.COM
[2009/07/13 22:40:56 | 000,039,274 | ---- | M] () -- C:\Windows\System32\mem.exe
[2009/07/13 22:40:54 | 000,011,753 | ---- | M] () -- C:\Windows\System32\setver.exe
[2009/07/13 22:40:52 | 000,020,634 | ---- | M] () -- C:\Windows\System32\debug.exe
[2009/07/13 22:40:51 | 000,008,424 | ---- | M] () -- C:\Windows\System32\exe2bin.exe
[2009/07/13 22:40:50 | 000,012,642 | ---- | M] () -- C:\Windows\System32\edlin.exe
[2009/07/13 22:40:49 | 000,012,498 | ---- | M] () -- C:\Windows\System32\append.exe
[2009/07/13 22:40:48 | 000,050,648 | ---- | M] () -- C:\Windows\System32\COMMAND.COM
[2009/07/13 22:38:33 | 000,000,610 | ---- | M] () -- C:\Windows\System32\WdsUnattendTemplate.xml
[2009/07/13 21:29:26 | 000,000,714 | ---- | M] () -- C:\Windows\System32\RestartManager.mof
[2009/07/13 21:29:26 | 000,000,176 | ---- | M] () -- C:\Windows\System32\RestartManagerUninstall.mof
[2009/06/10 22:47:11 | 000,047,679 | ---- | M] () -- C:\Windows\System32\diskmgmt.msc
[2009/06/10 22:46:53 | 000,008,280 | ---- | M] () -- C:\Windows\System32\spcinstrumentation.man
[2009/06/10 22:46:40 | 000,152,516 | ---- | M] () -- C:\Windows\System32\systemsf.ebd
[2009/06/10 22:46:28 | 000,105,371 | ---- | M] () -- C:\Windows\System32\RacRules.xml
[2009/06/10 22:46:08 | 000,145,640 | ---- | M] () -- C:\Windows\System32\devmgmt.msc
[2009/06/10 22:44:34 | 003,170,304 | ---- | M] () -- C:\Windows\System32\boot.sdi
[2009/06/10 22:43:22 | 000,000,874 | ---- | M] () -- C:\Windows\System32\manage-bde.wsf
[2009/06/10 22:43:20 | 000,144,862 | ---- | M] () -- C:\Windows\System32\tpm.msc
[2009/06/10 22:42:54 | 000,028,420 | ---- | M] () -- C:\Windows\System32\bios1.rom
[2009/06/10 22:42:54 | 000,018,832 | ---- | M] () -- C:\Windows\System32\v7vga.rom
[2009/06/10 22:42:54 | 000,008,191 | ---- | M] () -- C:\Windows\System32\bios4.rom
[2009/06/10 22:42:49 | 000,000,707 | ---- | M] () -- C:\Windows\_default.pif
[2009/06/10 22:42:32 | 000,069,886 | ---- | M] () -- C:\Windows\System32\edit.com
[2009/06/10 22:42:32 | 000,021,232 | ---- | M] () -- C:\Windows\System32\graphics.pro
[2009/06/10 22:42:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/06/10 22:42:20 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/10 22:42:08 | 000,000,843 | ---- | M] () -- C:\Windows\System32\onlinesetup.cmd
[2009/06/10 22:42:07 | 000,004,041 | ---- | M] () -- C:\Windows\System32\xwizard.dtd
[2009/06/10 22:41:29 | 000,211,938 | ---- | M] () -- C:\Windows\System32\lcphrase.tbl
[2009/06/10 22:41:29 | 000,024,114 | ---- | M] () -- C:\Windows\System32\lcptr.tbl
[2009/06/10 22:40:51 | 000,146,389 | ---- | M] () -- C:\Windows\System32\printmanagement.msc
[2009/06/10 22:40:47 | 000,201,034 | ---- | M] () -- C:\Windows\System32\winrm.vbs
[2009/06/10 22:40:47 | 000,004,675 | ---- | M] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2009/06/10 22:40:47 | 000,002,426 | ---- | M] () -- C:\Windows\System32\WsmTxt.xsl
[2009/06/10 22:40:47 | 000,001,559 | ---- | M] () -- C:\Windows\System32\WsmPty.xsl
[2009/06/10 22:40:47 | 000,000,035 | ---- | M] () -- C:\Windows\System32\winrm.cmd
[2009/06/10 22:39:59 | 000,001,041 | ---- | M] () -- C:\Windows\System32\tcpbidi.xml
[2009/06/10 22:39:54 | 000,003,577 | ---- | M] () -- C:\Windows\System32\sysprtj.sep
[2009/06/10 22:39:54 | 000,003,214 | ---- | M] () -- C:\Windows\System32\sysprint.sep
[2009/06/10 22:39:53 | 000,000,114 | ---- | M] () -- C:\Windows\System32\pcl.sep
[2009/06/10 22:39:53 | 000,000,051 | ---- | M] () -- C:\Windows\System32\pscript.sep
[2009/06/10 22:39:44 | 000,144,673 | ---- | M] () -- C:\Windows\System32\WmiMgmt.msc
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,003,683 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts.sam
[2009/06/10 22:39:37 | 000,001,540 | ---- | M] () -- C:\Windows\System32\drivers\etc\quotes
[2009/06/10 22:39:37 | 000,001,358 | ---- | M] () -- C:\Windows\System32\drivers\etc\protocol
[2009/06/10 22:39:37 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts - Copy
[2009/06/10 22:39:37 | 000,000,407 | ---- | M] () -- C:\Windows\System32\drivers\etc\networks
[2009/06/10 22:39:18 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2009/06/10 22:38:48 | 000,113,629 | ---- | M] () -- C:\Windows\System32\slmgr.vbs
[2009/06/10 22:38:43 | 000,145,059 | ---- | M] () -- C:\Windows\System32\taskschd.msc
[2009/06/10 22:38:33 | 000,145,127 | ---- | M] () -- C:\Windows\System32\eventvwr.msc
[2009/06/10 22:38:10 | 000,017,935 | ---- | M] () -- C:\Windows\System32\EventViewer_EventDetails.xsl
[2009/06/10 22:36:33 | 000,063,070 | ---- | M] () -- C:\Windows\System32\certmgr.msc
[2009/06/10 22:35:57 | 000,120,458 | ---- | M] () -- C:\Windows\System32\secpol.msc
[2009/06/10 22:34:45 | 000,215,943 | ---- | M] () -- C:\Windows\System32\dssec.dat
[2009/06/10 22:34:23 | 000,316,640 | ---- | M] () -- C:\Windows\WMSysPr9.prx
[2009/06/10 22:32:47 | 000,000,741 | ---- | M] () -- C:\Windows\System32\NOISE.DAT
[2009/06/10 22:32:07 | 000,002,060 | ---- | M] () -- C:\Windows\System32\noise.jpn
[2009/06/10 22:31:26 | 000,145,519 | ---- | M] () -- C:\Windows\System32\perfmon.msc
[2009/06/10 22:29:34 | 000,000,697 | ---- | M] () -- C:\Windows\System32\NOISE.THA
[2009/06/10 22:29:29 | 011,967,524 | ---- | M] () -- C:\Windows\System32\korwbrkr.lex
[2009/06/10 22:29:29 | 000,001,486 | ---- | M] () -- C:\Windows\System32\noise.kor
[2009/06/10 22:29:28 | 000,001,696 | ---- | M] () -- C:\Windows\System32\NOISE.CHT
[2009/06/10 22:29:17 | 000,001,696 | ---- | M] () -- C:\Windows\System32\NOISE.CHS
[2009/06/10 22:28:59 | 000,147,439 | ---- | M] () -- C:\Windows\System32\gpedit.msc
[2009/06/10 22:28:59 | 000,043,566 | ---- | M] () -- C:\Windows\System32\rsop.msc
[2009/06/10 22:27:46 | 000,115,091 | ---- | M] () -- C:\Windows\System32\WF.msc
[2009/06/10 22:27:38 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2009/06/10 22:26:15 | 000,144,998 | ---- | M] () -- C:\Windows\System32\lusrmgr.msc
[2009/06/10 22:26:10 | 000,673,088 | ---- | M] () -- C:\Windows\System32\mlang.dat
[2009/06/10 22:26:01 | 000,127,213 | ---- | M] () -- C:\Windows\System32\ega.cpi
[2009/06/10 22:25:52 | 000,063,411 | ---- | M] () -- C:\Windows\System32\NAPCLCFG.MSC
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () -- C:\Windows\System32\services.msc
[2009/06/10 22:21:07 | 000,144,909 | ---- | M] () -- C:\Windows\System32\fsmgmt.msc
[2009/06/10 22:21:06 | 000,113,256 | ---- | M] () -- C:\Windows\System32\compmgmt.msc
[2009/06/10 22:21:06 | 000,041,587 | ---- | M] () -- C:\Windows\System32\azman.msc
[2009/06/10 22:19:05 | 000,040,552 | ---- | M] () -- C:\Windows\System32\gatherNetworkInfo.vbs
[2009/06/10 22:19:05 | 000,021,812 | ---- | M] () -- C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[2009/06/10 22:18:29 | 000,000,565 | ---- | M] () -- C:\Windows\System32\NdfEventView.xml
[2009/06/10 22:17:44 | 000,124,118 | ---- | M] () -- C:\Windows\System32\comexp.msc
[2009/06/10 22:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\System32\PerfCenterCpl.ico
[2009/06/10 22:16:56 | 000,002,233 | ---- | M] () -- C:\Windows\System32\12520850.cpx
[2009/06/10 22:16:56 | 000,002,151 | ---- | M] () -- C:\Windows\System32\12520437.cpx
[2009/06/10 22:16:38 | 000,002,727 | ---- | M] () -- C:\Windows\System32\locationnotificationsview.xml
[2009/06/10 22:15:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2009/06/10 22:15:18 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2009/06/10 22:15:06 | 000,076,060 | ---- | M] () -- C:\Windows\System32\xpsrchvw.xml
[2009/06/10 22:14:45 | 000,051,867 | ---- | M] () -- C:\Windows\Ultimate.xml
[2009/06/10 22:14:45 | 000,048,201 | ---- | M] () -- C:\Windows\Starter.xml
[2009/06/10 22:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\System32\drivers\gm.dls
[2009/05/11 11:49:28 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2009/05/11 11:49:28 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2009/05/11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2007/02/20 15:04:02 | 002,463,976 | ---- | M] () -- C:\Windows\System32\NPSWF32.dll
[2006/01/27 14:34:12 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2006/01/27 14:34:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2006/01/27 14:33:55 | 000,652,238 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2006/01/27 14:33:55 | 000,113,886 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2006/01/27 14:32:30 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2006/01/27 14:32:30 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (once).job
[2006/01/27 14:29:37 | 003,898,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/01/27 14:28:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2006/01/27 14:28:16 | 1201,217,536 | -HS- | M] () -- C:\hiberfil.sys
[2006/01/27 10:59:35 | 000,154,712 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/26 19:24:55 | 000,000,824 | ---- | C] () -- C:\Windows\System32\drivers\etc\hosts - Copy
[2010/11/26 14:48:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/26 14:48:05 | 000,001,909 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/25 18:48:20 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/11/22 12:40:29 | 000,000,827 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/11/22 11:11:46 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/11/22 10:48:03 | 000,001,124 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/13 18:02:23 | 000,000,003 | ---- | C] () -- C:\Windows\Twain001.Mtx
[2010/11/11 16:09:22 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/11/11 15:14:08 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/11/11 15:10:31 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/11/11 13:46:25 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/11/07 21:10:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/04 10:16:40 | 000,447,789 | ---- | C] () -- C:\Users\Seven\Documents\jsconf.pdf
[2010/11/02 15:25:27 | 000,000,203 | ---- | C] () -- C:\Users\Seven\.bash_history
[2010/10/31 18:12:33 | 000,000,916 | -H-- | C] () -- C:\Users\Seven\.gitk
[2010/10/31 18:09:26 | 000,002,928 | ---- | C] () -- C:\Users\Seven\_viminfo
[2010/10/31 18:07:47 | 000,000,183 | ---- | C] () -- C:\Users\Seven\.gitconfig
[2010/10/29 14:12:25 | 000,001,614 | ---- | C] () -- C:\Users\Seven\Desktop\MAMMUT-SERVER - Shortcut.lnk
[2010/10/29 13:10:20 | 000,000,936 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\JetBrains PhpStorm 1.0.2.lnk
[2010/10/29 13:00:04 | 000,038,428 | ---- | C] () -- C:\Users\Seven\Documents\settings.jar
[2010/10/29 12:06:08 | 000,001,850 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2010/10/29 10:49:15 | 000,000,828 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Omea.lnk
[2010/10/29 10:47:53 | 000,000,936 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\JetBrains WebStorm 1.0.2.lnk
[2010/10/25 10:46:28 | 000,000,601 | ---- | C] () -- C:\Users\Seven\Documents\canvas_test.html
[2010/10/22 11:22:35 | 000,154,712 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/17 20:22:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/10/17 17:39:50 | 000,000,808 | ---- | C] () -- C:\Users\Seven\Desktop\Football Manager 2010.lnk
[2010/10/08 10:59:09 | 000,000,600 | ---- | C] () -- C:\Users\Seven\AppData\Local\PUTTY.RND
[2010/10/07 09:45:15 | 386,837,755 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/28 11:05:07 | 000,002,503 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/28 10:00:13 | 000,007,603 | ---- | C] () -- C:\Users\Seven\AppData\Local\Resmon.ResmonCfg
[2010/09/28 09:26:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/09/12 00:18:56 | 1201,217,536 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/11 16:18:23 | 000,001,407 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/11 16:04:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/11 15:57:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
[2010/09/11 15:25:04 | 000,000,290 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/11 15:25:04 | 000,000,272 | ---- | C] () -- C:\Users\Seven\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/16 01:45:44 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/12/02 18:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/09/23 18:45:20 | 000,039,440 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2009/09/23 17:45:12 | 001,921,265 | ---- | C] () -- C:\Windows\System32\iglhxa32.cpa
[2009/09/23 17:45:12 | 000,060,254 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp
[2009/09/23 17:45:12 | 000,060,226 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2009/09/23 17:45:12 | 000,060,015 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2009/09/23 17:45:12 | 000,001,090 | ---- | C] () -- C:\Windows\System32\iglhxa32.vp
[2009/07/14 08:51:56 | 000,051,867 | ---- | C] () -- C:\Windows\Ultimate.xml
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:48:09 | 000,048,201 | ---- | C] () -- C:\Windows\Starter.xml
[2009/07/14 05:46:52 | 000,042,045 | ---- | C] () -- C:\Windows\System32\license.rtf
[2009/07/14 05:42:29 | 000,001,244 | ---- | C] () -- C:\Windows\System32\migwiz.lnk
[2009/07/14 05:42:26 | 000,000,535 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2009/07/14 05:34:15 | 000,014,016 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/14 05:34:15 | 000,014,016 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/14 05:34:00 | 000,021,504 | ---- | C] () -- C:\Windows\System32\umstartup.etl
[2009/07/14 05:34:00 | 000,009,216 | ---- | C] () -- C:\Windows\System32\umstartup000.etl
[2009/07/14 05:33:53 | 003,898,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,652,238 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,113,886 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/07/14 03:05:05 | 000,001,696 | ---- | C] () -- C:\Windows\System32\NOISE.CHT
[2009/07/14 03:05:05 | 000,001,696 | ---- | C] () -- C:\Windows\System32\NOISE.CHS
[2009/07/14 03:05:05 | 000,001,486 | ---- | C] () -- C:\Windows\System32\noise.kor
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:05:05 | 000,000,697 | ---- | C] () -- C:\Windows\System32\NOISE.THA
[2009/07/14 03:05:03 | 000,003,683 | ---- | C] () -- C:\Windows\System32\drivers\etc\lmhosts.sam
[2009/07/14 03:04:17 | 000,017,463 | ---- | C] () -- C:\Windows\System32\drivers\etc\services
[2009/07/14 03:04:17 | 000,001,358 | ---- | C] () -- C:\Windows\System32\drivers\etc\protocol
[2009/07/14 03:04:17 | 000,001,330 | ---- | C] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/14 03:04:17 | 000,000,407 | ---- | C] () -- C:\Windows\System32\drivers\etc\networks
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 03:04:04 | 000,002,577 | ---- | C] () -- C:\Windows\System32\config.nt
[2009/07/14 03:04:04 | 000,001,688 | ---- | C] () -- C:\Windows\System32\autoexec.nt
[2009/07/14 03:04:04 | 000,000,024 | ---- | C] () -- C:\autoexec.bat
[2009/07/14 03:04:04 | 000,000,010 | ---- | C] () -- C:\config.sys
[2009/07/14 03:03:57 | 000,008,798 | ---- | C] () -- C:\Windows\System32\icrav03.rat
[2009/07/14 03:03:57 | 000,001,988 | ---- | C] () -- C:\Windows\System32\ticrf.rat
[2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:11:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2009/07/14 00:08:01 | 000,003,577 | ---- | C] () -- C:\Windows\System32\sysprtj.sep
[2009/07/14 00:08:01 | 000,000,114 | ---- | C] () -- C:\Windows\System32\pcl.sep
[2009/07/14 00:08:01 | 000,000,051 | ---- | C] () -- C:\Windows\System32\pscript.sep
[2009/07/14 00:06:14 | 000,004,453 | ---- | C] () -- C:\Windows\System32\odbcconf.rsp
[2009/07/13 23:53:38 | 000,146,389 | ---- | C] () -- C:\Windows\System32\printmanagement.msc
[2009/07/13 23:41:10 | 000,002,233 | ---- | C] () -- C:\Windows\System32\12520850.cpx
[2009/07/13 23:38:23 | 000,071,951 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/13 23:12:16 | 000,063,411 | ---- | C] () -- C:\Windows\System32\NAPCLCFG.MSC
[2009/07/13 23:11:17 | 000,115,091 | ---- | C] () -- C:\Windows\System32\WF.msc
[2009/07/13 23:10:48 | 000,021,812 | ---- | C] () -- C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[2009/07/13 23:06:29 | 000,201,034 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2009/07/13 23:06:29 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2009/07/13 23:06:29 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2009/07/13 23:06:29 | 000,001,559 | ---- | C] () -- C:\Windows\System32\WsmPty.xsl
[2009/07/13 23:01:40 | 000,124,118 | ---- | C] () -- C:\Windows\System32\comexp.msc
[2009/07/13 22:55:47 | 000,144,998 | ---- | C] () -- C:\Windows\System32\lusrmgr.msc
[2009/07/13 22:53:23 | 000,147,439 | ---- | C] () -- C:\Windows\System32\gpedit.msc
[2009/07/13 22:53:23 | 000,043,566 | ---- | C] () -- C:\Windows\System32\rsop.msc
[2009/07/13 22:47:53 | 000,063,070 | ---- | C] () -- C:\Windows\System32\certmgr.msc
[2009/07/13 22:46:10 | 000,145,127 | ---- | C] () -- C:\Windows\System32\eventvwr.msc
[2009/07/13 22:46:10 | 000,017,935 | ---- | C] () -- C:\Windows\System32\EventViewer_EventDetails.xsl
[2009/07/13 22:46:09 | 000,145,059 | ---- | C] () -- C:\Windows\System32\taskschd.msc
[2009/07/13 22:46:01 | 000,144,673 | ---- | C] () -- C:\Windows\System32\WmiMgmt.msc
[2009/07/13 22:44:25 | 000,120,458 | ---- | C] () -- C:\Windows\System32\secpol.msc
[2009/07/13 22:44:22 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2009/07/13 22:44:22 | 000,113,256 | ---- | C] () -- C:\Windows\System32\compmgmt.msc
[2009/07/13 22:44:22 | 000,092,745 | ---- | C] () -- C:\Windows\System32\services.msc
[2009/07/13 22:44:22 | 000,041,587 | ---- | C] () -- C:\Windows\System32\azman.msc
[2009/07/13 22:41:56 | 000,053,552 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2009/07/13 22:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2009/07/13 22:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2009/07/13 22:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2009/07/13 22:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2009/07/13 22:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2009/07/13 22:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2009/07/13 22:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2009/07/13 22:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2009/07/13 22:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2009/07/13 22:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2009/07/13 22:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2009/07/13 22:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2009/07/13 22:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2009/07/13 22:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2009/07/13 22:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2009/07/13 22:38:38 | 000,024,114 | ---- | C] () -- C:\Windows\System32\lcptr.tbl
[2009/07/13 22:38:33 | 000,000,610 | ---- | C] () -- C:\Windows\System32\WdsUnattendTemplate.xml
[2009/07/13 22:34:35 | 000,047,679 | ---- | C] () -- C:\Windows\System32\diskmgmt.msc
[2009/07/13 22:33:45 | 000,000,714 | ---- | C] () -- C:\Windows\System32\RestartManager.mof
[2009/07/13 22:33:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\RestartManagerUninstall.mof
[2009/07/13 22:30:30 | 000,000,707 | ---- | C] () -- C:\Windows\_default.pif
[2009/07/13 22:30:26 | 000,018,832 | ---- | C] () -- C:\Windows\System32\v7vga.rom
[2009/07/13 22:30:26 | 000,008,191 | ---- | C] () -- C:\Windows\System32\bios4.rom
[2009/07/13 22:28:41 | 000,145,519 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2009/07/13 22:23:44 | 000,145,640 | ---- | C] () -- C:\Windows\System32\devmgmt.msc
[2009/07/13 22:20:44 | 000,144,862 | ---- | C] () -- C:\Windows\System32\tpm.msc
[2009/07/13 21:50:57 | 000,001,540 | ---- | C] () -- C:\Windows\System32\drivers\etc\quotes
[2009/07/13 21:31:17 | 000,127,213 | ---- | C] () -- C:\Windows\System32\ega.cpi
[2009/07/13 21:30:24 | 000,000,843 | ---- | C] () -- C:\Windows\System32\onlinesetup.cmd
[2009/07/13 21:22:04 | 000,000,874 | ---- | C] () -- C:\Windows\System32\manage-bde.wsf
[2009/06/10 22:46:53 | 000,008,280 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/06/10 22:46:40 | 000,152,516 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/06/10 22:46:28 | 000,105,371 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2009/06/10 22:44:34 | 003,170,304 | ---- | C] () -- C:\Windows\System32\boot.sdi
[2009/06/10 22:42:54 | 000,028,420 | ---- | C] () -- C:\Windows\System32\bios1.rom
[2009/06/10 22:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2009/06/10 22:42:32 | 000,021,232 | ---- | C] () -- C:\Windows\System32\graphics.pro
[2009/06/10 22:42:07 | 000,004,041 | ---- | C] () -- C:\Windows\System32\xwizard.dtd
[2009/06/10 22:41:29 | 000,211,938 | ---- | C] () -- C:\Windows\System32\lcphrase.tbl
[2009/06/10 22:40:47 | 000,000,035 | ---- | C] () -- C:\Windows\System32\winrm.cmd
[2009/06/10 22:39:59 | 000,001,041 | ---- | C] () -- C:\Windows\System32\tcpbidi.xml
[2009/06/10 22:39:54 | 000,003,214 | ---- | C] () -- C:\Windows\System32\sysprint.sep
[2009/06/10 22:39:18 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2009/06/10 22:38:48 | 000,113,629 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/06/10 22:34:23 | 000,316,640 | ---- | C] () -- C:\Windows\WMSysPr9.prx
[2009/06/10 22:32:07 | 000,002,060 | ---- | C] () -- C:\Windows\System32\noise.jpn
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/10 22:19:05 | 000,040,552 | ---- | C] () -- C:\Windows\System32\gatherNetworkInfo.vbs
[2009/06/10 22:18:29 | 000,000,565 | ---- | C] () -- C:\Windows\System32\NdfEventView.xml
[2009/06/10 22:17:19 | 000,116,288 | ---- | C] () -- C:\Windows\System32\PerfCenterCpl.ico
[2009/06/10 22:16:56 | 000,002,151 | ---- | C] () -- C:\Windows\System32\12520437.cpx
[2009/06/10 22:16:38 | 000,002,727 | ---- | C] () -- C:\Windows\System32\locationnotificationsview.xml
[2009/06/10 22:15:06 | 000,076,060 | ---- | C] () -- C:\Windows\System32\xpsrchvw.xml
[2009/06/10 22:14:28 | 003,440,660 | ---- | C] () -- C:\Windows\System32\drivers\gm.dls
[2006/01/27 14:30:56 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2006/01/27 14:30:56 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Scan (once).job

========== LOP Check ==========

[2006/01/27 14:16:04 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\com.adobe.bridge.PublishPanel
[2010/11/26 19:13:53 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\DAEMON Tools Lite
[2010/11/22 11:17:56 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\FileZilla
[2010/10/29 10:49:24 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\JetBrains
[2010/11/22 12:40:35 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Opera
[2010/10/17 21:50:11 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Sports Interactive
[2006/01/26 23:46:10 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\uTorrent
[2006/01/27 14:32:30 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Scan (once).job
[2006/01/27 14:32:30 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/11/26 18:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/11/26 18:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/11/26 18:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/11/26 18:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2009/07/14 05:53:46 | 000,013,208 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Attached Files

Extras.Txt 37.74KB 156 downloads

#2
kahdah

Posted 27 November 2010 - 10:12 AM

GeekU Teacher

Retired Staff
15,822 posts

Hello msmarc

Welcome to G2Go.

===============
Download This file. Note its name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

#3
msmarc

Posted 28 November 2010 - 07:11 AM

New Member

Topic Starter
Member
4 posts

Here's my results from GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2006-01-28 14:07:42
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9250410AS rev.0002SDM1
Running: p1ecgcse.exe; Driver: C:\Users\Seven\AppData\Local\Temp\aglcypow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8285D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82881F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\xnecno.sys The system cannot find the path specified. !
? System32\Drivers\spdy.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8E268CA0 5 Bytes JMP 85B4F1D8
.text aar2cj2r.SYS 8E386000 12 Bytes [44, F8, C2, 82, EE, F6, C2, ...]
.text aar2cj2r.SYS 8E38600D 9 Bytes [D7, C2, 82, 48, FB, C2, 82, ...]
.text aar2cj2r.SYS 8E386017 170 Bytes [00, DE, 37, 78, 87, E6, 35, ...]
.text aar2cj2r.SYS 8E3860C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text aar2cj2r.SYS 8E3860CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[2444] kernel32.dll!CreateProcessInternalW 775D42CE 5 Bytes JMP 00768369

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87687042] \SystemRoot\System32\Drivers\spdy.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [876876D6] \SystemRoot\System32\Drivers\spdy.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87687800] \SystemRoot\System32\Drivers\spdy.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8768713E] \SystemRoot\System32\Drivers\spdy.sys
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\aar2cj2r.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 848E41F8
Device \Driver\volmgr \Device\VolMgrControl 848DF1F8
Device \Driver\usbuhci \Device\USBPDO-0 85B501F8
Device \Driver\usbuhci \Device\USBPDO-1 85B501F8
Device \Driver\usbuhci \Device\USBPDO-2 85B501F8
Device \Driver\usbuhci \Device\USBPDO-3 85B501F8
Device \Driver\usbehci \Device\USBPDO-4 85AB2500

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\PCI_PNP9092 \Device\00000063 spdy.sys
Device \Driver\volmgr \Device\HarddiskVolume1 848DF1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 848DF1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85A271F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 848E11F8
Device \Driver\atapi \Device\Ide\IdePort0 848E11F8
Device \Driver\atapi \Device\Ide\IdePort1 848E11F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 848E21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 848E11F8
Device \Driver\cdrom \Device\CdRom1 85A271F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A0D4F535-6931-4D9E-9B05-B80AB9440E8C} 85A301F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85A301F8
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 85B501F8
Device \Driver\usbuhci \Device\USBFDO-1 85B501F8
Device \Driver\usbuhci \Device\USBFDO-2 85B501F8
Device \Driver\usbuhci \Device\USBFDO-3 85B501F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F58112FB-8601-4B06-AD58-69D406F2FC4C} 85A301F8
Device \Driver\sptd \Device\2171771592 spdy.sys
Device \Driver\usbehci \Device\USBFDO-4 85AB2500
Device \Driver\aar2cj2r \Device\Scsi\aar2cj2r1 85C04500
Device \Driver\aar2cj2r \Device\Scsi\aar2cj2r1Port2Path0Target0Lun0 85C04500
Device \FileSystem\cdfs \Cdfs 873F8500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0xCB 0xE4 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0x20 0x96 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0x23 0x42 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xAE 0x2A 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0x20 0x96 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0x23 0x42 0xFE ...

---- EOF - GMER 1.0.15 ----

#4
kahdah

Posted 28 November 2010 - 07:59 AM

GeekU Teacher

Retired Staff
15,822 posts

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#5
msmarc

Posted 28 November 2010 - 01:30 PM

New Member

Topic Starter
Member
4 posts

I ran ComboFix without problems and it gave the following report. I should also mention that ComboFix restarted my computer while running. When it was finished I was unable to run any program on my computer or open any file. I continually received an error from explorer.exe stating something like "Opening whatever.txt is illegal because the registry key is mean't to be deleted." After I restarted everything seems pretty normal now. Not sure if it mattered

Heres the log:

ComboFix 10-11-27.01 - Seven 01/28/2006 19:32:53.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1527.817 [GMT 1:00]
Running from: c:\users\Seven\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\da-DK\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\da-DK\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\de-DE\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\de-DE\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\es-ES\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\es-ES\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\fi-FI\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\fi-FI\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\fr-FR\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\fr-FR\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\it-IT\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\it-IT\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\ja-JP\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\ja-JP\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\ko-KR\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\ko-KR\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\nb-NO\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\nb-NO\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\nl-NL\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\nl-NL\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\pt-BR\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\pt-BR\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\sv-SE\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\sv-SE\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\zh-CN\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\zh-CN\GuideBuilderInfo.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\zh-TW\GuideBuilder.resources.dll
c:\program files\Adobe\Acrobat 9.0\Designer 8.2\plugins\GuideBuilder\zh-TW\GuideBuilderInfo.dll
c:\users\Seven\AppData\Roaming\fm.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691!explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691!explorer.exe
.
((((((((((((((((((((((((( Files Created from 2005-12-28 to 2006-01-28 )))))))))))))))))))))))))))))))
.

2010-10-29 13:13 . 2010-10-29 13:13 -------- d-----r- C:\EsseDiCom (MAMMUT-SERVER)
2010-10-29 11:49 . 2010-10-29 11:49 -------- d-----w- C:\teamsysdata
2010-10-29 09:50 . 2010-10-29 11:48 -------- d-----w- C:\YouTrack
2010-10-05 13:47 . 2010-10-05 13:47 -------- d-----w- C:\inetpub
2010-10-05 13:37 . 2010-10-05 13:37 -------- d-----w- C:\PsTools
2010-09-11 14:25 . 2010-09-11 14:25 -------- d-----w- C:\Recovery
2009-07-14 04:53 . 2009-07-14 04:53 -------- d-sh--we C:\Documents and Settings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 02:10 . 2009-07-14 04:54 4096 ----a-w- c:\windows\system32\drivers\en-US\wacompen.sys.mui
2009-07-14 02:10 . 2009-07-14 04:55 5632 ----a-w- c:\windows\system32\drivers\en-US\msdsm.sys.mui
2009-07-14 02:10 . 2009-07-14 04:55 9728 ----a-w- c:\windows\system32\drivers\en-US\k57nd60x.sys.mui
2009-07-14 02:09 . 2009-07-14 04:54 11776 ----a-w- c:\windows\system32\drivers\en-US\1394ohci.sys.mui
2009-07-14 02:09 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\volmgrx.sys.mui
2009-07-14 02:09 . 2009-07-14 04:54 2048 ----a-w- c:\windows\system32\drivers\en-US\bthenum.sys.mui
2009-07-14 02:09 . 2009-07-14 04:54 5632 ----a-w- c:\windows\system32\drivers\en-US\ndiscap.sys.mui
2009-07-14 02:09 . 2009-07-14 04:54 10240 ----a-w- c:\windows\system32\drivers\en-US\BrSerId.sys.mui
2009-07-14 02:09 . 2009-07-14 04:54 11776 ----a-w- c:\windows\system32\drivers\en-US\ohci1394.sys.mui
2009-07-14 02:09 . 2009-07-14 04:55 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
2009-07-14 02:09 . 2009-07-14 04:55 10752 ----a-w- c:\windows\system32\drivers\en-US\e1q6032.sys.mui
2009-07-14 02:09 . 2009-07-14 04:55 10240 ----a-w- c:\windows\system32\drivers\en-US\serial.sys.mui
2009-07-14 02:09 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\BTHUSB.SYS.mui
2009-07-14 02:09 . 2009-07-14 04:54 14336 ----a-w- c:\windows\system32\drivers\en-US\viac7.sys.mui
2009-07-14 02:09 . 2009-07-14 04:54 3072 ----a-w- c:\windows\system32\drivers\en-US\HdAudio.sys.mui
2009-07-14 02:09 . 2009-07-14 04:55 16896 ----a-w- c:\windows\system32\drivers\en-US\E1G60I32.sys.mui
2009-07-14 02:09 . 2009-07-14 04:55 25600 ----a-w- c:\windows\system32\drivers\en-US\bfe.dll.mui
2009-07-14 02:09 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2009-07-14 02:09 . 2009-07-14 04:55 2048 ----a-w- c:\windows\system32\drivers\en-US\wd.sys.mui
2009-07-14 02:08 . 2009-07-14 04:55 4096 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2009-07-14 02:08 . 2009-07-14 04:55 44032 ----a-w- c:\windows\system32\drivers\en-US\tcpip.sys.mui
2009-07-14 02:08 . 2009-07-14 04:54 59904 ----a-w- c:\windows\system32\drivers\en-US\ntfs.sys.mui
2009-07-14 02:08 . 2009-07-14 04:55 14848 ----a-w- c:\windows\system32\drivers\en-US\afd.sys.mui
2009-07-14 02:08 . 2009-07-14 04:55 2560 ----a-w- c:\windows\system32\drivers\en-US\srv.sys.mui
2009-07-14 02:08 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\partmgr.sys.mui
2009-07-14 02:08 . 2009-07-14 04:54 6144 ----a-w- c:\windows\system32\drivers\en-US\luafv.sys.mui
2009-07-14 02:08 . 2009-07-14 04:55 5120 ----a-w- c:\windows\system32\drivers\en-US\bcm4sbxp.sys.mui
2009-07-14 02:08 . 2009-07-14 04:55 2560 ----a-w- c:\windows\system32\drivers\en-US\serscan.sys.mui
2009-07-14 02:08 . 2009-07-14 04:55 19968 ----a-w- c:\windows\system32\drivers\en-US\e1y6032.sys.mui
2009-07-14 02:08 . 2009-07-14 04:54 2048 ----a-w- c:\windows\system32\drivers\en-US\disk.sys.mui
2009-07-14 02:08 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\SISAGP.SYS.mui
2009-07-14 02:07 . 2009-07-14 04:55 2048 ----a-w- c:\windows\system32\drivers\en-US\amdide.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\AGP440.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 32256 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2009-07-14 02:07 . 2009-07-14 04:55 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 3072 ----a-w- c:\windows\system32\drivers\en-US\RNDISMP.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 9728 ----a-w- c:\windows\system32\drivers\en-US\ltmdmnt.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 3072 ----a-w- c:\windows\system32\drivers\en-US\hidbth.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 14336 ----a-w- c:\windows\system32\drivers\en-US\amdppm.sys.mui
2009-07-14 02:07 . 2009-07-14 04:55 3072 ----a-w- c:\windows\system32\drivers\en-US\rndismpx.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 7680 ----a-w- c:\windows\system32\drivers\en-US\bthport.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 15360 ----a-w- c:\windows\system32\drivers\en-US\pacer.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 14336 ----a-w- c:\windows\system32\drivers\en-US\amdk8.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2009-07-14 02:07 . 2009-07-14 04:55 3072 ----a-w- c:\windows\system32\drivers\en-US\umbus.sys.mui
2009-07-14 02:07 . 2009-07-14 04:55 3072 ----a-w- c:\windows\system32\drivers\en-US\getn62.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\VIAAGP.SYS.mui
2009-07-14 02:07 . 2009-07-14 04:55 26624 ----a-w- c:\windows\system32\drivers\en-US\mpio.sys.mui
2009-07-14 02:07 . 2009-07-14 04:54 5632 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2009-07-14 02:06 . 2009-07-14 04:54 2048 ----a-w- c:\windows\system32\drivers\en-US\cdrom.sys.mui
2009-07-14 02:06 . 2009-07-14 04:54 9216 ----a-w- c:\windows\system32\drivers\en-US\acpi.sys.mui
2009-07-14 02:06 . 2009-07-14 04:54 13824 ----a-w- c:\windows\system32\drivers\en-US\nwifi.sys.mui
2009-07-14 02:06 . 2009-07-14 04:55 19968 ----a-w- c:\windows\system32\drivers\en-US\e1e6032.sys.mui
2009-07-14 02:06 . 2009-07-14 04:55 2048 ----a-w- c:\windows\system32\drivers\en-US\vwifibus.sys.mui
2009-07-14 02:06 . 2009-07-14 04:55 2560 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2009-07-14 02:06 . 2009-07-14 04:55 3584 ----a-w- c:\windows\system32\drivers\en-US\modem.sys.mui
2009-07-14 02:06 . 2009-07-14 04:55 4096 ----a-w- c:\windows\system32\drivers\en-US\tpm.sys.mui
2009-07-14 02:06 . 2009-07-14 04:54 4096 ----a-w- c:\windows\system32\drivers\en-US\hdaudbus.sys.mui
2009-07-14 02:06 . 2009-07-14 04:55 3072 ----a-w- c:\windows\system32\drivers\en-US\ataport.sys.mui
2009-07-14 02:06 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\Dot4usb.sys.mui
2009-07-14 02:05 . 2009-07-14 04:55 2560 ----a-w- c:\windows\system32\drivers\en-US\scfilter.sys.mui
2009-07-14 02:05 . 2009-07-14 04:54 3072 ----a-w- c:\windows\system32\drivers\en-US\atikmdag.sys.mui
2009-07-14 02:05 . 2009-07-14 04:55 3584 ----a-w- c:\windows\system32\drivers\en-US\vhdmp.sys.mui
2009-07-14 02:05 . 2009-07-14 04:54 14336 ----a-w- c:\windows\system32\drivers\en-US\intelppm.sys.mui
2009-07-14 02:05 . 2009-07-14 04:54 3584 ----a-w- c:\windows\system32\drivers\en-US\isapnp.sys.mui
2009-07-14 02:04 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\pnpmem.sys.mui
2009-07-14 02:04 . 2009-07-14 04:54 4096 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2009-07-14 02:04 . 2009-07-14 04:55 3072 ----a-w- c:\windows\system32\drivers\en-US\scsiport.sys.mui
2009-07-14 02:04 . 2009-07-14 04:55 2560 ----a-w- c:\windows\system32\drivers\en-US\parvdm.sys.mui
2009-07-14 02:04 . 2009-07-14 04:55 14336 ----a-w- c:\windows\system32\drivers\en-US\fvevol.sys.mui
2009-07-14 02:04 . 2009-07-14 04:55 2560 ----a-w- c:\windows\system32\drivers\UMDF\en-US\WpdMtpDr.dll.mui
2009-07-14 02:04 . 2009-07-14 04:55 11776 ----a-w- c:\windows\system32\drivers\en-US\usbhub.sys.mui
2009-07-14 02:04 . 2009-07-14 04:55 10240 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2009-07-14 02:04 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\qwavedrv.sys.mui
2009-07-14 02:04 . 2009-07-14 04:55 5120 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2009-07-14 02:04 . 2009-07-14 04:54 8192 ----a-w- c:\windows\system32\drivers\en-US\pci.sys.mui
2009-07-14 02:04 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\GAGP30KX.SYS.mui
2009-07-14 02:04 . 2009-07-14 04:55 9728 ----a-w- c:\windows\system32\drivers\en-US\b57nd60x.sys.mui
2009-07-14 02:04 . 2009-07-14 04:55 2048 ----a-w- c:\windows\system32\drivers\en-US\ws2ifsl.sys.mui
2009-07-14 02:04 . 2009-07-14 04:54 7168 ----a-w- c:\windows\system32\drivers\en-US\battc.sys.mui
2009-07-14 02:04 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\ULIAGPKX.SYS.mui
2009-07-14 02:04 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\UAGP35.SYS.mui
2009-07-14 02:04 . 2009-07-14 04:54 10240 ----a-w- c:\windows\system32\drivers\en-US\BrSerIb.sys.mui
2009-07-14 02:04 . 2009-07-14 04:55 2560 ----a-w- c:\windows\system32\drivers\en-US\MTConfig.sys.mui
2009-07-14 02:03 . 2009-07-14 04:55 3584 ----a-w- c:\windows\system32\drivers\en-US\pscr.sys.mui
2009-07-14 02:03 . 2009-07-14 04:55 2048 ----a-w- c:\windows\system32\drivers\en-US\usbrpm.sys.mui
2009-07-14 02:03 . 2009-07-14 04:55 7680 ----a-w- c:\windows\system32\drivers\en-US\tunnel.sys.mui
2009-07-14 02:03 . 2009-07-14 04:54 3584 ----a-w- c:\windows\system32\drivers\en-US\ipnat.sys.mui
2009-07-14 02:03 . 2009-07-14 04:55 5120 ----a-w- c:\windows\system32\drivers\en-US\e100b325.sys.mui
2009-07-14 02:03 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\AMDAGP.SYS.mui
2009-07-14 02:03 . 2009-07-14 04:55 23552 ----a-w- c:\windows\system32\drivers\en-US\volsnap.sys.mui
2009-07-14 02:03 . 2009-07-14 04:54 5120 ----a-w- c:\windows\system32\drivers\en-US\fltmgr.sys.mui
2009-07-14 02:03 . 2009-07-14 04:55 32256 ----a-w- c:\windows\system32\drivers\en-US\yk62x86.sys.mui
2009-07-14 02:02 . 2009-07-14 04:54 14336 ----a-w- c:\windows\system32\drivers\en-US\processr.sys.mui
2009-07-14 02:02 . 2009-07-14 04:55 4096 ----a-w- c:\windows\system32\drivers\en-US\pcmcia.sys.mui
2009-07-14 02:02 . 2009-07-14 04:55 24576 ----a-w- c:\windows\system32\drivers\en-US\usbport.sys.mui
2009-07-14 02:02 . 2009-07-14 04:54 2560 ----a-w- c:\windows\system32\drivers\en-US\BrParwdm.sys.mui
2009-07-14 02:02 . 2009-07-14 04:54 3584 ----a-w- c:\windows\system32\drivers\en-US\vdrvroot.sys.mui
2009-07-14 02:02 . 2009-07-14 04:54 4608 ----a-w- c:\windows\system32\drivers\en-US\bthpan.sys.mui
2009-07-14 02:02 . 2009-07-14 04:55 10240 ----a-w- c:\windows\system32\drivers\en-US\e1k6032.sys.mui
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2009-12-14 515560]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-01-08 392424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avvio veloce di Adobe Acrobat.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Avvio veloce di Adobe Acrobat.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 16:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-14 515560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-25 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-22 1375992]
S2 YouTrack;YouTrack Web Server;c:\youtrack\bin\tomcat6.exe [2010-03-09 61440]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Clip and Edit - c:\program files\JetBrains\Omea\IexploreOmeaW.dll/1000
IE: Clip and Save - c:\program files\JetBrains\Omea\IexploreOmeaW.dll/1001
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti destinazione link in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Subscribe to Feed - c:\program files\JetBrains\Omea\IexploreOmeaW.dll/1002
FF - ProfilePath - c:\users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\juw8b2km.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Firebug: [email protected] - c:\users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\juw8b2km.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-AdobeAAMUpdater-1.0 - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSConfigStartUp-Google Update - c:\users\Seven\AppData\Local\Google\Update\GoogleUpdate.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2006-01-28 20:16:18 - machine was rebooted
ComboFix-quarantined-files.txt 2006-01-28 19:16

Pre-Run: 157,379,272,704 bytes free
Post-Run: 157,372,174,336 bytes free

- - End Of File - - 4FD012AAFF7DB1997D1745C0CC9394F3

#6
kahdah

Posted 28 November 2010 - 02:11 PM

GeekU Teacher

Retired Staff
15,822 posts

That can happen after running combofix.
Rebooting it will fix it.
The explorer error was because Explorer.exe was infected.
Combofix replaced it with a good copy.
=============================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

#7
msmarc

Posted 28 November 2010 - 04:53 PM

New Member

Topic Starter
Member
4 posts

Malware Bytes ran with no found viruses:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5207

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/28/2006 9:34:58 PM
mbam-log-2006-01-28 (21-34-58).txt

Scan type: Quick scan
Objects scanned: 141187
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET Found two infections:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7d6458ea73468b4fb01afc7bcb88b544
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2006-01-28 10:39:29
# local_time=2006-01-28 11:39:29 (+0100, W. Europe Standard Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 0 31822 24559 0
# compatibility_mode=5893 16776573 100 94 0 0 0 0
# compatibility_mode=8192 67108863 100 0 4897 4897 0 0
# scanned=235312
# found=2
# cleaned=2
# scan_time=4812
C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir Win32/Bamital.EV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir Win32/Bamital.EV trojan (deleted - quarantined) 00000000000000000000000000000000 C

I haven't had any problems with my browsers through so hopefully the issue is resolved.