Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus regenerates

Started by Andreib18 , Jan 15 2011 08:22 AM

  • This topic is locked This topic is locked

#16
Andreib18
Posted 19 January 2011 - 03:15 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Now I have another problem,when I was sleeping my dad searching some documents and take the cd with sality and inevitable it was infested now my computer is a junk,I run somne reg command for safemode and disnable autorun and rmslt from avg(it takes about six hours) and afeter boot the sistem isn't clean,task manager still doesen't work and I have autorun.inf on my drives.What should I do ?Oh and avira is closed.Thanks in advice!
  • 0

Advertisements

#17
Essexboy
Posted 19 January 2011 - 03:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First thing is destroy the CD

And to be honest at this stage I would recommend a reformat and reinstall. There is a tutorial here which may help as the virus now appears to have run rampant through your system and probably damaged a lot of files beyond repair
  • 0

#18
Andreib18
Posted 19 January 2011 - 03:38 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
yes,but now I have to copy a folder with my dad's work(it contains .dxf files and .txt files) can I copy that folder?I have a backup copy of folder but hi work every day and in a week he makes alot of measuring.
  • 0

#19
Essexboy
Posted 19 January 2011 - 03:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As long as they are not exe, com, scr or zip files you should be OK
  • 0

#20
Andreib18
Posted 19 January 2011 - 03:50 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Now after virus removal from avg after enter that command lines my task manager and regedit works and autoruns was deleted and not appear,can still keep my installation of windows?(it takes several hours to install windows and all of the programs)
  • 0

#21
Essexboy
Posted 19 January 2011 - 03:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It depends on how confident you are about the state of your system files

Lets see if any remnants remain

[Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • 0

#22
Andreib18
Posted 19 January 2011 - 04:18 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Only one .txt(otl) extras isn't on dextop and don't pop-up
:
OTL logfile created on: 1/18/2011 12:11:32 PM - Run 3
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): D:\pagefile.sys 1000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 6.00 Gb Free Space | 61.47% Space Free | Partition Type: NTFS
Drive D: | 28.51 Gb Total Space | 20.92 Gb Free Space | 73.37% Space Free | Partition Type: NTFS
Drive F: | 3.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 1F67CAB984064B2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MSIServer) -- File not found
SRV - (HidServ) -- File not found
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)


========== Driver Services (SafeList) ==========

DRV - (ute4odky) -- C:\WINDOWS\system32\drivers\ute4odky.sys ()
DRV - (uze4odky) -- C:\WINDOWS\system32\drivers\uze4odky.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (adusbser) -- C:\WINDOWS\system32\drivers\adusbser.sys (AnyDATA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (d344bus) -- C:\WINDOWS\system32\DRIVERS\d344bus.sys ( )
DRV - (d344prt) -- C:\WINDOWS\System32\Drivers\d344prt.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/01/14 05:56:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011/01/11 12:49:57 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/14 13:19:34 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{18d15e9f-1d5b-11e0-b9b7-e184bcfa9b60}\Shell - "" = AutoRun
O33 - MountPoints2\{18d15e9f-1d5b-11e0-b9b7-e184bcfa9b60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18d15e9f-1d5b-11e0-b9b7-e184bcfa9b60}\Shell\AutoRun\command - "" = F:\Launcher.exe -- [2009/10/14 13:19:34 | 000,229,376 | R--- | M] (AnyDATA.NET)
O33 - MountPoints2\{8a2e82bc-1d40-11e0-b9b3-c2ebcaabed48}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2e82bc-1d40-11e0-b9b3-c2ebcaabed48}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a2e82bc-1d40-11e0-b9b3-c2ebcaabed48}\Shell\AutoRun\command - "" = F:\Launcher.exe -- [2009/10/14 13:19:34 | 000,229,376 | R--- | M] (AnyDATA.NET)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54901231209938944)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/18 12:06:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/18 12:05:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:22:08 | 006,470,576 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/16 12:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/01/15 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2011/01/15 11:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FullTiltPoker
[2011/01/15 11:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2011/01/15 11:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2011/01/15 11:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/01/15 10:01:07 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/14 13:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/01/14 06:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/14 06:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/14 04:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hunting Unlimited 2010
[2011/01/14 03:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\turnee
[2011/01/14 03:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2011/01/14 01:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/01/14 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2011/01/13 12:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DllCache
[2011/01/13 12:47:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/13 11:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/01/13 11:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/13 06:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Break For Games
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/13 05:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/01/13 04:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/13 04:51:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/13 04:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/13 04:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/13 04:51:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/13 04:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 04:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Express
[2011/01/13 04:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Online Express
[2011/01/13 04:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/01/12 11:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Webteh
[2011/01/12 11:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2011/01/12 07:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2011/01/12 06:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/01/12 04:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Generare CP 2.0
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Generare CP
[2011/01/11 19:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2011/01/11 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2011/01/11 15:47:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/01/11 15:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/01/11 15:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/01/11 15:47:33 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/01/11 15:47:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/01/11 15:45:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/01/11 15:45:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/01/11 15:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/01/11 15:45:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/01/11 15:35:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/01/11 15:35:21 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/01/11 15:35:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/01/11 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Geotop
[2011/01/11 13:36:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/11 13:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/01/11 13:21:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/11 13:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/01/11 13:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/01/11 12:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/01/11 12:53:53 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2011/01/11 12:53:44 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2011/01/11 12:53:43 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2011/01/11 12:53:43 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2011/01/11 12:53:43 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2011/01/11 12:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011/01/11 12:53:28 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011/01/11 12:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2011/01/11 12:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoCAD Map 2000i
[2011/01/11 12:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2011/01/11 12:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD Map 2000i
[2011/01/11 12:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ModemDriver
[2011/01/11 12:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\GenerareCP
[2011/01/11 12:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\Raster Design 2006
[2011/01/11 12:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/01/11 12:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/11 12:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TopoLT
[2011/01/11 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\TopoLT
[2011/01/11 12:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2006
[2011/01/11 12:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2011/01/11 12:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/01/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/01/11 12:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2011/01/11 12:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/01/11 11:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/01/11 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java Web Start
[2011/01/11 11:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/01/11 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/11 11:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/11 11:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2011/01/11 11:39:18 | 000,478,720 | ---- | C] (Webroot Software, Inc) -- C:\WINDOWS\WRUninstall.dll
[2011/01/11 11:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2011/01/11 11:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/01/11 11:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/11 11:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/01/11 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/11 11:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/01/11 11:09:33 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/01/11 11:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/01/11 11:04:30 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys
[2011/01/11 11:04:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys
[2011/01/11 11:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2011/01/11 11:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/01/11 10:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/01/11 10:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/01/11 10:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/01/11 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/11 10:43:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/01/11 10:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/11 10:39:58 | 000,093,440 | R--- | C] (AnyDATA Corporation) -- C:\WINDOWS\System32\drivers\adusbser.sys
[2011/01/11 10:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/01/11 10:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/01/11 10:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/01/11 10:37:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/01/11 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/11 10:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/01/11 10:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/01/11 10:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/01/11 10:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/11 10:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/01/11 10:35:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/01/11 10:35:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/01/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/01/11 10:35:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/01/11 10:34:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/01/11 10:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/11 10:34:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/01/11 10:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/01/11 10:30:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/01/11 10:30:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/01/11 10:29:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/11 10:29:35 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/01/11 10:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/01/11 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/01/11 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/01/11 10:28:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/01/11 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/01/11 10:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/01/11 10:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/01/11 10:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/01/11 10:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/01/11 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/01/11 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/01/11 10:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/01/11 10:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/01/11 10:27:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/01/11 10:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/01/11 10:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/01/11 10:26:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/01/11 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/01/11 10:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/01/11 10:25:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/01/11 10:25:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/01/11 10:24:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

========== Files - Modified Within 30 Days ==========

[2011/01/18 12:08:51 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/18 12:08:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/18 12:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:30:32 | 006,470,576 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/18 02:46:13 | 000,000,329 | ---- | M] () -- C:\WINDOWS\red_dialer.ini
[2011/01/17 21:10:40 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/15 11:32:26 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:11:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/15 10:01:07 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/15 10:01:04 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/14 06:32:58 | 000,029,874 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/14 05:56:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/14 04:20:45 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 12:57:03 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 05:54:13 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:29:25 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:24 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 10:21:47 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:49:31 | 000,428,637 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:06:23 | 000,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/12 04:06:23 | 000,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/12 03:28:07 | 000,000,250 | RHS- | M] () -- C:\boot.ini
[2011/01/11 13:46:32 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 13:00:12 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 12:56:08 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:49:57 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/11 12:49:57 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/11 12:38:07 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/11 12:34:13 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 12:23:29 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/11 12:23:29 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/11 11:33:44 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:45:34 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/01/11 10:44:41 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/11 10:37:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:37:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:35:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/11 10:34:34 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:20 | 000,002,357 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 10:32:26 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/11 10:32:14 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 10:26:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/15 16:03:12 | 000,006,354 | ---- | C] () -- C:\WINDOWS\ich2aud.cat
[2011/01/15 16:03:12 | 000,003,773 | ---- | C] () -- C:\WINDOWS\ICH2AUD.inf
[2011/01/15 11:32:25 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:01:04 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/15 06:52:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/14 06:32:55 | 000,029,874 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/13 12:57:03 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 11:57:28 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 06:31:53 | 001,374,232 | ---- | C] () -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/01/13 06:31:45 | 000,017,928 | ---- | C] () -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/01/13 05:54:13 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:33:07 | 000,000,329 | ---- | C] () -- C:\WINDOWS\red_dialer.ini
[2011/01/13 04:29:25 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:23 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:50:53 | 000,428,637 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:49:30 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-044930.backup
[2011/01/12 04:07:47 | 000,002,269 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/11 15:47:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 15:47:16 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/01/11 15:45:20 | 000,201,736 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 15:43:24 | 000,000,250 | RHS- | C] () -- C:\boot.ini
[2011/01/11 15:43:19 | 000,002,357 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 13:46:32 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:49:57 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/11 12:41:53 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/11 12:38:07 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/11 12:34:13 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 12:23:29 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/11 12:23:29 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/11 12:01:53 | 000,089,134 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/11 12:00:37 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/01/11 11:42:12 | 000,045,163 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2011/01/11 11:42:12 | 000,045,161 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2011/01/11 11:39:19 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2011/01/11 11:39:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2011/01/11 11:33:43 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:45:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/11 10:44:41 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/11 10:37:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:37:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:34:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/11 10:32:26 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,047 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/01/11 10:26:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/11 10:25:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/01/11 10:25:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/01/11 10:25:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/01/11 10:25:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/01/11 10:25:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/01/11 10:25:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/01/11 10:25:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/01/11 10:25:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/01/11 10:25:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/01/11 10:25:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/01/11 10:25:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/01/11 10:25:52 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/01/11 10:25:52 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/01/11 10:25:51 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/01/11 10:25:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2007/03/01 11:06:37 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/01 11:06:37 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/01 11:06:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/01 11:06:37 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/03/01 11:06:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/01 11:06:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/01 11:06:37 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/03 22:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/12/27 20:43:24 | 000,068,608 | ---- | C] () -- C:\WINDOWS\daemon.dll

========== LOP Check ==========

[2011/01/11 12:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 11:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/13 05:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/14 06:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/01/11 12:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 13:36:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2005/12/15 05:18:10 | 001,391,104 | ---- | M] (Microsoft Corporation) MD5=2FBCC19159C7D2EB3E400172B4433917 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004/08/03 22:26:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 22:26:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 22:26:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#23
Essexboy
Posted 19 January 2011 - 04:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see nothing apparent there how is the computer running ? Do you still have AVPtool on your desktop
  • 0

#24
Andreib18
Posted 19 January 2011 - 04:35 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
After unistalling avira with ccleaner it's work like speedy gonzales:))) the only program that doesn't work is autocad .I cannot run uninstaller so my mind thinks to: (i know is silly)
remove folder from program files than run ccleaner and remove reg errors than in appdata delete what have to do with autodesk:)) but now I cannot run installer ,it says to me that autocad is already installed,hmm how can i remove it from computer?
LE: Yes I have avptool on my desktop

Edited by Andreib18, 19 January 2011 - 04:35 PM.

  • 0

#25
Essexboy
Posted 19 January 2011 - 04:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You could try revo uninstaller in the Forced Uninstall uninstall mode, to use this you will need to download thetrial pro version

Revo Uninstaller Pro has a very powerful feature called Forced Uninstall. This feature allows you to remove leftovers of programs that are already uninstalled, incomplete installations and uninstall remnants of programs! It does not matter if the program, you want to remove, is not listed in Revo Uninstaller Pro or in Windows Add/Remove Programs Control Panel applet. Forced Uninstall gives power to the user but still keeps the safety and the accuracy of the results. It is very useful when the installation is corrupted and cannot continue further. Forced Uninstall is the best solution when you have to remove partially installed programs, partially uninstalled programs, and programs not listed as installed at all.


  • 0

Advertisements

#26
Andreib18
Posted 19 January 2011 - 05:08 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Thanks that works,what about avptool?
  • 0

#27
Essexboy
Posted 19 January 2011 - 05:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you still have it then have a scan using that to confirm that you are clear
  • 0

#28
Andreib18
Posted 20 January 2011 - 06:34 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
I've run a autoscan and found in temp and in sys volume information.Here is the log:
Autoscan: stopped 12 hours ago (events: 10, objects: 6294, time: 00:11:07)
1/18/2011 1:44:26 PM Task stopped
1/18/2011 1:43:51 PM Untreated: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\winjhlw.exe/UPX Skipped by user
1/18/2011 1:43:49 PM Detected: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\winjhlw.exe/UPX
1/18/2011 1:43:47 PM Untreated: Trojan-PSW.Win32.Agent.vrk C:\Documents and Settings\Administrator\Local Settings\Temp\ayqur.exe Skipped by user
1/18/2011 1:43:46 PM Untreated: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\bykyf.exe/UPX Skipped by user
1/18/2011 1:43:46 PM Untreated: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\winicqkg.exe/UPX Skipped by user
1/18/2011 1:43:20 PM Detected: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\winicqkg.exe/UPX
1/18/2011 1:43:20 PM Detected: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\bykyf.exe/UPX
1/18/2011 1:43:20 PM Detected: Trojan-PSW.Win32.Agent.vrk C:\Documents and Settings\Administrator\Local Settings\Temp\ayqur.exe
1/18/2011 1:33:03 PM Task started
Autoscan: malfunction (events: 1, objects: 0, time: Unknown)
1/18/2011 2:08:43 PM Task started
Autoscan: completed 6 hours ago (events: 31, objects: 86367, time: 06:03:55)
1/18/2011 8:16:39 PM Task completed
1/18/2011 3:19:20 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007155.exe
1/18/2011 3:19:20 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007155.exe
1/18/2011 3:19:17 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007156.exe
1/18/2011 3:19:16 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007156.exe
1/18/2011 3:19:07 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007154.exe
1/18/2011 3:19:06 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007154.exe
1/18/2011 3:18:59 PM Detected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007155.exe
1/18/2011 3:18:59 PM Detected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007156.exe
1/18/2011 3:18:57 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007153.exe
1/18/2011 3:18:57 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007152.exe
1/18/2011 3:18:56 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007153.exe
1/18/2011 3:18:54 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007152.exe
1/18/2011 3:18:51 PM Detected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007154.exe
1/18/2011 3:18:50 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007151.exe
1/18/2011 3:18:45 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007151.exe
1/18/2011 3:18:37 PM Detected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007153.exe
1/18/2011 3:18:34 PM Detected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007152.exe
1/18/2011 3:18:29 PM Detected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007151.exe
1/18/2011 3:18:25 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007150.exe
1/18/2011 3:18:24 PM Disinfected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007150.exe
1/18/2011 3:17:53 PM Detected: Virus.Win32.Sality.bh C:\System Volume Information\_restore{FA30663D-D842-41D4-9F4B-003CC70BD35E}\RP5\A0007150.exe
1/18/2011 2:17:51 PM Deleted: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\winjhlw.exe
1/18/2011 2:17:38 PM Detected: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\winjhlw.exe/UPX
1/18/2011 2:17:34 PM Deleted: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\bykyf.exe
1/18/2011 2:17:34 PM Deleted: Trojan-PSW.Win32.Agent.vrk C:\Documents and Settings\Administrator\Local Settings\Temp\ayqur.exe
1/18/2011 2:17:34 PM Deleted: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\winicqkg.exe
1/18/2011 2:15:57 PM Detected: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\winicqkg.exe/UPX
1/18/2011 2:15:57 PM Detected: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Administrator\Local Settings\Temp\bykyf.exe/UPX
1/18/2011 2:15:57 PM Detected: Trojan-PSW.Win32.Agent.vrk C:\Documents and Settings\Administrator\Local Settings\Temp\ayqur.exe
1/18/2011 2:12:40 PM Task started
Autoscan: stopped 1 hour ago (events: 2, objects: 0, time: 00:01:22)
1/19/2011 12:40:40 AM Task stopped
1/19/2011 12:39:17 AM Task started
Autoscan: completed 57 minutes ago (events: 2, objects: 50403, time: 00:20:02)
1/19/2011 1:34:37 AM Task completed
1/19/2011 1:14:33 AM Task started
  • 0

#29
Essexboy
Posted 20 January 2011 - 12:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets do one final check with combofix, but first lets clear the restore points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#30
Andreib18
Posted 20 January 2011 - 03:41 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Here is combofix log:
ComboFix 11-01-10.04 - Administrator 01/19/2011 11:33:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.126 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\daemon.dll

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-19 05:36 . 2011-01-19 05:36 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1997-07-21 14:00 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-22 21:30 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 06:36 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 06:36 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 06:36 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.

------- Sigcheck -------

[-] 2005-12-05 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2005-12-14 . 2FBCC19159C7D2EB3E400172B4433917 . 1391104 . . [6.00.2900.2180] . . c:\windows\explorer.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-01 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-01 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2004-08-03 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
setup_9.0.0.722_15.01.2011_18-40.lnk - c:\documents and settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_15.01.2011_18-40\startup.exe [2011-1-18 72208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\kituri\\utorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\Explorer.EXE"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\WSCommCntr1.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\acstart16.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4049:TCP"= 4049:TCP:ydkuv

R0 58280162;58280162 Boot Guard Driver;c:\windows\system32\drivers\58280162.sys [1/18/2011 1:28 PM 37392]
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [1/11/2011 11:04 AM 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [1/11/2011 11:04 AM 5248]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/13/2011 12:57 PM 26112]
R1 58280161;58280161;c:\windows\system32\drivers\58280161.sys [1/18/2011 1:28 PM 128016]
R1 setup_9.0.0.722_15.01.2011_18-40drv;setup_9.0.0.722_15.01.2011_18-40drv;c:\windows\system32\drivers\5828016.sys [1/18/2011 1:28 PM 315408]
R1 uze4odky;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uze4odky.sys [1/15/2011 10:01 AM 11264]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [1/11/2011 10:39 AM 93440]
S2 arvnupho;Monitor Helper;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 10:26 PM 14336]
S2 vqkqz;Universal Security;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 10:26 PM 14336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/18/2011 12:51 PM 27064]
S3 ute4odky;AVZ Kernel Driver;c:\windows\system32\drivers\ute4odky.sys [1/15/2011 6:52 AM 7168]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
arvnupho
vqkqz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d15e9f-1d5b-11e0-b9b7-e184bcfa9b60}]
\Shell\AutoRun\command - F:\Launcher.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {27E57A6E-1765-4277-A225-3B2CD82B6801} = 172.16.253.241 172.16.253.242
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 11:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-19 11:39:51
ComboFix-quarantined-files.txt 2011-01-19 06:09

Pre-Run: 6,423,429,120 bytes free
Post-Run: 6,388,756,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /kernel=oemkrnl.exe /kernel=oemkrnl.exe

- - End Of File - - 96D1191BEE2B76D5DA762F3DF7A5378D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP