Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus regenerates

Started by Andreib18 , Jan 15 2011 08:22 AM

  • This topic is locked This topic is locked

#31
Essexboy
Posted 20 January 2011 - 03:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you update combofix as it is outdated, I do not know whether this system will be cleaned properly, have you destroyed the disc with sality on it

Then


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

NetSvc::
arvnupho
vqkqz

Driver::
arvnupho
vqkqz

SRPeek::
c:\windows\system32\drivers\tcpip.sys
c:\windows\explorer.exe
c:\windows\regedit.exe



3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

Advertisements

#32
Andreib18
Posted 20 January 2011 - 04:47 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
ComboFix:
ComboFix 11-01-19.04 - Administrator 01/19/2011 12:16:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.90 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\SendTo\RemoveOnReboot.exe

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ARVNUPHO
-------\Legacy_VQKQZ
-------\Service_arvnupho
-------\Service_vqkqz


((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-19 05:36 . 2011-01-19 05:36 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1997-07-21 14:00 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-22 21:30 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 06:36 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 06:36 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 06:36 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2005-12-05 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2005-12-14 . 2FBCC19159C7D2EB3E400172B4433917 . 1391104 . . [6.00.2900.2180] . . c:\windows\explorer.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-01 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-01 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2004-08-03 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
setup_9.0.0.722_15.01.2011_18-40.lnk - c:\documents and settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_15.01.2011_18-40\startup.exe [2011-1-18 72208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\kituri\\utorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\WSCommCntr1.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\acstart16.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4049:TCP"= 4049:TCP:ydkuv

R0 58280162;58280162 Boot Guard Driver;c:\windows\system32\drivers\58280162.sys [1/18/2011 1:28 PM 37392]
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [1/11/2011 11:04 AM 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [1/11/2011 11:04 AM 5248]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/13/2011 12:57 PM 26112]
R1 58280161;58280161;c:\windows\system32\drivers\58280161.sys [1/18/2011 1:28 PM 128016]
R1 setup_9.0.0.722_15.01.2011_18-40drv;setup_9.0.0.722_15.01.2011_18-40drv;c:\windows\system32\drivers\5828016.sys [1/18/2011 1:28 PM 315408]
R1 uze4odky;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uze4odky.sys [1/15/2011 10:01 AM 11264]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [1/11/2011 10:39 AM 93440]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/18/2011 12:51 PM 27064]
S3 ute4odky;AVZ Kernel Driver;c:\windows\system32\drivers\ute4odky.sys [1/15/2011 6:52 AM 7168]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {27E57A6E-1765-4277-A225-3B2CD82B6801} = 172.16.253.241 172.16.253.242
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 12:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Administrator\Desktop\OTL.exe
c:\program files\Opera\opera.exe
.
**************************************************************************
.
Completion time: 2011-01-19 12:33:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-19 07:03
ComboFix2.txt 2011-01-19 06:09

Pre-Run: 6,400,327,680 bytes free
Post-Run: 6,324,649,984 bytes free

- - End Of File - - FB6FAB6F5C633270E55C88D91CA61EE6


And Otl:
OTL logfile created on: 1/19/2011 12:34:00 PM - Run 4
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 61.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): D:\pagefile.sys 1000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 5.89 Gb Free Space | 60.31% Space Free | Partition Type: NTFS
Drive D: | 28.51 Gb Total Space | 21.45 Gb Free Space | 75.22% Space Free | Partition Type: NTFS
Drive F: | 3.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 1F67CAB984064B2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\ComboFix\CF9983.cfxxe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (ute4odky) -- C:\WINDOWS\system32\drivers\ute4odky.sys ()
DRV - (uze4odky) -- C:\WINDOWS\system32\drivers\uze4odky.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (58280162) -- C:\WINDOWS\system32\DRIVERS\58280162.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_15.01.2011_18-40drv) -- C:\WINDOWS\system32\drivers\5828016.sys (Kaspersky Lab)
DRV - (58280161) -- C:\WINDOWS\system32\drivers\58280161.sys (Kaspersky Lab)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (adusbser) -- C:\WINDOWS\system32\drivers\adusbser.sys (AnyDATA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (d344bus) -- C:\WINDOWS\system32\DRIVERS\d344bus.sys ( )
DRV - (d344prt) -- C:\WINDOWS\System32\Drivers\d344prt.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/01/19 12:27:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_15.01.2011_18-40\startup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/11 12:49:57 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/14 13:19:34 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 12:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/19 12:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/01/19 12:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/01/19 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/01/19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player
[2011/01/19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/01/19 11:32:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/19 11:19:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/19 11:19:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/19 11:19:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/19 11:19:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/19 11:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/19 11:18:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/19 11:06:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 07:46:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/19 04:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\IrfanView
[2011/01/19 04:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/01/19 02:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/01/18 14:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoCAD Map 2000i
[2011/01/18 14:05:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2011/01/18 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Raster Design 2006
[2011/01/18 13:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
[2011/01/18 13:28:02 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\5828016.sys
[2011/01/18 13:28:02 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\58280161.sys
[2011/01/18 13:28:02 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\58280162.sys
[2011/01/18 13:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/01/18 13:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2006
[2011/01/18 13:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/01/18 13:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/18 13:11:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/01/18 12:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group
[2011/01/18 12:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/18 12:51:34 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/01/18 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/18 12:40:38 | 007,783,072 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Administrator\Desktop\RevoUninProSetup.exe
[2011/01/18 12:05:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:22:08 | 006,470,576 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/16 12:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/01/15 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2011/01/15 11:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FullTiltPoker
[2011/01/15 11:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2011/01/15 11:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2011/01/15 11:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/01/15 10:01:07 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/14 06:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/14 06:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/14 04:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hunting Unlimited 2010
[2011/01/14 03:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\turnee
[2011/01/14 03:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2011/01/14 01:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/01/14 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2011/01/13 12:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DllCache
[2011/01/13 12:47:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/13 11:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/01/13 11:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/13 06:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Break For Games
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/13 05:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/01/13 04:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/13 04:51:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/13 04:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/13 04:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/13 04:51:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/13 04:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 04:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Express
[2011/01/13 04:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Online Express
[2011/01/13 04:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/01/12 11:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Webteh
[2011/01/12 11:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2011/01/12 07:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2011/01/12 06:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/01/12 04:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Generare CP 2.0
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Generare CP
[2011/01/11 19:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2011/01/11 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2011/01/11 15:47:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/01/11 15:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/01/11 15:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/01/11 15:47:33 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/01/11 15:47:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/01/11 15:45:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/01/11 15:45:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/01/11 15:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/01/11 15:45:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/01/11 15:35:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/01/11 15:35:21 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/01/11 15:35:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/01/11 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Geotop
[2011/01/11 13:36:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/11 13:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/01/11 13:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/01/11 12:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/01/11 12:53:53 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2011/01/11 12:53:44 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2011/01/11 12:53:43 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2011/01/11 12:53:43 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2011/01/11 12:53:43 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2011/01/11 12:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011/01/11 12:53:28 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011/01/11 12:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2011/01/11 12:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD Map 2000i
[2011/01/11 12:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ModemDriver
[2011/01/11 12:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\GenerareCP
[2011/01/11 12:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/01/11 12:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/11 12:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TopoLT
[2011/01/11 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\TopoLT
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 12:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2011/01/11 12:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/01/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/01/11 12:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2011/01/11 12:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/01/11 11:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/01/11 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java Web Start
[2011/01/11 11:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/01/11 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/11 11:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/11 11:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2011/01/11 11:39:18 | 000,478,720 | ---- | C] (Webroot Software, Inc) -- C:\WINDOWS\WRUninstall.dll
[2011/01/11 11:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2011/01/11 11:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/01/11 11:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/11 11:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/01/11 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/11 11:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/01/11 11:09:33 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/01/11 11:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/01/11 11:04:30 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys
[2011/01/11 11:04:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys
[2011/01/11 11:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2011/01/11 11:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/01/11 10:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/01/11 10:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/01/11 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/11 10:43:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/01/11 10:39:58 | 000,093,440 | R--- | C] (AnyDATA Corporation) -- C:\WINDOWS\System32\drivers\adusbser.sys
[2011/01/11 10:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/01/11 10:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/01/11 10:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/01/11 10:37:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/01/11 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/11 10:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/01/11 10:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/01/11 10:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/01/11 10:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/11 10:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/01/11 10:35:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/01/11 10:35:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/01/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/01/11 10:35:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/01/11 10:34:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/01/11 10:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/11 10:34:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/01/11 10:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/01/11 10:30:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/01/11 10:30:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/01/11 10:29:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/11 10:29:35 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/01/11 10:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/01/11 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/01/11 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/01/11 10:28:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/01/11 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/01/11 10:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/01/11 10:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/01/11 10:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/01/11 10:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/01/11 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/01/11 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/01/11 10:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/01/11 10:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/01/11 10:27:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/01/11 10:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/01/11 10:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/01/11 10:26:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/01/11 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/01/11 10:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/01/11 10:25:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/01/11 10:25:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/01/11 10:24:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

========== Files - Modified Within 30 Days ==========

[2011/01/19 12:27:42 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/19 12:27:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/19 12:27:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 12:05:24 | 004,158,604 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/19 11:32:42 | 000,000,367 | RHS- | M] () -- C:\boot.ini
[2011/01/19 07:46:23 | 000,000,329 | ---- | M] () -- C:\WINDOWS\red_dialer.ini
[2011/01/19 05:46:32 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AutoCAD 2006.lnk
[2011/01/19 01:36:32 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/19 00:53:54 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/18 20:20:28 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/18 14:06:39 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/18 13:54:25 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/18 13:37:12 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/18 13:37:10 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/18 13:32:14 | 000,002,274 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk
[2011/01/18 13:21:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/01/18 13:20:29 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/18 12:51:41 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/18 12:51:11 | 007,783,072 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Administrator\Desktop\RevoUninProSetup.exe
[2011/01/18 12:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:30:32 | 006,470,576 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/15 11:32:26 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:11:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/15 10:01:07 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/15 10:01:04 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/14 06:32:58 | 000,029,874 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/14 04:20:45 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 12:57:03 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 05:54:13 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:29:25 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:24 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:49:31 | 000,428,637 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:06:23 | 000,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/12 04:06:23 | 000,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/12 03:28:07 | 000,000,250 | ---- | M] () -- C:\Boot.bak
[2011/01/11 13:46:32 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:49:57 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/11 12:34:13 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 11:33:44 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:37:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:37:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:35:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/11 10:34:34 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:20 | 000,002,357 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 10:32:26 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/11 10:32:14 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 10:26:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/19 11:32:42 | 000,000,250 | ---- | C] () -- C:\Boot.bak
[2011/01/19 11:32:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/19 11:19:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/19 11:19:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/19 11:19:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/19 11:19:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/19 11:19:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/19 11:12:39 | 004,158,604 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/19 05:46:32 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AutoCAD 2006.lnk
[2011/01/18 14:06:36 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/18 13:54:25 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/18 13:37:12 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/18 13:37:10 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/18 13:32:14 | 000,002,274 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk
[2011/01/18 13:20:29 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/18 12:51:41 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/15 16:03:12 | 000,006,354 | ---- | C] () -- C:\WINDOWS\ich2aud.cat
[2011/01/15 16:03:12 | 000,003,773 | ---- | C] () -- C:\WINDOWS\ICH2AUD.inf
[2011/01/15 11:32:25 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:01:04 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/15 06:52:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/14 06:32:55 | 000,029,874 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/13 12:57:03 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 11:57:28 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 06:31:53 | 001,374,232 | ---- | C] () -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/01/13 06:31:45 | 000,017,928 | ---- | C] () -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/01/13 05:54:13 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:33:07 | 000,000,329 | ---- | C] () -- C:\WINDOWS\red_dialer.ini
[2011/01/13 04:29:25 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:23 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:50:53 | 000,428,637 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:49:30 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-044930.backup
[2011/01/12 04:07:47 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/11 15:47:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 15:47:16 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/01/11 15:45:20 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 15:43:24 | 000,000,367 | RHS- | C] () -- C:\boot.ini
[2011/01/11 15:43:19 | 000,002,357 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 13:46:32 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:41:53 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/11 12:34:13 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 12:01:53 | 000,089,134 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/11 12:00:37 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/01/11 11:42:12 | 000,045,163 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2011/01/11 11:42:12 | 000,045,161 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2011/01/11 11:39:19 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2011/01/11 11:39:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2011/01/11 11:33:43 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:45:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/11 10:37:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:37:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:34:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/11 10:32:26 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,047 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/01/11 10:26:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/11 10:25:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/01/11 10:25:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/01/11 10:25:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/01/11 10:25:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/01/11 10:25:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/01/11 10:25:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/01/11 10:25:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/01/11 10:25:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/01/11 10:25:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/01/11 10:25:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/01/11 10:25:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/01/11 10:25:52 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/01/11 10:25:52 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/01/11 10:25:51 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/01/11 10:25:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2007/03/01 11:06:37 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/01 11:06:37 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/01 11:06:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/01 11:06:37 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/03/01 11:06:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/01 11:06:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/01 11:06:37 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/03 22:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

========== LOP Check ==========

[2011/01/18 13:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 11:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/13 05:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/11 12:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 13:36:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/19 02:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure

========== Purity Check ==========



< End of report >

OTL logfile created on: 1/19/2011 12:34:00 PM - Run 4
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 61.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): D:\pagefile.sys 1000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 5.89 Gb Free Space | 60.31% Space Free | Partition Type: NTFS
Drive D: | 28.51 Gb Total Space | 21.45 Gb Free Space | 75.22% Space Free | Partition Type: NTFS
Drive F: | 3.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 1F67CAB984064B2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\ComboFix\CF9983.cfxxe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (ute4odky) -- C:\WINDOWS\system32\drivers\ute4odky.sys ()
DRV - (uze4odky) -- C:\WINDOWS\system32\drivers\uze4odky.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (58280162) -- C:\WINDOWS\system32\DRIVERS\58280162.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_15.01.2011_18-40drv) -- C:\WINDOWS\system32\drivers\5828016.sys (Kaspersky Lab)
DRV - (58280161) -- C:\WINDOWS\system32\drivers\58280161.sys (Kaspersky Lab)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (adusbser) -- C:\WINDOWS\system32\drivers\adusbser.sys (AnyDATA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (d344bus) -- C:\WINDOWS\system32\DRIVERS\d344bus.sys ( )
DRV - (d344prt) -- C:\WINDOWS\System32\Drivers\d344prt.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/01/19 12:27:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_15.01.2011_18-40\startup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/11 12:49:57 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/14 13:19:34 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 12:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/19 12:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/01/19 12:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/01/19 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/01/19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player
[2011/01/19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/01/19 11:32:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/19 11:19:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/19 11:19:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/19 11:19:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/19 11:19:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/19 11:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/19 11:18:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/19 11:06:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 07:46:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/19 04:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\IrfanView
[2011/01/19 04:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/01/19 02:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/01/18 14:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoCAD Map 2000i
[2011/01/18 14:05:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2011/01/18 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Raster Design 2006
[2011/01/18 13:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
[2011/01/18 13:28:02 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\5828016.sys
[2011/01/18 13:28:02 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\58280161.sys
[2011/01/18 13:28:02 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\58280162.sys
[2011/01/18 13:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/01/18 13:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2006
[2011/01/18 13:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/01/18 13:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/18 13:11:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/01/18 12:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group
[2011/01/18 12:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/18 12:51:34 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/01/18 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/18 12:40:38 | 007,783,072 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Administrator\Desktop\RevoUninProSetup.exe
[2011/01/18 12:05:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:22:08 | 006,470,576 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/16 12:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/01/15 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2011/01/15 11:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FullTiltPoker
[2011/01/15 11:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2011/01/15 11:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2011/01/15 11:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/01/15 10:01:07 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/14 06:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/14 06:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/14 04:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hunting Unlimited 2010
[2011/01/14 03:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\turnee
[2011/01/14 03:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2011/01/14 01:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/01/14 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2011/01/13 12:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DllCache
[2011/01/13 12:47:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/13 11:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/01/13 11:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/13 06:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Break For Games
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/13 05:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/01/13 04:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/13 04:51:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/13 04:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/13 04:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/13 04:51:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/13 04:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 04:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Express
[2011/01/13 04:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Online Express
[2011/01/13 04:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/01/12 11:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Webteh
[2011/01/12 11:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2011/01/12 07:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2011/01/12 06:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/01/12 04:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Generare CP 2.0
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Generare CP
[2011/01/11 19:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2011/01/11 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2011/01/11 15:47:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/01/11 15:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/01/11 15:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/01/11 15:47:33 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/01/11 15:47:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/01/11 15:45:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/01/11 15:45:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/01/11 15:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/01/11 15:45:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/01/11 15:35:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/01/11 15:35:21 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/01/11 15:35:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/01/11 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Geotop
[2011/01/11 13:36:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/11 13:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/01/11 13:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/01/11 12:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/01/11 12:53:53 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2011/01/11 12:53:44 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2011/01/11 12:53:43 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2011/01/11 12:53:43 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2011/01/11 12:53:43 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2011/01/11 12:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011/01/11 12:53:28 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011/01/11 12:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2011/01/11 12:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD Map 2000i
[2011/01/11 12:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ModemDriver
[2011/01/11 12:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\GenerareCP
[2011/01/11 12:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/01/11 12:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/11 12:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TopoLT
[2011/01/11 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\TopoLT
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 12:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2011/01/11 12:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/01/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/01/11 12:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2011/01/11 12:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/01/11 11:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/01/11 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java Web Start
[2011/01/11 11:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/01/11 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/11 11:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/11 11:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2011/01/11 11:39:18 | 000,478,720 | ---- | C] (Webroot Software, Inc) -- C:\WINDOWS\WRUninstall.dll
[2011/01/11 11:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2011/01/11 11:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/01/11 11:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/11 11:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/01/11 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/11 11:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/01/11 11:09:33 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/01/11 11:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/01/11 11:04:30 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys
[2011/01/11 11:04:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys
[2011/01/11 11:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2011/01/11 11:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/01/11 10:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/01/11 10:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/01/11 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/11 10:43:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/01/11 10:39:58 | 000,093,440 | R--- | C] (AnyDATA Corporation) -- C:\WINDOWS\System32\drivers\adusbser.sys
[2011/01/11 10:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/01/11 10:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/01/11 10:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/01/11 10:37:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/01/11 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/11 10:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/01/11 10:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/01/11 10:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/01/11 10:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/11 10:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/01/11 10:35:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/01/11 10:35:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/01/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/01/11 10:35:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/01/11 10:34:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/01/11 10:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/11 10:34:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/01/11 10:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/01/11 10:30:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/01/11 10:30:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/01/11 10:29:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/11 10:29:35 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/01/11 10:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/01/11 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/01/11 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/01/11 10:28:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/01/11 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/01/11 10:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/01/11 10:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/01/11 10:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/01/11 10:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/01/11 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/01/11 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/01/11 10:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/01/11 10:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/01/11 10:27:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/01/11 10:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/01/11 10:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/01/11 10:26:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/01/11 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/01/11 10:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/01/11 10:25:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/01/11 10:25:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/01/11 10:24:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

========== Files - Modified Within 30 Days ==========

[2011/01/19 12:27:42 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/19 12:27:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/19 12:27:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 12:05:24 | 004,158,604 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/19 11:32:42 | 000,000,367 | RHS- | M] () -- C:\boot.ini
[2011/01/19 07:46:23 | 000,000,329 | ---- | M] () -- C:\WINDOWS\red_dialer.ini
[2011/01/19 05:46:32 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AutoCAD 2006.lnk
[2011/01/19 01:36:32 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/19 00:53:54 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/18 20:20:28 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/18 14:06:39 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/18 13:54:25 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/18 13:37:12 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/18 13:37:10 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/18 13:32:14 | 000,002,274 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk
[2011/01/18 13:21:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/01/18 13:20:29 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/18 12:51:41 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/18 12:51:11 | 007,783,072 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Administrator\Desktop\RevoUninProSetup.exe
[2011/01/18 12:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:30:32 | 006,470,576 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/15 11:32:26 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:11:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/15 10:01:07 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/15 10:01:04 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/14 06:32:58 | 000,029,874 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/14 04:20:45 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 12:57:03 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 05:54:13 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:29:25 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:24 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:49:31 | 000,428,637 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:06:23 | 000,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/12 04:06:23 | 000,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/12 03:28:07 | 000,000,250 | ---- | M] () -- C:\Boot.bak
[2011/01/11 13:46:32 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:49:57 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/11 12:34:13 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 11:33:44 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:37:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:37:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:35:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/11 10:34:34 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:20 | 000,002,357 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 10:32:26 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/11 10:32:14 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 10:26:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/19 11:32:42 | 000,000,250 | ---- | C] () -- C:\Boot.bak
[2011/01/19 11:32:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/19 11:19:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/19 11:19:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/19 11:19:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/19 11:19:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/19 11:19:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/19 11:12:39 | 004,158,604 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/19 05:46:32 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AutoCAD 2006.lnk
[2011/01/18 14:06:36 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/18 13:54:25 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/18 13:37:12 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/18 13:37:10 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/18 13:32:14 | 000,002,274 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk
[2011/01/18 13:20:29 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/18 12:51:41 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/15 16:03:12 | 000,006,354 | ---- | C] () -- C:\WINDOWS\ich2aud.cat
[2011/01/15 16:03:12 | 000,003,773 | ---- | C] () -- C:\WINDOWS\ICH2AUD.inf
[2011/01/15 11:32:25 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:01:04 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/15 06:52:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/14 06:32:55 | 000,029,874 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/13 12:57:03 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 11:57:28 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 06:31:53 | 001,374,232 | ---- | C] () -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/01/13 06:31:45 | 000,017,928 | ---- | C] () -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/01/13 05:54:13 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:33:07 | 000,000,329 | ---- | C] () -- C:\WINDOWS\red_dialer.ini
[2011/01/13 04:29:25 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:23 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:50:53 | 000,428,637 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:49:30 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-044930.backup
[2011/01/12 04:07:47 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/11 15:47:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 15:47:16 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/01/11 15:45:20 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 15:43:24 | 000,000,367 | RHS- | C] () -- C:\boot.ini
[2011/01/11 15:43:19 | 000,002,357 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 13:46:32 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:41:53 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/11 12:34:13 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 12:01:53 | 000,089,134 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/11 12:00:37 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/01/11 11:42:12 | 000,045,163 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2011/01/11 11:42:12 | 000,045,161 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2011/01/11 11:39:19 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2011/01/11 11:39:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2011/01/11 11:33:43 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:45:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/11 10:37:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:37:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:34:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/11 10:32:26 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,047 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/01/11 10:26:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/11 10:25:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/01/11 10:25:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/01/11 10:25:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/01/11 10:25:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/01/11 10:25:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/01/11 10:25:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/01/11 10:25:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/01/11 10:25:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/01/11 10:25:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/01/11 10:25:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/01/11 10:25:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/01/11 10:25:52 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/01/11 10:25:52 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/01/11 10:25:51 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/01/11 10:25:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2007/03/01 11:06:37 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/01 11:06:37 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/01 11:06:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/01 11:06:37 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/03/01 11:06:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/01 11:06:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/01 11:06:37 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/03 22:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

========== LOP Check ==========

[2011/01/18 13:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 11:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/13 05:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/11 12:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 13:36:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/19 02:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure

========== Purity Check ==========



< End of report >
DRV - (ute4odky) -- C:\WINDOWS\system32\drivers\ute4odky.sys ()
DRV - (uze4odky) -- C:\WINDOWS\system32\drivers\uze4odky.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (58280162) -- C:\WINDOWS\system32\DRIVERS\58280162.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_15.01.2011_18-40drv) -- C:\WINDOWS\system32\drivers\5828016.sys (Kaspersky Lab)
DRV - (58280161) -- C:\WINDOWS\system32\drivers\58280161.sys (Kaspersky Lab)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (adusbser) -- C:\WINDOWS\system32\drivers\adusbser.sys (AnyDATA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (d344bus) -- C:\WINDOWS\system32\DRIVERS\d344bus.sys ( )
DRV - (d344prt) -- C:\WINDOWS\System32\Drivers\d344prt.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/01/19 12:27:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_15.01.2011_18-40\startup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/11 12:49:57 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/14 13:19:34 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 12:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/19 12:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/01/19 12:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/01/19 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/01/19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player
[2011/01/19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/01/19 11:32:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/19 11:19:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/19 11:19:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/19 11:19:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/19 11:19:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/19 11:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/19 11:18:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/19 11:06:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 07:46:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/19 04:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\IrfanView
[2011/01/19 04:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/01/19 02:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/01/18 14:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoCAD Map 2000i
[2011/01/18 14:05:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2011/01/18 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Raster Design 2006
[2011/01/18 13:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
[2011/01/18 13:28:02 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\5828016.sys
[2011/01/18 13:28:02 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\58280161.sys
[2011/01/18 13:28:02 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\58280162.sys
[2011/01/18 13:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/01/18 13:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2006
[2011/01/18 13:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/01/18 13:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/18 13:11:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/01/18 12:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group
[2011/01/18 12:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/18 12:51:34 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/01/18 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/18 12:40:38 | 007,783,072 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Administrator\Desktop\RevoUninProSetup.exe
[2011/01/18 12:05:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:22:08 | 006,470,576 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/16 12:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/01/15 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2011/01/15 11:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FullTiltPoker
[2011/01/15 11:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2011/01/15 11:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2011/01/15 11:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/01/15 10:01:07 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/14 06:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/14 06:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/14 04:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hunting Unlimited 2010
[2011/01/14 03:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\turnee
[2011/01/14 03:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2011/01/14 01:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/01/14 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2011/01/13 12:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DllCache
[2011/01/13 12:47:44 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/01/13 12:47:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/13 12:47:29 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/01/13 11:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/01/13 11:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/13 06:31:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/01/13 06:31:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/01/13 06:31:52 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/01/13 06:31:50 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/01/13 06:31:49 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/01/13 06:31:49 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/01/13 06:31:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/01/13 06:31:45 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/01/13 06:31:45 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/01/13 06:31:44 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/01/13 06:31:43 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/01/13 06:31:42 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/01/13 06:31:39 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/01/13 06:31:34 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/01/13 06:31:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/01/13 06:31:31 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/01/13 06:31:30 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/01/13 06:31:29 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/01/13 06:31:28 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/01/13 06:31:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/01/13 06:31:27 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/01/13 06:31:26 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/01/13 06:31:25 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/01/13 06:31:25 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/01/13 06:31:24 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/01/13 06:31:23 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/01/13 06:31:22 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/01/13 06:30:59 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/01/13 06:30:57 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/01/13 06:30:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/01/13 06:30:56 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/01/13 06:30:56 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2011/01/13 06:30:55 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/01/13 06:30:54 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/01/13 06:30:54 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/01/13 06:30:53 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/01/13 06:30:49 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/01/13 06:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Break For Games
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/13 05:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/01/13 04:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/13 04:51:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/13 04:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/13 04:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/13 04:51:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/13 04:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 04:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Express
[2011/01/13 04:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Online Express
[2011/01/13 04:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/01/12 11:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Webteh
[2011/01/12 11:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2011/01/12 07:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2011/01/12 06:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/01/12 04:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Generare CP 2.0
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Generare CP
[2011/01/11 19:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2011/01/11 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2011/01/11 15:49:32 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys
[2011/01/11 15:49:30 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2011/01/11 15:49:08 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2011/01/11 15:49:06 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2011/01/11 15:49:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/01/11 15:49:05 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/01/11 15:49:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/01/11 15:47:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/01/11 15:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/01/11 15:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/01/11 15:47:33 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/01/11 15:47:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2011/01/11 15:47:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2011/01/11 15:47:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2011/01/11 15:47:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2011/01/11 15:47:26 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2011/01/11 15:47:26 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2011/01/11 15:47:26 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2011/01/11 15:47:26 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2011/01/11 15:47:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2011/01/11 15:47:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2011/01/11 15:47:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2011/01/11 15:47:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2011/01/11 15:47:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2011/01/11 15:47:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2011/01/11 15:47:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2011/01/11 15:47:24 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2011/01/11 15:47:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2011/01/11 15:47:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2011/01/11 15:47:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2011/01/11 15:47:23 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2011/01/11 15:47:23 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2011/01/11 15:47:22 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2011/01/11 15:47:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2011/01/11 15:47:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2011/01/11 15:47:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2011/01/11 15:47:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2011/01/11 15:47:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2011/01/11 15:47:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2011/01/11 15:47:22 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2011/01/11 15:47:19 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2011/01/11 15:47:19 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2011/01/11 15:47:19 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2011/01/11 15:47:19 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/01/11 15:47:19 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2011/01/11 15:47:19 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2011/01/11 15:47:19 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2011/01/11 15:47:18 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2011/01/11 15:47:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2011/01/11 15:47:18 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2011/01/11 15:47:18 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2011/01/11 15:47:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2011/01/11 15:47:18 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2011/01/11 15:47:18 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2011/01/11 15:47:18 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2011/01/11 15:47:18 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2011/01/11 15:47:18 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2011/01/11 15:47:17 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2011/01/11 15:47:17 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2011/01/11 15:47:17 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2011/01/11 15:47:17 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2011/01/11 15:47:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2011/01/11 15:47:17 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2011/01/11 15:47:17 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/01/11 15:47:17 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2011/01/11 15:47:17 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2011/01/11 15:47:16 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2011/01/11 15:47:16 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2011/01/11 15:47:16 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2011/01/11 15:47:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/01/11 15:47:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/01/11 15:45:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/01/11 15:45:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/01/11 15:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/01/11 15:45:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/01/11 15:35:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/01/11 15:35:21 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/01/11 15:35:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/01/11 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Geotop
[2011/01/11 13:36:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/11 13:36:21 | 000,230,912 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9I.DLL
[2011/01/11 13:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/01/11 13:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/01/11 12:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/01/11 12:55:37 | 000,125,184 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2011/01/11 12:55:37 | 000,005,504 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2011/01/11 12:53:53 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2011/01/11 12:53:44 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2011/01/11 12:53:43 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2011/01/11 12:53:43 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2011/01/11 12:53:43 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2011/01/11 12:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011/01/11 12:53:28 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011/01/11 12:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2011/01/11 12:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD Map 2000i
[2011/01/11 12:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ModemDriver
[2011/01/11 12:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\GenerareCP
[2011/01/11 12:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/01/11 12:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/11 12:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TopoLT
[2011/01/11 12:31:55 | 001,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2011/01/11 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\TopoLT
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 12:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2011/01/11 12:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/01/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/01/11 12:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2011/01/11 12:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/01/11 12:00:36 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2011/01/11 11:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/01/11 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java Web Start
[2011/01/11 11:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/01/11 11:42:12 | 000,061,555 | ---- | C] (Sun Microsystems) -- C:\WINDOWS\System32\jpicpl32.cpl
[2011/01/11 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/11 11:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/11 11:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2011/01/11 11:39:18 | 000,478,720 | ---- | C] (Webroot Software, Inc) -- C:\WINDOWS\WRUninstall.dll
[2011/01/11 11:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2011/01/11 11:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/01/11 11:33:23 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/01/11 11:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/11 11:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/01/11 11:30:28 | 000,405,504 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/01/11 11:30:28 | 000,061,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/01/11 11:30:28 | 000,056,832 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/01/11 11:30:28 | 000,056,320 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/01/11 11:30:27 | 000,339,968 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/01/11 11:30:27 | 000,339,968 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/01/11 11:30:27 | 000,172,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/01/11 11:30:27 | 000,028,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/01/11 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/11 11:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/01/11 11:09:33 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/01/11 11:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/01/11 11:04:30 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys
[2011/01/11 11:04:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys
[2011/01/11 11:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2011/01/11 11:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/01/11 10:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/01/11 10:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/01/11 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/11 10:43:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/01/11 10:39:58 | 000,093,440 | R--- | C] (AnyDATA Corporation) -- C:\WINDOWS\System32\drivers\adusbser.sys
[2011/01/11 10:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/01/11 10:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/01/11 10:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/01/11 10:37:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/01/11 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/11 10:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/01/11 10:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/01/11 10:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/01/11 10:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/11 10:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/01/11 10:35:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/01/11 10:35:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/01/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/01/11 10:35:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/01/11 10:34:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/01/11 10:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/11 10:34:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/01/11 10:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/01/11 10:32:13 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2011/01/11 10:30:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/01/11 10:30:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/01/11 10:29:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/11 10:29:35 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/01/11 10:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/01/11 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/01/11 10:28:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2011/01/11 10:28:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2011/01/11 10:28:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2011/01/11 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/01/11 10:28:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2011/01/11 10:28:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/01/11 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/01/11 10:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/01/11 10:28:17 | 000,127,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/01/11 10:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/01/11 10:28:16 | 000,194,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/01/11 10:28:16 | 000,041,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/01/11 10:28:15 | 000,465,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/01/11 10:28:15 | 000,172,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/01/11 10:28:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/01/11 10:28:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/01/11 10:28:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/01/11 10:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/01/11 10:28:04 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/01/11 10:28:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/01/11 10:28:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/01/11 10:28:04 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/01/11 10:27:59 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/01/11 10:27:59 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2011/01/11 10:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/01/11 10:27:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/01/11 10:27:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/01/11 10:27:57 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/01/11 10:27:57 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/01/11 10:27:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/01/11 10:27:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/01/11 10:27:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/01/11 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/01/11 10:27:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/01/11 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/01/11 10:27:48 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/01/11 10:27:48 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/01/11 10:27:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/01/11 10:27:47 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/01/11 10:27:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/01/11 10:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/01/11 10:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/01/11 10:27:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/01/11 10:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/01/11 10:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/01/11 10:26:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/01/11 10:26:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/01/11 10:26:01 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/01/11 10:26:01 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/01/11 10:26:00 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/01/11 10:26:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/01/11 10:26:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/01/11 10:26:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/01/11 10:25:53 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/01/11 10:25:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2011/01/11 10:25:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/01/11 10:25:52 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2011/01/11 10:25:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2011/01/11 10:25:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2011/01/11 10:25:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2011/01/11 10:25:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2011/01/11 10:25:52 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2011/01/11 10:25:52 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2011/01/11 10:25:52 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2011/01/11 10:25:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2011/01/11 10:25:51 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/01/11 10:25:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2011/01/11 10:25:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2011/01/11 10:25:50 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/01/11 10:25:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/01/11 10:25:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/01/11 10:25:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/01/11 10:25:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/01/11 10:25:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/01/11 10:25:49 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/01/11 10:25:49 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/01/11 10:25:42 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/01/11 10:25:41 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/01/11 10:25:41 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/01/11 10:25:41 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/01/11 10:25:41 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/01/11 10:25:40 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/01/11 10:25:40 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/01/11 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/01/11 10:25:39 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/01/11 10:25:38 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/01/11 10:25:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/01/11 10:25:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/01/11 10:25:37 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/01/11 10:25:37 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/01/11 10:25:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2011/01/11 10:25:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/01/11 10:25:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/01/11 10:25:36 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/01/11 10:25:36 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2011/01/11 10:25:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/01/11 10:25:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2011/01/11 10:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/01/11 10:25:35 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/01/11 10:25:35 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/01/11 10:25:35 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/01/11 10:25:34 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2011/01/11 10:25:34 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/01/11 10:25:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/01/11 10:25:33 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2011/01/11 10:25:33 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2011/01/11 10:25:33 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/01/11 10:25:33 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/01/11 10:25:32 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2011/01/11 10:25:32 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/01/11 10:25:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/01/11 10:25:23 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/01/11 10:25:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/01/11 10:25:23 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/01/11 10:25:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/01/11 10:24:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

========== Files - Modified Within 30 Days ==========

[2011/01/19 12:27:42 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/19 12:27:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/19 12:27:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 12:05:24 | 004,158,604 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/19 11:32:42 | 000,000,367 | RHS- | M] () -- C:\boot.ini
[2011/01/19 07:46:23 | 000,000,329 | ---- | M] () -- C:\WINDOWS\red_dialer.ini
[2011/01/19 05:46:32 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AutoCAD 2006.lnk
[2011/01/19 01:36:32 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/19 00:53:54 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/18 20:20:28 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/18 14:06:39 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/18 13:54:25 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/18 13:37:12 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/18 13:37:10 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/18 13:32:14 | 000,002,274 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk
[2011/01/18 13:21:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/01/18 13:20:29 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/18 12:51:41 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/18 12:51:11 | 007,783,072 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Administrator\Desktop\RevoUninProSetup.exe
[2011/01/18 12:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:30:32 | 006,470,576 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/15 11:32:26 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:11:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/15 10:01:07 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/15 10:01:04 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/14 06:32:58 | 000,029,874 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/14 04:20:45 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 12:57:03 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 05:54:13 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:29:25 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:24 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:49:31 | 000,428,637 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:06:23 | 000,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/12 04:06:23 | 000,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/12 03:28:07 | 000,000,250 | ---- | M] () -- C:\Boot.bak
[2011/01/11 13:46:32 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:49:57 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/11 12:34:13 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 11:33:44 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:37:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:37:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:35:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/11 10:34:34 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:20 | 000,002,357 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 10:32:26 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/11 10:32:14 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 10:26:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/19 11:32:42 | 000,000,250 | ---- | C] () -- C:\Boot.bak
[2011/01/19 11:32:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/19 11:19:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/19 11:19:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/19 11:19:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/19 11:19:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/19 11:19:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/19 11:12:39 | 004,158,604 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/19 05:46:32 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AutoCAD 2006.lnk
[2011/01/18 14:06:36 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/18 13:54:25 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/18 13:37:12 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/18 13:37:10 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/18 13:32:14 | 000,002,274 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_15.01.2011_18-40.lnk
[2011/01/18 13:20:29 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/18 12:51:41 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/15 16:03:12 | 000,006,354 | ---- | C] () -- C:\WINDOWS\ich2aud.cat
[2011/01/15 16:03:12 | 000,003,773 | ---- | C] () -- C:\WINDOWS\ICH2AUD.inf
[2011/01/15 11:32:25 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:01:04 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/15 06:52:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/14 06:32:55 | 000,029,874 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/13 12:57:03 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 11:57:28 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 06:31:53 | 001,374,232 | ---- | C] () -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/01/13 06:31:45 | 000,017,928 | ---- | C] () -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/01/13 05:54:13 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:33:07 | 000,000,329 | ---- | C] () -- C:\WINDOWS\red_dialer.ini
[2011/01/13 04:29:25 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:23 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:50:53 | 000,428,637 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:49:30 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-044930.backup
[2011/01/12 04:07:47 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/11 15:47:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 15:47:16 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/01/11 15:45:20 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 15:43:24 | 000,000,367 | RHS- | C] () -- C:\boot.ini
[2011/01/11 15:43:19 | 000,002,357 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 13:46:32 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:41:53 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/11 12:34:13 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 12:01:53 | 000,089,134 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/11 12:00:37 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/01/11 11:42:12 | 000,045,163 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2011/01/11 11:42:12 | 000,045,161 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2011/01/11 11:39:19 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2011/01/11 11:39:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2011/01/11 11:33:43 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:45:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/11 10:37:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:37:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:34:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/11 10:32:26 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,047 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/01/11 10:26:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/11 10:25:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/01/11 10:25:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/01/11 10:25:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/01/11 10:25:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/01/11 10:25:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/01/11 10:25:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/01/11 10:25:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/01/11 10:25:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/01/11 10:25:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/01/11 10:25:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/01/11 10:25:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/01/11 10:25:52 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/01/11 10:25:52 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/01/11 10:25:51 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/01/11 10:25:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2007/03/01 11:06:37 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/01 11:06:37 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/01 11:06:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/01 11:06:37 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/03/01 11:06:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/01 11:06:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/01 11:06:37 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/03 22:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

========== LOP Check ==========

[2011/01/18 13:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 11:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/13 05:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/11 12:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 13:36:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/19 02:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure

========== Purity Check ==========



< End of report >
  • 0

#33
Essexboy
Posted 21 January 2011 - 12:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Combofix is still reporting regedit as being infected, lets see if we can find a spare

  • Run OTL
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    regedit.exe
    tcpip.sys
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#34
Andreib18
Posted 21 January 2011 - 04:22 PM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
OTL logfile created on: 1/20/2011 11:56:55 AM - Run 5
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 41.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): D:\pagefile.sys 1000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 5.73 Gb Free Space | 58.64% Space Free | Partition Type: NTFS
Drive D: | 28.51 Gb Total Space | 21.43 Gb Free Space | 75.18% Space Free | Partition Type: NTFS
Drive F: | 3.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 1F67CAB984064B2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - c:\Program Files\F-Secure\HIPS\fshook32.dll (F-Secure Corporation)
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (FSORSPClient) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)


========== Driver Services (SafeList) ==========

DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (ute4odky) -- C:\WINDOWS\system32\drivers\ute4odky.sys ()
DRV - (uze4odky) -- C:\WINDOWS\system32\drivers\uze4odky.sys ()
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (adusbser) -- C:\WINDOWS\system32\drivers\adusbser.sys (AnyDATA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (d344bus) -- C:\WINDOWS\system32\DRIVERS\d344bus.sys ( )
DRV - (d344prt) -- C:\WINDOWS\System32\Drivers\d344prt.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/01/19 12:27:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-776561741-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/11 12:49:57 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/14 13:19:34 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (59123355860598784)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/20 06:36:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/19 13:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\F-Secure Anti-Virus 2011
[2011/01/19 13:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2011/01/19 13:11:47 | 000,082,824 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2011/01/19 13:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2011/01/19 13:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2011/01/19 12:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/19 12:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/01/19 12:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/01/19 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/01/19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player
[2011/01/19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/01/19 11:32:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/19 11:19:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/19 11:19:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/19 11:19:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/19 11:19:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/19 11:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/19 11:18:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/19 11:06:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 04:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\IrfanView
[2011/01/19 04:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/01/19 02:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/01/18 14:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoCAD Map 2000i
[2011/01/18 14:05:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2011/01/18 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Raster Design 2006
[2011/01/18 13:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
[2011/01/18 13:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2006
[2011/01/18 13:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/01/18 13:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/18 13:11:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/01/18 12:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group
[2011/01/18 12:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/18 12:51:34 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/01/18 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/18 12:40:38 | 007,783,072 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Administrator\Desktop\RevoUninProSetup.exe
[2011/01/18 12:05:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:22:08 | 006,470,576 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/16 12:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/01/15 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2011/01/15 11:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FullTiltPoker
[2011/01/15 11:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2011/01/15 11:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2011/01/15 11:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/01/15 10:01:07 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/14 06:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/14 06:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/14 04:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hunting Unlimited 2010
[2011/01/14 03:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\turnee
[2011/01/14 03:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2011/01/14 01:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/01/14 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2011/01/13 12:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DllCache
[2011/01/13 12:47:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/13 11:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/01/13 11:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/13 06:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Break For Games
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/01/13 05:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/13 05:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/01/13 04:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/13 04:51:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/13 04:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/13 04:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/13 04:51:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/13 04:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 04:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Express
[2011/01/13 04:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Online Express
[2011/01/13 04:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/01/12 11:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Webteh
[2011/01/12 11:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2011/01/12 07:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2011/01/12 06:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/01/12 04:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/12 04:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Generare CP 2.0
[2011/01/12 04:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Generare CP
[2011/01/11 19:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2011/01/11 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2011/01/11 15:47:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/01/11 15:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/01/11 15:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/01/11 15:47:33 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/01/11 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/01/11 15:47:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/01/11 15:47:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/01/11 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/01/11 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/01/11 15:45:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/01/11 15:45:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/01/11 15:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/01/11 15:45:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/11 15:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/01/11 15:35:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/01/11 15:35:21 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/01/11 15:35:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/11 15:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/01/11 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Geotop
[2011/01/11 13:36:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/11 13:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/01/11 13:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/01/11 12:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/01/11 12:53:53 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2011/01/11 12:53:44 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2011/01/11 12:53:43 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2011/01/11 12:53:43 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2011/01/11 12:53:43 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2011/01/11 12:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011/01/11 12:53:28 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011/01/11 12:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2011/01/11 12:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD Map 2000i
[2011/01/11 12:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ModemDriver
[2011/01/11 12:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\GenerareCP
[2011/01/11 12:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/01/11 12:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/11 12:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TopoLT
[2011/01/11 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\TopoLT
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 12:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2011/01/11 12:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/01/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/01/11 12:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2011/01/11 12:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/01/11 11:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/01/11 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java Web Start
[2011/01/11 11:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/01/11 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/11 11:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/11 11:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2011/01/11 11:39:18 | 000,478,720 | ---- | C] (Webroot Software, Inc) -- C:\WINDOWS\WRUninstall.dll
[2011/01/11 11:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2011/01/11 11:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/11 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/01/11 11:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/11 11:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/01/11 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/11 11:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/01/11 11:09:33 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/01/11 11:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/01/11 11:04:30 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys
[2011/01/11 11:04:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys
[2011/01/11 11:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2011/01/11 11:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/01/11 10:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/01/11 10:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/01/11 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/11 10:43:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/01/11 10:39:58 | 000,093,440 | R--- | C] (AnyDATA Corporation) -- C:\WINDOWS\System32\drivers\adusbser.sys
[2011/01/11 10:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/01/11 10:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/01/11 10:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/01/11 10:37:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/01/11 10:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/01/11 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/11 10:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/01/11 10:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/01/11 10:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/01/11 10:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/11 10:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/01/11 10:35:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/01/11 10:35:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/01/11 10:35:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/01/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/01/11 10:35:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/01/11 10:35:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/01/11 10:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/01/11 10:34:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/01/11 10:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/11 10:34:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/01/11 10:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/01/11 10:34:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/01/11 10:30:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/01/11 10:30:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/01/11 10:29:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/11 10:29:35 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/01/11 10:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/01/11 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/01/11 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/01/11 10:28:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/01/11 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/01/11 10:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/01/11 10:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/01/11 10:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/01/11 10:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/01/11 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/01/11 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/01/11 10:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/01/11 10:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/01/11 10:27:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/01/11 10:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/01/11 10:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/01/11 10:26:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/01/11 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/01/11 10:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/01/11 10:25:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/01/11 10:25:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/01/11 10:24:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

========== Files - Modified Within 30 Days ==========

[2011/01/20 11:52:08 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/20 11:51:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/20 06:36:54 | 000,000,329 | ---- | M] () -- C:\WINDOWS\red_dialer.ini
[2011/01/19 13:32:21 | 000,042,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/19 13:20:22 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-Secure Anti-Virus 2011.lnk
[2011/01/19 13:11:50 | 000,398,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/19 13:11:50 | 000,061,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/19 13:09:29 | 000,082,824 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2011/01/19 12:27:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/19 12:05:24 | 004,158,604 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/19 11:32:42 | 000,000,367 | RHS- | M] () -- C:\boot.ini
[2011/01/19 05:46:32 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AutoCAD 2006.lnk
[2011/01/19 01:36:32 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/19 00:53:54 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/18 20:20:28 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/18 14:06:39 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/18 13:54:25 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/18 13:37:12 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/18 13:37:10 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/18 13:21:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/01/18 13:20:29 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/18 12:51:41 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/18 12:51:11 | 007,783,072 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Administrator\Desktop\RevoUninProSetup.exe
[2011/01/18 12:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/18 11:30:32 | 006,470,576 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe
[2011/01/15 11:32:26 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:11:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/15 10:01:07 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\uje4odky.sys
[2011/01/15 10:01:04 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/14 06:32:58 | 000,029,874 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/14 04:20:45 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 05:54:13 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:29:25 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:24 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:49:31 | 000,428,637 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 03:28:07 | 000,000,250 | ---- | M] () -- C:\Boot.bak
[2011/01/11 13:46:32 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:49:57 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/11 12:34:13 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 11:33:44 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:37:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:37:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:35:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/11 10:34:34 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:20 | 000,002,357 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 10:32:26 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/11 10:32:14 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 10:26:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Files Created - No Company Name ==========

[2011/01/19 13:15:37 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\F-Secure Anti-Virus 2011.lnk
[2011/01/19 11:32:42 | 000,000,250 | ---- | C] () -- C:\Boot.bak
[2011/01/19 11:32:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/19 11:19:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/19 11:19:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/19 11:19:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/19 11:19:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/19 11:19:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/19 11:12:39 | 004,158,604 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/19 05:46:32 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AutoCAD 2006.lnk
[2011/01/18 14:06:36 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Map 2000i.lnk
[2011/01/18 13:54:25 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Raster Design 2006 on AutoCAD 2006.lnk
[2011/01/18 13:37:12 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/01/18 13:37:10 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
[2011/01/18 13:20:29 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/18 12:51:41 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/15 16:03:12 | 000,006,354 | ---- | C] () -- C:\WINDOWS\ich2aud.cat
[2011/01/15 16:03:12 | 000,003,773 | ---- | C] () -- C:\WINDOWS\ICH2AUD.inf
[2011/01/15 11:32:25 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/01/15 10:01:04 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uze4odky.sys
[2011/01/15 06:52:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\ute4odky.sys
[2011/01/14 06:32:55 | 000,029,874 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110114_063249.reg
[2011/01/14 06:29:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/13 12:57:03 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/13 11:57:28 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/13 06:31:53 | 001,374,232 | ---- | C] () -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/01/13 06:31:45 | 000,017,928 | ---- | C] () -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/01/13 05:54:13 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/13 05:54:12 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/01/13 04:51:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 04:33:07 | 000,000,329 | ---- | C] () -- C:\WINDOWS\red_dialer.ini
[2011/01/13 04:29:25 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Online Express.lnk
[2011/01/12 11:23:23 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BSplayer.lnk
[2011/01/12 05:37:39 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Nelu.lnk
[2011/01/12 04:50:53 | 000,428,637 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-045053.backup
[2011/01/12 04:49:30 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110112-044930.backup
[2011/01/12 04:07:47 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Generare CP 2.0.lnk
[2011/01/11 15:47:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/11 15:47:16 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/01/11 15:45:20 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 15:43:24 | 000,000,367 | RHS- | C] () -- C:\boot.ini
[2011/01/11 15:43:19 | 000,002,357 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/11 13:46:32 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MAPSYSW.lnk
[2011/01/11 13:32:32 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zapp.lnk
[2011/01/11 12:56:08 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/01/11 12:41:53 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GenerareCP.lnk
[2011/01/11 12:34:13 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/01/11 12:34:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/11 12:32:02 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Receive measurements.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT View 3ds files.lnk
[2011/01/11 12:32:02 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopoLT Polar points calculation.lnk
[2011/01/11 12:25:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/11 12:01:53 | 000,089,134 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/11 12:00:37 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/01/11 11:42:12 | 000,045,163 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2011/01/11 11:42:12 | 000,045,161 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2011/01/11 11:39:19 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2011/01/11 11:39:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2011/01/11 11:33:43 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/01/11 11:31:18 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/11 11:31:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/01/11 11:04:29 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2011/01/11 10:45:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/11 10:37:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 10:37:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/11 10:34:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/11 10:33:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/11 10:32:26 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/11 10:32:26 | 000,000,047 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/11 10:32:26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/11 10:32:26 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/01/11 10:28:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/01/11 10:26:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/11 10:25:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/01/11 10:25:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/01/11 10:25:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/01/11 10:25:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/01/11 10:25:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/01/11 10:25:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/01/11 10:25:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/01/11 10:25:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/01/11 10:25:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/01/11 10:25:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/01/11 10:25:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/01/11 10:25:52 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/01/11 10:25:52 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/01/11 10:25:51 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/01/11 10:25:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2007/03/01 11:06:37 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/01 11:06:37 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/01 11:06:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/01 11:06:37 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/03/01 11:06:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/01 11:06:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/01 11:06:37 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/03 22:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

========== LOP Check ==========

[2011/01/18 13:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/01/11 11:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/01/13 05:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/01/11 12:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/11 13:36:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/19 13:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/01/19 13:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2005/12/15 05:18:10 | 001,391,104 | ---- | M] (Microsoft Corporation) MD5=2FBCC19159C7D2EB3E400172B4433917 -- C:\WINDOWS\explorer.exe

< MD5 for: REGEDIT.EXE >
[2004/08/03 22:26:56 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=3F1BBCF28491DBBE645B50D6E3FA800C -- C:\WINDOWS\regedit.exe

< MD5 for: TCPIP.SYS >
[2005/12/05 06:23:04 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=2A4818AEA80ACD2C95D7D92D2F3155F8 -- C:\WINDOWS\system32\drivers\tcpip.sys

< End of report >
  • 0

#35
Essexboy
Posted 22 January 2011 - 05:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hm the MD5 is correct - what problems are you having now ?
  • 0

#36
Andreib18
Posted 22 January 2011 - 06:27 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
No problem,only some questions .... I'm now using f-secure av 2011 and when I download updates it doesen't show traffic or how mb left are ..how large are the update ?is task bar I see it downloads ....and start over many times ,it downloads or just error because timed out?And if I want to sent a virus to sameone in a archive with passworld...can I arhive the virus ?is about sality from a memory card ,now I have the autorun disabled and the files are something like that .. autorun.inf .. qf.??? and a couple of ms-dos commands.Can I simply arhive or to take that from a qarantine?Thantks!
  • 0

#37
Essexboy
Posted 22 January 2011 - 06:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have never used F-Secure so I do not know the size of updates or how it is displayed

if I want to sent a virus to sameone in a archive with passworld...can I arhive the virus

Why would you want to do this ?
  • 0

#38
Andreib18
Posted 22 January 2011 - 08:42 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
To help the av specialists to advance in blocking the virus
  • 0

#39
Essexboy
Posted 22 January 2011 - 08:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The problem here is if you are not carefull you could reactivate the virus

But right click the file and select send to.....
Select zip file and a location/name
Or you could use Peazip as that will give you the option to password protect

You may continue to have some problems with system files if the virus has corrupted them, this is something you should be aware of
  • 0

#40
Essexboy
Posted 26 January 2011 - 02:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP