Rootkits in my Windows 7

**AlOnan** · 26 Aug 2011

Hi.. Yesterday my PC couldn`t boot, but i repaired the bootsector and the mbr, and now it boots... I`m running a scan for rootkits with GMER and it found lots of rootkits... Can someone help??

**tom982** · 26 Aug 2011

Hello AlOnan and welcome to the forums

I am currently doing a malware removal degree and I am unable to offer my assistance in malware removal in this time. I would really appreciate it if you do the following for me please

I am trying to get to grips with these logs and its really useful to see some new infected ones:

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Tom

**richc46** · 26 Aug 2011

You can take the advice of Tom and in addition you can follow these suggestions. If you have a rootkit its best to reinstall.
I am not one of the malware experts, but if it were my computer I would reinstall. Rootkits can cause a lot of problems. You can never be certain if its all gone.
You can get a replacement CD for cost from your original supplier.
Many of our experts agree that with a rootkit a reinstall is the best way to go.
We also have a sister forum for Windows Seven
http://www.sevenforums.com/

**AlOnan** · 26 Aug 2011

Here is my OTL log ... It was made about 20 min ago

Code:

OTL logfile created on: 8/26/2011 7:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\User\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 55.38% Memory free
6.50 Gb Paging File | 5.05 Gb Available in Paging File | 77.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.86 Gb Total Space | 8.63 Gb Free Space | 6.40% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 6.97 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive E: | 82.37 Gb Total Space | 13.51 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
Drive F: | 288.33 Gb Total Space | 34.89 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive H: | 15.65 Gb Total Space | 10.45 Gb Free Space | 66.79% Space Free | Partition Type: HFSJ
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/08/26 19:25:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/08/25 20:16:28 | 000,159,232 | ---- | M] () -- C:\Windows\System32\drivers\kmhfoot.exe
PRC - [2011/08/25 20:15:59 | 000,226,304 | ---- | M] () -- C:\Windows\System32\drivers\svajnager.exe
PRC - [2011/08/24 23:44:09 | 000,917,504 | ---- | M] (Mozilla Corporation) -- C:\Program Files\UX\firefox.exe
PRC - [2011/08/24 23:44:09 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Program Files\UX\plugin-container.exe
PRC - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\gmer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems  Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/05 17:33:52 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/05 17:33:46 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () -- C:\Program  Files\Autodesk\3ds Max  2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
PRC - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour  Corporation) -- C:\Program Files\Mediafour\MacDrive  8\MacDrive8Service.exe
PRC - [2009/11/07 15:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) --  C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2009/09/15 12:51:40 | 000,017,408 | ---- | M] () -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) --  c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/08/25 20:17:20 | 000,812,032 | ---- | M] () -- C:\Windows\System32\vnfuiwqq.dll
MOD - [2011/08/24 23:44:09 | 001,953,792 | ---- | M] () -- C:\Program Files\UX\mozjs.dll
MOD - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\gmer.exe
MOD - [2011/07/10 08:07:04 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (zsubwnxaon)
SRV - [2011/08/25 20:17:20 | 000,812,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\vnfuiwqq.dll -- (jofaiffg)
SRV - [2011/08/25 20:16:28 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Windows\System32\drivers\kmhfoot.exe -- (kmhfoot)
SRV - [2011/08/25 20:15:59 | 000,226,304 | ---- | M] () [Auto | Running]  -- C:\Windows\System32\drivers\svajnager.exe -- (svajnag)
SRV - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH)  [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe --  (TunngleService)
SRV - [2011/07/12 04:54:53 | 001,343,400 | ---- | M] (Microsoft  Corporation) [Unknown | Stopped] --  C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/10 23:31:32 | 001,044,816 | ---- | M] (Flexera Software,  Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision  Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing  Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems  Incorporated) [Auto | Running] -- C:\Program Files\Common  Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.)  [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe --  (Hamachi2Svc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto |  Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events  Utility)
SRV - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () [Auto | Running]  -- C:\Program Files\Autodesk\3ds Max  2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe --  (mi-raysat_3dsmax2012_32)
SRV - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour  Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive  8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009/11/07 15:57:40 | 000,239,336 | ---- | M] (Systweak Inc.)  [Auto | Running] -- C:\Program Files\Advanced System Optimizer  3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2009/09/15 12:51:40 | 000,017,408 | ---- | M] () [Auto | Running]  -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe --  (iReboot)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft  Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll  -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft  Corporation) [Auto | Running] -- C:\Program Files\Windows  Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.)  [Auto | Running] -- c:\Program Files\Common Files\Protexis\License  Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/08/26 19:20:26 | 000,107,256 | ---- | M] (ESET) [Kernel |  On_Demand | Running] -- C:\Users\User\AppData\Local\Temp\esihdrv.sys --  (esihdrv)
DRV - [2011/07/19 13:18:42 | 000,104,752 | ---- | M] (Oracle  Corporation) [Kernel | On_Demand | Running] --  C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/07/19 13:18:40 | 000,158,000 | ---- | M] (Oracle  Corporation) [Kernel | System | Running] --  C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/07/19 13:18:40 | 000,116,016 | ---- | M] (Oracle  Corporation) [Kernel | On_Demand | Running] --  C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/07/19 13:18:40 | 000,093,488 | ---- | M] (Oracle  Corporation) [Kernel | System | Running] --  C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/06/05 17:33:58 | 000,052,224 | ---- | M] (Microsoft  Corporation) [Kernel | On_Demand | Stopped] --  C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/06/05 17:33:13 | 000,027,264 | ---- | M] (Microsoft  Corporation) [Kernel | On_Demand | Stopped] --  C:\Windows\system32\DRIVERS\TsUsbGD.sys -- (TsUsbGD)
DRV - [2011/05/06 14:30:36 | 000,016,472 | ---- | M] () [Kernel |  On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 14:30:28 | 000,011,104 | ---- | M] () [Kernel |  On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies  Inc.) [Kernel | On_Demand | Running] --  C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro  Devices, Inc.) [Kernel | On_Demand | Running] --  C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro  Devices) [Kernel | On_Demand | Running] --  C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/10/07 15:36:04 | 000,234,160 | ---- | M] (Mediafour  Corporation) [File_System | Boot | Running] --  C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/05/12 14:51:34 | 000,029,792 | ---- | M] (Mediafour  Corporation) [Kernel | Boot | Running] --  C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation)  [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys  -- (CBDisk)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net)  [Kernel | On_Demand | Running] --  C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter  V9 (Tunngle)
DRV - [2009/07/14 00:02:52 | 000,043,008 | ---- | M] (Realtek  Semiconductor Corporation                           ) [Kernel |  On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys --  (RTL8023xp)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.)  [Kernel | On_Demand | Running] --  C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 99 0E 92 E3 60 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll (  Microsoft Corporation)
FF -  HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF -  HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  C:\Program Files\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0:  C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll  (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\UX  9.0a1\extensions\\Components: C:\Program Files\UX\components [2011/08/24  23:44:09 | 000,000,000 | ---D | M]
 
[2011/08/22 17:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
File not found (No name found) -- 
 
Hosts file not found
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -  C:\Users\User\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media  Group)
O2 - BHO: (Office Document Cache Handler) -  {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft  Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O2 - BHO: () - {E9AF00D1-5B6E-7E84-C833-22575AEBFD8B} - C:\Windows\System32\vnfuiwqq.dll ()
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [WinDLL (service.exe)] C:\Windows\service.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.13.2 10.2.1.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft  Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\tumioro: DllName -  C:\Windows\system32\config\systemprofile\AppData\Local\tumioro.dll -  C:\Windows\System32\config\systemprofile\AppData\Local\tumioro.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/26 19:14:51 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/26 18:37:49 | 000,000,000 | ---D | C] --  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search  & Destroy
[2011/08/26 18:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/26 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/26 03:09:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Windows Loader
[2011/08/25 16:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2011/08/24 19:01:38 | 000,071,527 | -HS- | C] (SenseLog LLC) -- C:\Windows\digtss.exe
[2011/08/24 19:01:35 | 000,065,894 | -HS- | C] (SenseLog LLC) -- C:\Windows\pfbstar.exe
[2011/08/24 19:01:32 | 000,071,527 | -HS- | C] (SenseLog LLC) -- C:\Windows\cpdat.exe
[2011/08/24 19:01:30 | 000,071,526 | -HS- | C] (SenseLog LLC) -- C:\Windows\ptw32.exe
[2011/08/24 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\KONAMI
[2011/08/24 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2011/08/24 13:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GHISLER
[2011/08/23 20:23:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\UniExtract
[2011/08/23 20:10:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Installshield 2011 Cab Viewer
[2011/08/23 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Codemasters
[2011/08/23 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/08/23 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Grid
[2011/08/22 17:24:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2011/08/22 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\maya
[2011/08/22 12:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alias Shared
[2011/08/22 03:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\CryEngine3
[2011/08/22 01:34:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Google
[2011/08/22 01:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/08/22 01:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/21 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Scirra
[2011/08/21 17:03:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/08/21 17:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Scirra
[2011/08/21 13:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Leadwerks Engine SDK
[2011/08/20 19:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\UX
[2011/08/20 10:37:20 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\USB
[2011/08/20 03:09:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\GameStart
[2011/08/20 03:08:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameStart
[2011/08/20 03:08:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/08/20 03:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/08/20 03:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\GameStart
[2011/08/19 22:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2011/08/19 22:25:58 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\World
[2011/08/19 14:56:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2011/08/19 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2011/08/19 05:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
[2011/08/19 04:58:19 | 000,000,000 | ---D | C] -- C:\UDK
[2011/08/19 03:22:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/08/19 01:59:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2011/08/18 04:22:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FFSJ
[2011/08/17 22:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Unity3D Tutorials
[2011/08/17 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2011/08/17 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2011/08/17 14:22:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Unity
[2011/08/17 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PACE Anti-Piracy
[2011/08/17 14:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2011/08/17 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Unity
[2011/08/17 14:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2011/08/15 05:01:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Downloads
[2011/08/15 04:59:06 | 000,000,000 | ---D | C] -- C:\Users\User\ultracopier
[2011/08/15 04:58:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\qBittorrent
[2011/08/15 04:58:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\qBittorrent
[2011/08/14 17:09:00 | 000,000,000 | ---D | C] -- C:\Gjera te Zbritura
[2011/08/13 15:12:54 | 000,000,000 | ---D | C] --  C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FL  DataStorm
[2011/08/13 15:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\FL DataStorm
[2011/08/13 11:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/13 08:22:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ChemTable Software
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Uninstall
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Full Uninstall
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ChemTable Software
[2011/08/13 08:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life
[2011/08/13 08:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Life
[2011/08/12 22:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2011/08/12 19:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/08/12 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011/08/11 18:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/08/10 14:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Freelancer Companion
[2011/08/08 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/08/07 08:39:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PunkBuster
[2011/08/07 07:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spotmau
[2011/08/07 07:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/08/07 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/08/05 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/04 18:02:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/08/03 05:04:15 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\iMacros
[2011/08/01 14:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Mod Manager
[2011/08/01 14:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Freelancer Mod Manager
[2011/07/31 05:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011/07/31 05:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2011/07/31 05:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/07/31 05:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2011/07/31 05:26:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Corel
[2011/07/31 02:34:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Games
[2011/07/31 02:34:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Freelancer
[2011/07/31 02:33:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/31 01:52:44 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Tunngle
[2011/07/30 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STDUtility
[2011/07/30 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\STDUtility
[2011/07/30 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\STDU Explorer
[2011/07/30 18:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\EIGHT- start page
[2011/07/29 23:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2011/07/29 11:56:53 | 000,000,000 | ---D | C] -- C:\Users\User\VirtualBox VMs
[2011/07/28 22:31:49 | 000,000,000 | ---D | C] -- C:\Users\User\.VirtualBox
[2011/07/28 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011/07/28 21:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/07/28 17:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8 Skin Pack
[2011/07/28 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/07/28 16:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/07/28 16:30:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Chromium
[2011/07/28 16:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Skin Pack
[2011/07/28 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\MetroClock
[2011/07/28 16:19:23 | 000,000,000 | -H-D | C] -- C:\Windows\8 Skin Pack
[2011/07/28 16:19:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\TempDIR
[2011/07/28 04:06:11 | 000,000,000 | ---D | C] --  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition  Wizard Professional Edition 6.0
[2011/07/28 04:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Professional Edition 6.0
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SelfImage
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SelfImage
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\SelfImage
[2011/07/28 03:20:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/07/28 03:05:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VMware
[2011/07/28 03:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/26 19:00:13 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/08/26 18:37:50 | 000,001,244 | ---- | M] () --  C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick  Launch\Spybot - Search & Destroy.lnk
[2011/08/26 18:37:50 | 000,001,220 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 18:01:02 | 000,014,240 | -H-- | M] () --  C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 18:01:02 | 000,014,240 | -H-- | M] () --  C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 17:52:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/26 17:51:55 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/26 04:15:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011/08/26 03:10:13 | 000,289,967 | RHS- | M] () -- C:\UERXV
[2011/08/26 03:10:13 | 000,000,000 | RHS- | M] () -- C:\bscu.ld
[2011/08/26 01:59:35 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/08/26 01:26:22 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/08/25 20:17:20 | 000,812,032 | ---- | M] () -- C:\Windows\System32\vnfuiwqq.dll
[2011/08/25 20:16:28 | 000,159,232 | ---- | M] () -- C:\Windows\System32\drivers\kmhfoot.exe
[2011/08/25 20:16:27 | 000,016,437 | ---- | M] () -- C:\Windows\System32\drivers\str.sys
[2011/08/25 20:16:12 | 000,062,464 | ---- | M] () -- C:\Windows\service.exe
[2011/08/25 20:15:59 | 000,226,304 | ---- | M] () -- C:\Windows\System32\drivers\svajnager.exe
[2011/08/25 20:15:59 | 000,000,017 | ---- | M] () -- C:\Windows\keys.ini
[2011/08/25 20:15:25 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/08/25 20:10:05 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/08/25 20:05:31 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/08/25 19:00:11 | 000,071,527 | -HS- | M] (SenseLog LLC) -- C:\Windows\digtss.exe
[2011/08/25 19:00:08 | 000,065,894 | -HS- | M] (SenseLog LLC) -- C:\Windows\pfbstar.exe
[2011/08/25 19:00:05 | 000,071,527 | -HS- | M] (SenseLog LLC) -- C:\Windows\cpdat.exe
[2011/08/25 19:00:02 | 000,071,526 | -HS- | M] (SenseLog LLC) -- C:\Windows\ptw32.exe
[2011/08/25 16:30:01 | 000,001,443 | ---- | M] () -- C:\Users\User\Desktop\BurnAware Free.lnk
[2011/08/25 16:29:33 | 000,000,072 | ---- | M] () -- C:\Users\User\AppData\Roaming\burnaware.ini
[2011/08/25 11:07:15 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/08/24 22:18:28 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/08/23 18:57:47 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/08/23 18:57:16 | 000,000,582 | ---- | M] () -- C:\Users\User\Desktop\Race Driver GRID.lnk
[2011/08/23 11:57:08 | 000,659,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/23 11:57:08 | 000,120,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/22 17:24:51 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\UX.lnk
[2011/08/22 12:22:31 | 000,001,120 | ---- | M] () --  C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick  Launch\Autodesk Maya 2011.lnk
[2011/08/22 12:22:31 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/08/22 00:05:11 | 012,723,595 | ---- | M] () -- C:\Users\User\Desktop\CryENGINE_3_Cookbook.pdf
[2011/08/21 13:12:37 | 000,001,041 | ---- | M] () -- C:\Users\User\Desktop\LeadWerks Engine Editor.lnk
[2011/08/20 03:08:36 | 000,001,079 | ---- | M] () -- C:\Users\User\Desktop\GameStart Editor.lnk
[2011/08/17 15:27:14 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/08/13 15:12:54 | 000,001,991 | ---- | M] () -- C:\Users\User\Desktop\FL DataStorm v4.0.lnk
[2011/08/13 08:26:33 | 000,001,036 | ---- | M] () -- C:\Users\User\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/13 08:26:32 | 000,001,024 | ---- | M] () -- C:\Users\User\Desktop\Registry Life.lnk
[2011/08/12 00:10:54 | 000,000,927 | ---- | M] () --  C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick  Launch\Tunngle beta.lnk
[2011/08/12 00:10:54 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/08/11 18:07:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011/08/09 00:25:49 | 000,002,910 | ---- | M] () -- C:\Users\User\Desktop\Freelancer.reg
[2011/08/08 16:59:27 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/08/07 07:20:02 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare LiveBoot 2012.lnk
[2011/08/06 14:20:53 | 000,077,959 | ---- | M] () -- C:\Users\User\Desktop\Internet.JPG
[2011/08/06 14:10:01 | 000,072,553 | ---- | M] () -- C:\Users\User\Desktop\Capture.JPG
[2011/08/01 14:20:27 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
[2011/07/31 19:50:45 | 003,657,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/31 05:34:26 | 000,003,140 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 05:33:21 | 000,000,088 | RHS- | M] () -- C:\ProgramData\5F471B7158.sys
[2011/07/30 19:04:52 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\STDU Explorer.lnk
[2011/07/29 22:33:40 | 000,000,449 | ---- | M] () -- C:\Users\User\Desktop\Top Youngsters.slf
[2011/07/28 21:14:13 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/28 16:08:36 | 000,353,752 | ---- | M] () -- C:\Windows\UTP.exe
[2011/07/28 04:06:11 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/08/26 18:37:50 | 000,001,244 | ---- | C] () --  C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick  Launch\Spybot - Search & Destroy.lnk
[2011/08/26 18:37:50 | 000,001,220 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 03:10:13 | 000,289,967 | RHS- | C] () -- C:\UERXV
[2011/08/26 03:10:13 | 000,000,000 | RHS- | C] () -- C:\bscu.ld
[2011/08/25 20:17:21 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/08/25 20:17:20 | 000,812,032 | ---- | C] () -- C:\Windows\System32\vnfuiwqq.dll
[2011/08/25 20:16:28 | 000,159,232 | ---- | C] () -- C:\Windows\System32\drivers\kmhfoot.exe
[2011/08/25 20:16:23 | 000,016,437 | ---- | C] () -- C:\Windows\System32\drivers\str.sys
[2011/08/25 20:16:12 | 000,062,464 | ---- | C] () -- C:\Windows\service.exe
[2011/08/25 20:15:59 | 000,226,304 | ---- | C] () -- C:\Windows\System32\drivers\svajnager.exe
[2011/08/25 20:15:59 | 000,000,017 | ---- | C] () -- C:\Windows\keys.ini
[2011/08/25 16:30:01 | 000,001,443 | ---- | C] () -- C:\Users\User\Desktop\BurnAware Free.lnk
[2011/08/25 16:29:32 | 000,000,072 | ---- | C] () -- C:\Users\User\AppData\Roaming\burnaware.ini
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2011/08/24 13:19:39 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/08/24 13:19:38 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/08/24 13:19:37 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/08/24 13:19:37 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/08/24 13:19:36 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/08/23 18:57:16 | 000,000,582 | ---- | C] () -- C:\Users\User\Desktop\Race Driver GRID.lnk
[2011/08/22 17:24:51 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UX.lnk
[2011/08/22 17:24:51 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\UX.lnk
[2011/08/22 12:22:31 | 000,001,120 | ---- | C] () --  C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick  Launch\Autodesk Maya 2011.lnk
[2011/08/22 12:22:31 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/08/22 00:05:06 | 012,723,595 | ---- | C] () -- C:\Users\User\Desktop\CryENGINE_3_Cookbook.pdf
[2011/08/21 13:12:37 | 000,001,041 | ---- | C] () -- C:\Users\User\Desktop\LeadWerks Engine Editor.lnk
[2011/08/20 03:08:36 | 000,001,079 | ---- | C] () -- C:\Users\User\Desktop\GameStart Editor.lnk
[2011/08/17 15:27:14 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/08/13 15:12:54 | 000,001,991 | ---- | C] () -- C:\Users\User\Desktop\FL DataStorm v4.0.lnk
[2011/08/13 11:46:47 | 000,001,169 | ---- | C] () --  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop  CS5.lnk
[2011/08/13 11:46:16 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/08/13 11:46:00 | 000,001,224 | ---- | C] () --  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device  Central CS5.lnk
[2011/08/13 11:45:07 | 000,001,315 | ---- | C] () --  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension  Manager CS5.lnk
[2011/08/13 11:45:03 | 000,001,481 | ---- | C] () --  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript  Toolkit CS5.lnk
[2011/08/13 08:21:54 | 000,001,036 | ---- | C] () -- C:\Users\User\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/13 08:21:53 | 000,001,024 | ---- | C] () -- C:\Users\User\Desktop\Registry Life.lnk
[2011/08/12 22:48:26 | 120,845,150 | ---- | C] () -- C:\Users\User\Desktop\fm2011_semicolon.csv
[2011/08/12 22:22:25 | 005,025,045 | ---- | C] () -- C:\Users\User\Desktop\FM 2010 14000 players.csv
[2011/08/11 18:07:30 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011/08/10 14:11:22 | 000,001,080 | ---- | C] () --  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer  Companion.lnk
[2011/08/09 00:25:49 | 000,002,910 | ---- | C] () -- C:\Users\User\Desktop\Freelancer.reg
[2011/08/08 16:59:27 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/08/07 08:39:23 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/07 08:18:05 | 001,132,960 | ---- | C] () -- C:\Users\User\Desktop\Pallati.JPG
[2011/08/07 07:20:02 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare LiveBoot 2012.lnk
[2011/08/06 14:20:53 | 000,077,959 | ---- | C] () -- C:\Users\User\Desktop\Internet.JPG
[2011/08/06 14:10:00 | 000,072,553 | ---- | C] () -- C:\Users\User\Desktop\Capture.JPG
[2011/08/01 14:20:27 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
[2011/07/31 05:32:24 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter 11.lnk
[2011/07/31 05:26:42 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 05:26:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5F471B7158.sys
[2011/07/30 19:04:52 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\STDU Explorer.lnk
[2011/07/29 03:00:31 | 000,000,449 | ---- | C] () -- C:\Users\User\Desktop\Top Youngsters.slf
[2011/07/28 21:14:13 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/28 16:11:15 | 000,895,251 | ---- | C] () -- C:\Users\User\Desktop\Se7en File Replacer.exe
[2011/07/28 04:06:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/07/28 04:06:29 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/07/28 04:06:20 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/07/28 04:06:11 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk
[2011/07/28 01:37:50 | 000,353,752 | ---- | C] () -- C:\Windows\UTP.exe
[2011/07/18 20:58:36 | 000,000,092 | ---- | C] () -- C:\Windows\BackupManager.INI
[2011/07/18 20:57:25 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2011/07/13 03:54:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/07/12 22:24:16 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2011/07/12 22:21:30 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/07/10 07:47:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 003,657,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,659,634 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,120,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 01:11:12 | 000,409,344 | ---- | C] () -- C:\Windows\System32\kscarjei.dat
[2009/07/14 01:11:12 | 000,365,824 | ---- | C] () -- C:\Windows\System32\ebechrld.dat
[2009/07/14 01:11:12 | 000,154,368 | ---- | C] () -- C:\Windows\System32\cqtrojte.dat
[2009/07/14 01:11:12 | 000,138,496 | ---- | C] () -- C:\Windows\System32\oujngjyc.dat
[2009/07/14 01:11:12 | 000,058,112 | ---- | C] () -- C:\Windows\System32\ctemghgp.dat
[2009/07/14 01:11:12 | 000,055,040 | ---- | C] () -- C:\Windows\System32\wrspqyjc.dat
[2009/07/14 01:11:12 | 000,041,728 | ---- | C] () -- C:\Windows\System32\zgjuldaf.dat
[2009/07/14 01:11:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\cjwjudpa.dat
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe
 
========== LOP Check ==========
 
[2011/08/22 12:30:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2011/07/18 20:58:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Backup Manager
[2011/08/26 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011/08/25 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2011/08/13 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ChemTable Software
[2011/07/13 02:11:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Echo Software
[2011/08/18 04:22:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FFSJ
[2011/07/12 22:21:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2011/07/12 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2011/08/24 13:28:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2011/07/18 14:24:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2011/08/19 03:22:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/08/15 05:01:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\qBittorrent
[2011/07/12 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan
[2011/08/21 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Scirra
[2011/07/12 14:56:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sports Interactive
[2011/07/18 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
[2011/08/26 10:02:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tunngle
[2011/07/10 22:59:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TweakNow RegCleaner 2011
[2011/08/18 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2011/07/14 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoudaGames
[2011/07/18 20:58:21 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
[2011/08/25 11:07:15 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\ASOService.job
[2011/08/26 19:00:13 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/08/25 20:05:31 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/08/25 20:10:05 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/08/26 01:26:22 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/08/25 20:15:25 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/08/24 22:18:28 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/08/26 18:25:28 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 1208 bytes -> C:\ProgramData\Microsoft:bXLebRnv0FPMzslUiOVF6
@Alternate Data Stream - 1169 bytes -> C:\Program Files\Common Files\microsoft shared:BUHNHJOEUEUQuMCKmlcFD
@Alternate Data Stream - 1086 bytes -> C:\Users\User\AppData\Local\Temp:bMnd0S4faPk5Eo4BluJvm5
@Alternate Data Stream - 1081 bytes -> C:\ProgramData\Microsoft:dzuC4FVqn1G0VGiLkCvqIh0qb

< End of report >

**tom982** · 26 Aug 2011

Thank you for taking the time to do that for me

I really appreciate it

You're still infected alright!

Tom

**AlOnan** · 26 Aug 2011

I am using my 64-bit Windows.. Scanned with GMER and Avast Anti Rootkit.. There are no rootkits here. I will do a full scan with Bit Defender Rescue CD later

**tom982** · 26 Aug 2011

All I can see is a trojan, but I am unable to help you with your malware removal - I can't even tell you which files are infected

A standard OTL log won't show signs of a rootkit, so I can't confirm that

Tom

**AlOnan** · 26 Aug 2011

I asked for help in GeeksToGo

**t-4-2** · 26 Aug 2011

Originally Posted by AlOnan

Hi.. Yesterday my PC couldn`t boot, but i repaired the bootsector and the mbr, and now it boots... I`m running a scan for rootkits with GMER and it found lots of rootkits... Can someone help??

If your are sure that you have rootkits, try using this TDSSKiller. It is free.

TDSSKiller Download - Softpedia

**richc46** · 26 Aug 2011

Reinstall, I have seen the malware experts say that many times.
Dont mess around with rootkits

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
RE: RootKits?	oscar	Vista General	3	13 Aug 2008
Removing RootKits	cyranodesade	Vista file management	14	16 Aug 2007
Windows Rootkits/Virus Issues.	Spot	Vista security	2	24 Jan 2007
Rootkits in Vista RC-1 and RC-2 ?	breakin hardware	Vista General	2	11 Oct 2006

Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Re: Rootkits in my Windows 7

Posting Permissions