Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware/Rootkits have infected my PC

Started by Albano Nano , Aug 26 2011 11:33 AM

This topic is locked

#1
Albano Nano

Posted 26 August 2011 - 11:33 AM

New Member

Member
5 posts

My PC couldn`t boot yesterday because rootkits had infected my mbr.. So I fixed that by using the WIndows 7 Install DVD.. My PC is running very slow.. I scanned my PC with GMER for rootkits, and it found lots of them.. I also scanned with Spybot S&D and it found only 1 dangerous browser cookie.. Here are my OTL logs

OTL logfile created on: 8/26/2011 7:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 55.38% Memory free
6.50 Gb Paging File | 5.05 Gb Available in Paging File | 77.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.86 Gb Total Space | 8.63 Gb Free Space | 6.40% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 6.97 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive E: | 82.37 Gb Total Space | 13.51 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
Drive F: | 288.33 Gb Total Space | 34.89 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive H: | 15.65 Gb Total Space | 10.45 Gb Free Space | 66.79% Space Free | Partition Type: HFSJ

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/26 19:25:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/08/25 20:16:28 | 000,159,232 | ---- | M] () -- C:\Windows\System32\drivers\kmhfoot.exe
PRC - [2011/08/25 20:15:59 | 000,226,304 | ---- | M] () -- C:\Windows\System32\drivers\svajnager.exe
PRC - [2011/08/24 23:44:09 | 000,917,504 | ---- | M] (Mozilla Corporation) -- C:\Program Files\UX\firefox.exe
PRC - [2011/08/24 23:44:09 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Program Files\UX\plugin-container.exe
PRC - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\gmer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/05 17:33:52 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/05 17:33:46 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
PRC - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009/11/07 15:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2009/09/15 12:51:40 | 000,017,408 | ---- | M] () -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/25 20:17:20 | 000,812,032 | ---- | M] () -- C:\Windows\System32\vnfuiwqq.dll
MOD - [2011/08/24 23:44:09 | 001,953,792 | ---- | M] () -- C:\Program Files\UX\mozjs.dll
MOD - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\gmer.exe
MOD - [2011/07/10 08:07:04 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (zsubwnxaon)
SRV - [2011/08/25 20:17:20 | 000,812,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\vnfuiwqq.dll -- (jofaiffg)
SRV - [2011/08/25 20:16:28 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Windows\System32\drivers\kmhfoot.exe -- (kmhfoot)
SRV - [2011/08/25 20:15:59 | 000,226,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\drivers\svajnager.exe -- (svajnag)
SRV - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/07/12 04:54:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/10 23:31:32 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32)
SRV - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009/11/07 15:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2009/09/15 12:51:40 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe -- (iReboot)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV - [2011/08/26 19:20:26 | 000,107,256 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Users\User\AppData\Local\Temp\esihdrv.sys -- (esihdrv)
DRV - [2011/07/19 13:18:42 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/07/19 13:18:40 | 000,158,000 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/07/19 13:18:40 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/07/19 13:18:40 | 000,093,488 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/06/05 17:33:58 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/06/05 17:33:13 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\TsUsbGD.sys -- (TsUsbGD)
DRV - [2011/05/06 14:30:36 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 14:30:28 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/10/07 15:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/05/12 14:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/07/14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 99 0E 92 E3 60 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\UX 9.0a1\extensions\\Components: C:\Program Files\UX\components [2011/08/24 23:44:09 | 000,000,000 | ---D | M]

[2011/08/22 17:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
File not found (No name found) --

Hosts file not found
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\User\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O2 - BHO: () - {E9AF00D1-5B6E-7E84-C833-22575AEBFD8B} - C:\Windows\System32\vnfuiwqq.dll ()
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [WinDLL (service.exe)] C:\Windows\service.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.13.2 10.2.1.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\tumioro: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\tumioro.dll - C:\Windows\System32\config\systemprofile\AppData\Local\tumioro.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/26 19:14:51 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/26 18:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/26 18:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/26 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/26 03:09:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Windows Loader
[2011/08/25 16:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2011/08/24 19:01:38 | 000,071,527 | -HS- | C] (SenseLog LLC) -- C:\Windows\digtss.exe
[2011/08/24 19:01:35 | 000,065,894 | -HS- | C] (SenseLog LLC) -- C:\Windows\pfbstar.exe
[2011/08/24 19:01:32 | 000,071,527 | -HS- | C] (SenseLog LLC) -- C:\Windows\cpdat.exe
[2011/08/24 19:01:30 | 000,071,526 | -HS- | C] (SenseLog LLC) -- C:\Windows\ptw32.exe
[2011/08/24 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\KONAMI
[2011/08/24 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2011/08/24 13:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GHISLER
[2011/08/23 20:23:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\UniExtract
[2011/08/23 20:10:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Installshield 2011 Cab Viewer
[2011/08/23 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Codemasters
[2011/08/23 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/08/23 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Grid
[2011/08/22 17:24:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2011/08/22 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\maya
[2011/08/22 12:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alias Shared
[2011/08/22 03:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\CryEngine3
[2011/08/22 01:34:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Google
[2011/08/22 01:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/08/22 01:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/21 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Scirra
[2011/08/21 17:03:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/08/21 17:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Scirra
[2011/08/21 13:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Leadwerks Engine SDK
[2011/08/20 19:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\UX
[2011/08/20 10:37:20 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\USB
[2011/08/20 03:09:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\GameStart
[2011/08/20 03:08:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameStart
[2011/08/20 03:08:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/08/20 03:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/08/20 03:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\GameStart
[2011/08/19 22:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2011/08/19 22:25:58 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\World
[2011/08/19 14:56:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2011/08/19 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2011/08/19 05:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
[2011/08/19 04:58:19 | 000,000,000 | ---D | C] -- C:\UDK
[2011/08/19 03:22:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/08/19 01:59:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2011/08/18 04:22:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FFSJ
[2011/08/17 22:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Unity3D Tutorials
[2011/08/17 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2011/08/17 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2011/08/17 14:22:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Unity
[2011/08/17 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PACE Anti-Piracy
[2011/08/17 14:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2011/08/17 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Unity
[2011/08/17 14:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2011/08/15 05:01:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Downloads
[2011/08/15 04:59:06 | 000,000,000 | ---D | C] -- C:\Users\User\ultracopier
[2011/08/15 04:58:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\qBittorrent
[2011/08/15 04:58:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\qBittorrent
[2011/08/14 17:09:00 | 000,000,000 | ---D | C] -- C:\Gjera te Zbritura
[2011/08/13 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FL DataStorm
[2011/08/13 15:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\FL DataStorm
[2011/08/13 11:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/13 08:22:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ChemTable Software
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Uninstall
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Full Uninstall
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ChemTable Software
[2011/08/13 08:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life
[2011/08/13 08:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Life
[2011/08/12 22:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2011/08/12 19:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/08/12 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011/08/11 18:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/08/10 14:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Freelancer Companion
[2011/08/08 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/08/07 08:39:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PunkBuster
[2011/08/07 07:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spotmau
[2011/08/07 07:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/08/07 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/08/05 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/04 18:02:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/08/03 05:04:15 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\iMacros
[2011/08/01 14:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Mod Manager
[2011/08/01 14:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Freelancer Mod Manager
[2011/07/31 05:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011/07/31 05:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2011/07/31 05:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/07/31 05:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2011/07/31 05:26:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Corel
[2011/07/31 02:34:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Games
[2011/07/31 02:34:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Freelancer
[2011/07/31 02:33:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/31 01:52:44 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Tunngle
[2011/07/30 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STDUtility
[2011/07/30 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\STDUtility
[2011/07/30 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\STDU Explorer
[2011/07/30 18:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\EIGHT- start page
[2011/07/29 23:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2011/07/29 11:56:53 | 000,000,000 | ---D | C] -- C:\Users\User\VirtualBox VMs
[2011/07/28 22:31:49 | 000,000,000 | ---D | C] -- C:\Users\User\.VirtualBox
[2011/07/28 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011/07/28 21:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/07/28 17:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8 Skin Pack
[2011/07/28 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/07/28 16:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/07/28 16:30:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Chromium
[2011/07/28 16:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Skin Pack
[2011/07/28 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\MetroClock
[2011/07/28 16:19:23 | 000,000,000 | -H-D | C] -- C:\Windows\8 Skin Pack
[2011/07/28 16:19:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\TempDIR
[2011/07/28 04:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Professional Edition 6.0
[2011/07/28 04:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Professional Edition 6.0
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SelfImage
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SelfImage
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\SelfImage
[2011/07/28 03:20:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/07/28 03:05:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VMware
[2011/07/28 03:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/26 19:00:13 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/08/26 18:37:50 | 000,001,244 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/26 18:37:50 | 000,001,220 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 18:01:02 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 18:01:02 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 17:52:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/26 17:51:55 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/26 04:15:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011/08/26 03:10:13 | 000,289,967 | RHS- | M] () -- C:\UERXV
[2011/08/26 03:10:13 | 000,000,000 | RHS- | M] () -- C:\bscu.ld
[2011/08/26 01:59:35 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/08/26 01:26:22 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/08/25 20:17:20 | 000,812,032 | ---- | M] () -- C:\Windows\System32\vnfuiwqq.dll
[2011/08/25 20:16:28 | 000,159,232 | ---- | M] () -- C:\Windows\System32\drivers\kmhfoot.exe
[2011/08/25 20:16:27 | 000,016,437 | ---- | M] () -- C:\Windows\System32\drivers\str.sys
[2011/08/25 20:16:12 | 000,062,464 | ---- | M] () -- C:\Windows\service.exe
[2011/08/25 20:15:59 | 000,226,304 | ---- | M] () -- C:\Windows\System32\drivers\svajnager.exe
[2011/08/25 20:15:59 | 000,000,017 | ---- | M] () -- C:\Windows\keys.ini
[2011/08/25 20:15:25 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/08/25 20:10:05 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/08/25 20:05:31 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/08/25 19:00:11 | 000,071,527 | -HS- | M] (SenseLog LLC) -- C:\Windows\digtss.exe
[2011/08/25 19:00:08 | 000,065,894 | -HS- | M] (SenseLog LLC) -- C:\Windows\pfbstar.exe
[2011/08/25 19:00:05 | 000,071,527 | -HS- | M] (SenseLog LLC) -- C:\Windows\cpdat.exe
[2011/08/25 19:00:02 | 000,071,526 | -HS- | M] (SenseLog LLC) -- C:\Windows\ptw32.exe
[2011/08/25 16:30:01 | 000,001,443 | ---- | M] () -- C:\Users\User\Desktop\BurnAware Free.lnk
[2011/08/25 16:29:33 | 000,000,072 | ---- | M] () -- C:\Users\User\AppData\Roaming\burnaware.ini
[2011/08/25 11:07:15 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/08/24 22:18:28 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/08/23 18:57:47 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/08/23 18:57:16 | 000,000,582 | ---- | M] () -- C:\Users\User\Desktop\Race Driver GRID.lnk
[2011/08/23 11:57:08 | 000,659,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/23 11:57:08 | 000,120,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/22 17:24:51 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\UX.lnk
[2011/08/22 12:22:31 | 000,001,120 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2011.lnk
[2011/08/22 12:22:31 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/08/22 00:05:11 | 012,723,595 | ---- | M] () -- C:\Users\User\Desktop\CryENGINE_3_Cookbook.pdf
[2011/08/21 13:12:37 | 000,001,041 | ---- | M] () -- C:\Users\User\Desktop\LeadWerks Engine Editor.lnk
[2011/08/20 03:08:36 | 000,001,079 | ---- | M] () -- C:\Users\User\Desktop\GameStart Editor.lnk
[2011/08/17 15:27:14 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/08/13 15:12:54 | 000,001,991 | ---- | M] () -- C:\Users\User\Desktop\FL DataStorm v4.0.lnk
[2011/08/13 08:26:33 | 000,001,036 | ---- | M] () -- C:\Users\User\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/13 08:26:32 | 000,001,024 | ---- | M] () -- C:\Users\User\Desktop\Registry Life.lnk
[2011/08/12 00:10:54 | 000,000,927 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/08/12 00:10:54 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/08/11 18:07:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011/08/09 00:25:49 | 000,002,910 | ---- | M] () -- C:\Users\User\Desktop\Freelancer.reg
[2011/08/08 16:59:27 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/08/07 07:20:02 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare LiveBoot 2012.lnk
[2011/08/06 14:20:53 | 000,077,959 | ---- | M] () -- C:\Users\User\Desktop\Internet.JPG
[2011/08/06 14:10:01 | 000,072,553 | ---- | M] () -- C:\Users\User\Desktop\Capture.JPG
[2011/08/01 14:20:27 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
[2011/07/31 19:50:45 | 003,657,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/31 05:34:26 | 000,003,140 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 05:33:21 | 000,000,088 | RHS- | M] () -- C:\ProgramData\5F471B7158.sys
[2011/07/30 19:04:52 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\STDU Explorer.lnk
[2011/07/29 22:33:40 | 000,000,449 | ---- | M] () -- C:\Users\User\Desktop\Top Youngsters.slf
[2011/07/28 21:14:13 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/28 16:08:36 | 000,353,752 | ---- | M] () -- C:\Windows\UTP.exe
[2011/07/28 04:06:11 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/26 18:37:50 | 000,001,244 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/26 18:37:50 | 000,001,220 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 03:10:13 | 000,289,967 | RHS- | C] () -- C:\UERXV
[2011/08/26 03:10:13 | 000,000,000 | RHS- | C] () -- C:\bscu.ld
[2011/08/25 20:17:21 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/08/25 20:17:20 | 000,812,032 | ---- | C] () -- C:\Windows\System32\vnfuiwqq.dll
[2011/08/25 20:16:28 | 000,159,232 | ---- | C] () -- C:\Windows\System32\drivers\kmhfoot.exe
[2011/08/25 20:16:23 | 000,016,437 | ---- | C] () -- C:\Windows\System32\drivers\str.sys
[2011/08/25 20:16:12 | 000,062,464 | ---- | C] () -- C:\Windows\service.exe
[2011/08/25 20:15:59 | 000,226,304 | ---- | C] () -- C:\Windows\System32\drivers\svajnager.exe
[2011/08/25 20:15:59 | 000,000,017 | ---- | C] () -- C:\Windows\keys.ini
[2011/08/25 16:30:01 | 000,001,443 | ---- | C] () -- C:\Users\User\Desktop\BurnAware Free.lnk
[2011/08/25 16:29:32 | 000,000,072 | ---- | C] () -- C:\Users\User\AppData\Roaming\burnaware.ini
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2011/08/24 13:19:39 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/08/24 13:19:38 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/08/24 13:19:37 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/08/24 13:19:37 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/08/24 13:19:36 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/08/23 18:57:16 | 000,000,582 | ---- | C] () -- C:\Users\User\Desktop\Race Driver GRID.lnk
[2011/08/22 17:24:51 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UX.lnk
[2011/08/22 17:24:51 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\UX.lnk
[2011/08/22 12:22:31 | 000,001,120 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2011.lnk
[2011/08/22 12:22:31 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/08/22 00:05:06 | 012,723,595 | ---- | C] () -- C:\Users\User\Desktop\CryENGINE_3_Cookbook.pdf
[2011/08/21 13:12:37 | 000,001,041 | ---- | C] () -- C:\Users\User\Desktop\LeadWerks Engine Editor.lnk
[2011/08/20 03:08:36 | 000,001,079 | ---- | C] () -- C:\Users\User\Desktop\GameStart Editor.lnk
[2011/08/17 15:27:14 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/08/13 15:12:54 | 000,001,991 | ---- | C] () -- C:\Users\User\Desktop\FL DataStorm v4.0.lnk
[2011/08/13 11:46:47 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/08/13 11:46:16 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/08/13 11:46:00 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/08/13 11:45:07 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/08/13 11:45:03 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/08/13 08:21:54 | 000,001,036 | ---- | C] () -- C:\Users\User\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/13 08:21:53 | 000,001,024 | ---- | C] () -- C:\Users\User\Desktop\Registry Life.lnk
[2011/08/12 22:48:26 | 120,845,150 | ---- | C] () -- C:\Users\User\Desktop\fm2011_semicolon.csv
[2011/08/12 22:22:25 | 005,025,045 | ---- | C] () -- C:\Users\User\Desktop\FM 2010 14000 players.csv
[2011/08/11 18:07:30 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011/08/10 14:11:22 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Companion.lnk
[2011/08/09 00:25:49 | 000,002,910 | ---- | C] () -- C:\Users\User\Desktop\Freelancer.reg
[2011/08/08 16:59:27 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/08/07 08:39:23 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/07 08:18:05 | 001,132,960 | ---- | C] () -- C:\Users\User\Desktop\Pallati.JPG
[2011/08/07 07:20:02 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare LiveBoot 2012.lnk
[2011/08/06 14:20:53 | 000,077,959 | ---- | C] () -- C:\Users\User\Desktop\Internet.JPG
[2011/08/06 14:10:00 | 000,072,553 | ---- | C] () -- C:\Users\User\Desktop\Capture.JPG
[2011/08/01 14:20:27 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
[2011/07/31 05:32:24 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter 11.lnk
[2011/07/31 05:26:42 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 05:26:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5F471B7158.sys
[2011/07/30 19:04:52 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\STDU Explorer.lnk
[2011/07/29 03:00:31 | 000,000,449 | ---- | C] () -- C:\Users\User\Desktop\Top Youngsters.slf
[2011/07/28 21:14:13 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/28 16:11:15 | 000,895,251 | ---- | C] () -- C:\Users\User\Desktop\Se7en File Replacer.exe
[2011/07/28 04:06:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/07/28 04:06:29 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/07/28 04:06:20 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/07/28 04:06:11 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk
[2011/07/28 01:37:50 | 000,353,752 | ---- | C] () -- C:\Windows\UTP.exe
[2011/07/18 20:58:36 | 000,000,092 | ---- | C] () -- C:\Windows\BackupManager.INI
[2011/07/18 20:57:25 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2011/07/13 03:54:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/07/12 22:24:16 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2011/07/12 22:21:30 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/07/10 07:47:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 003,657,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,659,634 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,120,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 01:11:12 | 000,409,344 | ---- | C] () -- C:\Windows\System32\kscarjei.dat
[2009/07/14 01:11:12 | 000,365,824 | ---- | C] () -- C:\Windows\System32\ebechrld.dat
[2009/07/14 01:11:12 | 000,154,368 | ---- | C] () -- C:\Windows\System32\cqtrojte.dat
[2009/07/14 01:11:12 | 000,138,496 | ---- | C] () -- C:\Windows\System32\oujngjyc.dat
[2009/07/14 01:11:12 | 000,058,112 | ---- | C] () -- C:\Windows\System32\ctemghgp.dat
[2009/07/14 01:11:12 | 000,055,040 | ---- | C] () -- C:\Windows\System32\wrspqyjc.dat
[2009/07/14 01:11:12 | 000,041,728 | ---- | C] () -- C:\Windows\System32\zgjuldaf.dat
[2009/07/14 01:11:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\cjwjudpa.dat
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2011/08/22 12:30:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2011/07/18 20:58:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Backup Manager
[2011/08/26 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011/08/25 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2011/08/13 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ChemTable Software
[2011/07/13 02:11:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Echo Software
[2011/08/18 04:22:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FFSJ
[2011/07/12 22:21:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2011/07/12 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2011/08/24 13:28:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2011/07/18 14:24:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2011/08/19 03:22:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/08/15 05:01:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\qBittorrent
[2011/07/12 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan
[2011/08/21 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Scirra
[2011/07/12 14:56:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sports Interactive
[2011/07/18 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
[2011/08/26 10:02:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tunngle
[2011/07/10 22:59:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TweakNow RegCleaner 2011
[2011/08/18 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2011/07/14 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoudaGames
[2011/07/18 20:58:21 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
[2011/08/25 11:07:15 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\ASOService.job
[2011/08/26 19:00:13 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/08/25 20:05:31 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/08/25 20:10:05 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/08/26 01:26:22 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/08/25 20:15:25 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/08/24 22:18:28 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/08/26 18:25:28 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 1208 bytes -> C:\ProgramData\Microsoft:bXLebRnv0FPMzslUiOVF6
@Alternate Data Stream - 1169 bytes -> C:\Program Files\Common Files\microsoft shared:BUHNHJOEUEUQuMCKmlcFD
@Alternate Data Stream - 1086 bytes -> C:\Users\User\AppData\Local\Temp:bMnd0S4faPk5Eo4BluJvm5
@Alternate Data Stream - 1081 bytes -> C:\ProgramData\Microsoft:dzuC4FVqn1G0VGiLkCvqIh0qb

< End of report >

OTL Extras logfile created on: 8/26/2011 7:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 55.38% Memory free
6.50 Gb Paging File | 5.05 Gb Available in Paging File | 77.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.86 Gb Total Space | 8.63 Gb Free Space | 6.40% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 6.97 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive E: | 82.37 Gb Total Space | 13.51 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
Drive F: | 288.33 Gb Total Space | 34.89 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive H: | 15.65 Gb Total Space | 10.45 Gb Free Space | 66.79% Space Free | Partition Type: HFSJ

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\UX\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23A456C0-A959-2974-E46A-86A9A6DF0C66}" = CCC Help English
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{5109E3B5-F4DA-48CE-9B15-53532BB474B5}" = FL DataStorm
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{702EC1FF-A081-48AE-8363-8D78A0919F86}" = Autodesk DirectConnect 2010 R1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74D12571-0B97-6A9B-3DB3-BC95C2E65192}" = WMV9/VC-1 Video Playback
"{7A181D43-86AE-4362-91BF-5C01A19653D7}_is1" = MiniTool Partition Wizard Professional Edition 6.0
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{81FAB7A0-546F-9D61-D2FA-B4E68D9BFCD3}" = Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A864555-554E-4DE2-BB36-BC4810355525}" = Autodesk MatchMover 2011 32-bit
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4C4162B-C088-4761-A8C0-AE189E1E6BFB}" = Catalyst Control Center Graphics Previews Common
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{ABFA94BE-4FC0-4D4D-B395-645D938B8854}" = Oracle VM VirtualBox 4.1.0
"{AC075837-7071-4c07-B9A1-CF5586060FE1}" = Autodesk Maya 2011 English Documentation 32-bit
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF346D59-7F5B-4CA2-9302-7F4AC3C09C10}" = MacDrive 8
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7F0B0AE-3081-C6D5-04AD-839AA677B97F}" = ccc-utility
"{BA46B248-02F8-344D-1C2A-D2C80CC5DD44}" = Catalyst Control Center InstallProxy
"{BF1A060D-1D28-6743-F99E-ADF60E51502B}" = ATI Catalyst Install Manager
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6621899-839D-46D0-0835-F394BDA37A38}" = AMD Drag and Drop Transcoding
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E4386119-2C33-4023-9836-783F43A90E3C}" = Autodesk Maya 2011 32-bit
"{E6083921-A185-0409-B058-ACB1DB615AD9}" = Autodesk 3ds Max 2012 32-bit - English
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{FEC02973-0781-49C7-9F04-28DA9BAF0372}" = Composite 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"8 Skin Pack" = 8 Skin Pack 3.0-X86(32Bit)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk 3ds Max 2012 32-bit - English" = Autodesk 3ds Max 2012 32-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EasyBCD" = EasyBCD 2.1
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"FlashGet 3.7" = FlashGet 3.7
"FLCompanion-{0A8EB4BA-8147-460B-9B0C-6D5B32F3FF41}" = Freelancer Companion 2.02
"FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00
"Football Manager 2011" = Football Manager 2011
"Freelancer 1.0" = Freelancer
"Full Uninstall_is1" = Full Uninstall version 1.07
"iolo Memory Mechanic_is1" = iolo Memory Mechanic
"iReboot" = iReboot 1.1.1
"Karen's Clipboard Viewer" = Karen's Clipboard Viewer
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.EXCEL" = Microsoft Excel 2010
"Office14.WORD" = Microsoft Word 2010
"OpenAL" = OpenAL
"Recuva" = Recuva
"Registry Life_is1" = Registry Life version 1.31
"SelfImage" = SelfImage 1.2.1
"STDU Explorer_is1" = STDU Explorer version 1.0.434.0
"Tunngle beta_is1" = Tunngle beta
"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011
"UDK-30b0d92f-4987-4389-afbe-f6f48fcb0c24" = Unreal Development Kit: 2011-07
"UDK-91a5e1e7-5a65-44de-8fe5-4ff47059588f" = Unreal Development Kit: 2011-07
"Unity" = Unity
"Unlocker" = Unlocker 1.9.1
"UX 9.0a1 (x86 en-US)" = UX 9.0a1 (x86 en-US)
"Wondershare LiveBoot 2012_is1" = Wondershare LiveBoot 2012 (Build 7.0.1)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2011 9:08:35 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: service.exe, version: 0.0.0.0, time stamp:
0x474ae83b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000002 Faulting process id: 0xe4c Faulting application
start time: 0x01cc638cacc4e75c Faulting application path: C:\Windows\service.exe
Faulting
module path: unknown Report Id: ebc11443-cf7f-11e0-9fcb-000854670e9e

Error - 8/26/2011 11:05:46 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: service.exe, version: 0.0.0.0, time stamp:
0x474ae83b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000002 Faulting process id: 0xd44 Faulting application
start time: 0x01cc6401a131b234 Faulting application path: C:\Windows\service.exe
Faulting
module path: unknown Report Id: dff980d5-cff4-11e0-8ccf-000854670e9e

Error - 8/26/2011 11:10:35 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17514,
time stamp: 0x4ce796f3 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc0000420 Fault offset: 0x000c37b7 Faulting
process id: 0xc6c Faulting application start time: 0x01cc64019e7d01c4 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8c3a12c6-cff5-11e0-8ccf-000854670e9e

Error - 8/26/2011 11:19:39 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_jofaiffg, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc0000374 Fault offset: 0x000c37b7 Faulting
process id: 0x3d8 Faulting application start time: 0x01cc6401901b22eb Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: d05bdd87-cff6-11e0-8ccf-000854670e9e

Error - 8/26/2011 11:52:37 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: service.exe, version: 0.0.0.0, time stamp:
0x474ae83b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000002 Faulting process id: 0xbb4 Faulting application
start time: 0x01cc64082c3da603 Faulting application path: C:\Windows\service.exe
Faulting
module path: unknown Report Id: 6b5b262e-cffb-11e0-89c5-000854670e9e

Error - 8/26/2011 11:57:04 AM | Computer Name = User-PC | Source = VSS | ID = 8194
Description =

Error - 8/26/2011 12:19:02 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17514,
time stamp: 0x4ce796f3 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00059c5f Faulting
process id: 0xabc Faulting application start time: 0x01cc6408288a4256 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 1c2ba8a4-cfff-11e0-89c5-000854670e9e

Error - 8/26/2011 12:25:24 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_jofaiffg, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: jscript.dll, version: 5.8.7601.17562,
time stamp: 0x4d5e04ae Exception code: 0xc0000005 Fault offset: 0x00024c05 Faulting
process id: 0x3a8 Faulting application start time: 0x01cc6408202828b2 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\jscript.dll
Report
Id: ffd13916-cfff-11e0-89c5-000854670e9e

Error - 8/26/2011 1:19:54 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SysInspector.exe, version: 1.2.26.0, time
stamp: 0x4cadafdc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x01b30fd7 Faulting process id: 0x1098 Faulting application
start time: 0x01cc641459ec68c2 Faulting application path: C:\Users\User\Downloads\SysInspector.exe
Faulting
module path: unknown Report Id: 9ca3379f-d007-11e0-89c5-000854670e9e

Error - 8/26/2011 1:20:29 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SysInspector.exe, version: 1.2.26.0, time
stamp: 0x4cadafdc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x01640fd7 Faulting process id: 0xcd0 Faulting application
start time: 0x01cc641469cecdcd Faulting application path: C:\Users\User\Downloads\SysInspector.exe
Faulting
module path: unknown Report Id: b166c494-d007-11e0-89c5-000854670e9e

[ System Events ]
Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Server service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Multimedia Class Scheduler service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/26/2011 12:25:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/26/2011 12:27:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

< End of report >

#2
Essexboy

Posted 26 August 2011 - 12:58 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there what antivirus are you using ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - [2011/08/25 20:16:28 | 000,159,232 | ---- | M] () -- C:\Windows\System32\drivers\kmhfoot.exe
PRC - [2011/08/25 20:15:59 | 000,226,304 | ---- | M] () -- C:\Windows\System32\drivers\svajnager.exe
MOD - [2011/08/25 20:17:20 | 000,812,032 | ---- | M] () -- C:\Windows\System32\vnfuiwqq.dll
SRV - File not found [Auto | Stopped] -- -- (zsubwnxaon)
SRV - [2011/08/25 20:17:20 | 000,812,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\vnfuiwqq.dll -- (jofaiffg)
SRV - [2011/08/25 20:16:28 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Windows\System32\drivers\kmhfoot.exe -- (kmhfoot)
SRV - [2011/08/25 20:15:59 | 000,226,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\drivers\svajnager.exe -- (svajnag)
O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O2 - BHO: () - {E9AF00D1-5B6E-7E84-C833-22575AEBFD8B} - C:\Windows\System32\vnfuiwqq.dll ()
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [WinDLL (service.exe)] C:\Windows\service.exe ()
O20 - Winlogon\Notify\tumioro: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\tumioro.dll - C:\Windows\System32\config\systemprofile\AppData\Local\tumioro.dll ()
2011/08/25 20:17:20 | 000,812,032 | ---- | M] () -- C:\Windows\System32\vnfuiwqq.dll
[2011/08/25 20:16:28 | 000,159,232 | ---- | M] () -- C:\Windows\System32\drivers\kmhfoot.exe
[2011/08/25 20:16:27 | 000,016,437 | ---- | M] () -- C:\Windows\System32\drivers\str.sys
[2011/08/25 20:16:12 | 000,062,464 | ---- | M] () -- C:\Windows\service.exe
[2011/08/25 20:15:59 | 000,226,304 | ---- | M] () -- C:\Windows\System32\drivers\svajnager.exe
[2011/08/25 20:15:59 | 000,000,017 | ---- | M] () -- C:\Windows\keys.ini
[2011/08/25 19:00:11 | 000,071,527 | -HS- | M] (SenseLog LLC) -- C:\Windows\digtss.exe
[2011/08/25 19:00:08 | 000,065,894 | -HS- | M] (SenseLog LLC) -- C:\Windows\pfbstar.exe
[2011/08/25 19:00:05 | 000,071,527 | -HS- | M] (SenseLog LLC) -- C:\Windows\cpdat.exe
[2011/08/25 19:00:02 | 000,071,526 | -HS- | M] (SenseLog LLC) -- C:\Windows\ptw32.exe

:Files
ipconfig /flushdns /c
C:\Windows\tasks\At*.job

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
Albano Nano

Posted 26 August 2011 - 01:44 PM

New Member

Topic Starter
Member
5 posts

Here is my OTL log

OTL logfile created on: 8/26/2011 9:13:02 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 72.92% Memory free
6.50 Gb Paging File | 5.48 Gb Available in Paging File | 84.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.86 Gb Total Space | 8.24 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 6.97 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive E: | 82.37 Gb Total Space | 13.48 Gb Free Space | 16.37% Space Free | Partition Type: NTFS
Drive F: | 288.33 Gb Total Space | 34.89 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive H: | 15.65 Gb Total Space | 10.45 Gb Free Space | 66.79% Space Free | Partition Type: HFSJ

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/26 19:25:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/08/24 23:44:09 | 000,917,504 | ---- | M] (Mozilla Corporation) -- C:\Program Files\UX\firefox.exe
PRC - [2011/08/24 23:44:09 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Program Files\UX\plugin-container.exe
PRC - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/05 17:33:52 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/05 17:33:46 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
PRC - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009/11/07 15:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2009/09/15 12:51:40 | 000,017,408 | ---- | M] () -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/24 23:44:09 | 001,953,792 | ---- | M] () -- C:\Program Files\UX\mozjs.dll
MOD - [2011/07/10 08:07:04 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/07/14 01:11:12 | 000,812,032 | ---- | M] () -- C:\Windows\System32\vnfuiwqq.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/07/12 04:54:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/10 23:31:32 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32)
SRV - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009/11/07 15:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2009/09/15 12:51:40 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe -- (iReboot)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:11:12 | 000,812,032 | ---- | M] () [Auto | Running] -- C:\Windows\System32\vnfuiwqq.dll -- (jofaiffg)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV - [2011/07/19 13:18:42 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/07/19 13:18:40 | 000,158,000 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/07/19 13:18:40 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/07/19 13:18:40 | 000,093,488 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/06/05 17:33:58 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/06/05 17:33:13 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\TsUsbGD.sys -- (TsUsbGD)
DRV - [2011/05/06 14:30:36 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 14:30:28 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/10/07 15:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/05/12 14:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/07/14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 99 0E 92 E3 60 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\UX 9.0a1\extensions\\Components: C:\Program Files\UX\components [2011/08/24 23:44:09 | 000,000,000 | ---D | M]

[2011/08/22 17:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
File not found (No name found) --

O1 HOSTS File: ([2011/08/26 21:06:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\User\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: () - {E9AF00D1-5B6E-7E84-C833-22575AEBFD8B} - C:\Windows\System32\vnfuiwqq.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.13.2 10.2.1.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/26 21:05:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/26 19:14:51 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/26 18:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/26 18:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/26 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/26 03:09:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Windows Loader
[2011/08/25 16:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2011/08/24 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\KONAMI
[2011/08/24 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2011/08/24 13:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GHISLER
[2011/08/23 20:23:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\UniExtract
[2011/08/23 20:10:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Installshield 2011 Cab Viewer
[2011/08/23 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Codemasters
[2011/08/23 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/08/23 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Grid
[2011/08/22 17:24:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2011/08/22 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\maya
[2011/08/22 12:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alias Shared
[2011/08/22 03:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\CryEngine3
[2011/08/22 01:34:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Google
[2011/08/22 01:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/08/22 01:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/21 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Scirra
[2011/08/21 17:03:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/08/21 17:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Scirra
[2011/08/21 13:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Leadwerks Engine SDK
[2011/08/20 19:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\UX
[2011/08/20 10:37:20 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\USB
[2011/08/20 03:09:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\GameStart
[2011/08/20 03:08:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameStart
[2011/08/20 03:08:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/08/20 03:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/08/20 03:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\GameStart
[2011/08/19 22:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2011/08/19 22:25:58 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\World
[2011/08/19 14:56:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2011/08/19 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2011/08/19 05:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
[2011/08/19 04:58:19 | 000,000,000 | ---D | C] -- C:\UDK
[2011/08/19 03:22:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/08/19 01:59:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2011/08/18 04:22:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FFSJ
[2011/08/17 22:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Unity3D Tutorials
[2011/08/17 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2011/08/17 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2011/08/17 14:22:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Unity
[2011/08/17 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PACE Anti-Piracy
[2011/08/17 14:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2011/08/17 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Unity
[2011/08/17 14:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2011/08/15 05:01:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Downloads
[2011/08/15 04:59:06 | 000,000,000 | ---D | C] -- C:\Users\User\ultracopier
[2011/08/15 04:58:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\qBittorrent
[2011/08/15 04:58:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\qBittorrent
[2011/08/14 17:09:00 | 000,000,000 | ---D | C] -- C:\Gjera te Zbritura
[2011/08/13 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FL DataStorm
[2011/08/13 15:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\FL DataStorm
[2011/08/13 11:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/13 08:22:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ChemTable Software
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Uninstall
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Full Uninstall
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ChemTable Software
[2011/08/13 08:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life
[2011/08/13 08:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Life
[2011/08/12 22:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2011/08/12 19:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/08/12 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011/08/11 18:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/08/10 14:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Freelancer Companion
[2011/08/08 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/08/07 08:39:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PunkBuster
[2011/08/07 07:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spotmau
[2011/08/07 07:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/08/07 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/08/05 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/04 18:02:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/08/03 05:04:15 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\iMacros
[2011/08/01 14:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Mod Manager
[2011/08/01 14:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Freelancer Mod Manager
[2011/07/31 05:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011/07/31 05:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2011/07/31 05:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/07/31 05:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2011/07/31 05:26:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Corel
[2011/07/31 02:34:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Games
[2011/07/31 02:34:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Freelancer
[2011/07/31 02:33:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/31 01:52:44 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Tunngle
[2011/07/30 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STDUtility
[2011/07/30 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\STDUtility
[2011/07/30 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\STDU Explorer
[2011/07/30 18:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\EIGHT- start page
[2011/07/29 23:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2011/07/29 11:56:53 | 000,000,000 | ---D | C] -- C:\Users\User\VirtualBox VMs
[2011/07/28 22:31:49 | 000,000,000 | ---D | C] -- C:\Users\User\.VirtualBox
[2011/07/28 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011/07/28 21:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/07/28 17:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8 Skin Pack
[2011/07/28 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/07/28 16:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/07/28 16:30:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Chromium
[2011/07/28 16:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Skin Pack
[2011/07/28 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\MetroClock
[2011/07/28 16:19:23 | 000,000,000 | -H-D | C] -- C:\Windows\8 Skin Pack
[2011/07/28 16:19:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\TempDIR
[2011/07/28 04:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Professional Edition 6.0
[2011/07/28 04:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Professional Edition 6.0
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SelfImage
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SelfImage
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\SelfImage
[2011/07/28 03:20:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/07/28 03:05:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VMware
[2011/07/28 03:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware

========== Files - Modified Within 30 Days ==========

[2011/08/26 21:09:46 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/08/26 21:09:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/26 21:09:36 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/26 21:08:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011/08/26 21:06:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/26 20:44:42 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 20:44:42 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 18:37:50 | 000,001,244 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/26 18:37:50 | 000,001,220 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 03:10:13 | 000,289,967 | RHS- | M] () -- C:\UERXV
[2011/08/26 03:10:13 | 000,000,000 | RHS- | M] () -- C:\bscu.ld
[2011/08/26 01:59:35 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/08/25 16:30:01 | 000,001,443 | ---- | M] () -- C:\Users\User\Desktop\BurnAware Free.lnk
[2011/08/25 16:29:33 | 000,000,072 | ---- | M] () -- C:\Users\User\AppData\Roaming\burnaware.ini
[2011/08/25 11:07:15 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/08/23 18:57:47 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/08/23 18:57:16 | 000,000,582 | ---- | M] () -- C:\Users\User\Desktop\Race Driver GRID.lnk
[2011/08/23 11:57:08 | 000,659,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/23 11:57:08 | 000,120,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/22 17:24:51 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\UX.lnk
[2011/08/22 12:22:31 | 000,001,120 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2011.lnk
[2011/08/22 12:22:31 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/08/22 00:05:11 | 012,723,595 | ---- | M] () -- C:\Users\User\Desktop\CryENGINE_3_Cookbook.pdf
[2011/08/21 13:12:37 | 000,001,041 | ---- | M] () -- C:\Users\User\Desktop\LeadWerks Engine Editor.lnk
[2011/08/20 03:08:36 | 000,001,079 | ---- | M] () -- C:\Users\User\Desktop\GameStart Editor.lnk
[2011/08/17 15:27:14 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/08/13 15:12:54 | 000,001,991 | ---- | M] () -- C:\Users\User\Desktop\FL DataStorm v4.0.lnk
[2011/08/13 08:26:33 | 000,001,036 | ---- | M] () -- C:\Users\User\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/13 08:26:32 | 000,001,024 | ---- | M] () -- C:\Users\User\Desktop\Registry Life.lnk
[2011/08/12 00:10:54 | 000,000,927 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/08/12 00:10:54 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/08/11 18:07:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011/08/09 00:25:49 | 000,002,910 | ---- | M] () -- C:\Users\User\Desktop\Freelancer.reg
[2011/08/08 16:59:27 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/08/07 07:20:02 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare LiveBoot 2012.lnk
[2011/08/06 14:20:53 | 000,077,959 | ---- | M] () -- C:\Users\User\Desktop\Internet.JPG
[2011/08/06 14:10:01 | 000,072,553 | ---- | M] () -- C:\Users\User\Desktop\Capture.JPG
[2011/08/01 14:20:27 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
[2011/07/31 19:50:45 | 003,657,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/31 05:34:26 | 000,003,140 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 05:33:21 | 000,000,088 | RHS- | M] () -- C:\ProgramData\5F471B7158.sys
[2011/07/30 19:04:52 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\STDU Explorer.lnk
[2011/07/29 22:33:40 | 000,000,449 | ---- | M] () -- C:\Users\User\Desktop\Top Youngsters.slf
[2011/07/28 21:14:13 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/28 16:08:36 | 000,353,752 | ---- | M] () -- C:\Windows\UTP.exe
[2011/07/28 04:06:11 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk

========== Files Created - No Company Name ==========

[2011/08/26 21:09:44 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/08/26 18:37:50 | 000,001,244 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/26 18:37:50 | 000,001,220 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 03:10:13 | 000,289,967 | RHS- | C] () -- C:\UERXV
[2011/08/26 03:10:13 | 000,000,000 | RHS- | C] () -- C:\bscu.ld
[2011/08/25 16:30:01 | 000,001,443 | ---- | C] () -- C:\Users\User\Desktop\BurnAware Free.lnk
[2011/08/25 16:29:32 | 000,000,072 | ---- | C] () -- C:\Users\User\AppData\Roaming\burnaware.ini
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2011/08/23 18:57:16 | 000,000,582 | ---- | C] () -- C:\Users\User\Desktop\Race Driver GRID.lnk
[2011/08/22 17:24:51 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UX.lnk
[2011/08/22 17:24:51 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\UX.lnk
[2011/08/22 12:22:31 | 000,001,120 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2011.lnk
[2011/08/22 12:22:31 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/08/22 00:05:06 | 012,723,595 | ---- | C] () -- C:\Users\User\Desktop\CryENGINE_3_Cookbook.pdf
[2011/08/21 13:12:37 | 000,001,041 | ---- | C] () -- C:\Users\User\Desktop\LeadWerks Engine Editor.lnk
[2011/08/20 03:08:36 | 000,001,079 | ---- | C] () -- C:\Users\User\Desktop\GameStart Editor.lnk
[2011/08/17 15:27:14 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/08/13 15:12:54 | 000,001,991 | ---- | C] () -- C:\Users\User\Desktop\FL DataStorm v4.0.lnk
[2011/08/13 11:46:47 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/08/13 11:46:16 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/08/13 11:46:00 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/08/13 11:45:07 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/08/13 11:45:03 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/08/13 08:21:54 | 000,001,036 | ---- | C] () -- C:\Users\User\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/13 08:21:53 | 000,001,024 | ---- | C] () -- C:\Users\User\Desktop\Registry Life.lnk
[2011/08/12 22:48:26 | 120,845,150 | ---- | C] () -- C:\Users\User\Desktop\fm2011_semicolon.csv
[2011/08/12 22:22:25 | 005,025,045 | ---- | C] () -- C:\Users\User\Desktop\FM 2010 14000 players.csv
[2011/08/11 18:07:30 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011/08/10 14:11:22 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Companion.lnk
[2011/08/09 00:25:49 | 000,002,910 | ---- | C] () -- C:\Users\User\Desktop\Freelancer.reg
[2011/08/08 16:59:27 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/08/07 08:39:23 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/07 08:18:05 | 001,132,960 | ---- | C] () -- C:\Users\User\Desktop\Pallati.JPG
[2011/08/07 07:20:02 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare LiveBoot 2012.lnk
[2011/08/06 14:20:53 | 000,077,959 | ---- | C] () -- C:\Users\User\Desktop\Internet.JPG
[2011/08/06 14:10:00 | 000,072,553 | ---- | C] () -- C:\Users\User\Desktop\Capture.JPG
[2011/08/01 14:20:27 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
[2011/07/31 05:32:24 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter 11.lnk
[2011/07/31 05:26:42 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 05:26:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5F471B7158.sys
[2011/07/30 19:04:52 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\STDU Explorer.lnk
[2011/07/29 03:00:31 | 000,000,449 | ---- | C] () -- C:\Users\User\Desktop\Top Youngsters.slf
[2011/07/28 21:14:13 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/28 16:11:15 | 000,895,251 | ---- | C] () -- C:\Users\User\Desktop\Se7en File Replacer.exe
[2011/07/28 04:06:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/07/28 04:06:29 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/07/28 04:06:20 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/07/28 04:06:11 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk
[2011/07/28 01:37:50 | 000,353,752 | ---- | C] () -- C:\Windows\UTP.exe
[2011/07/18 20:58:36 | 000,000,092 | ---- | C] () -- C:\Windows\BackupManager.INI
[2011/07/18 20:57:25 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2011/07/13 03:54:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/07/12 22:24:16 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2011/07/12 22:21:30 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/07/10 07:47:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 003,657,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,659,634 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,120,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 01:11:12 | 000,812,032 | ---- | C] () -- C:\Windows\System32\vnfuiwqq.dll
[2009/07/14 01:11:12 | 000,409,344 | ---- | C] () -- C:\Windows\System32\kscarjei.dat
[2009/07/14 01:11:12 | 000,365,824 | ---- | C] () -- C:\Windows\System32\ebechrld.dat
[2009/07/14 01:11:12 | 000,154,368 | ---- | C] () -- C:\Windows\System32\cqtrojte.dat
[2009/07/14 01:11:12 | 000,138,496 | ---- | C] () -- C:\Windows\System32\oujngjyc.dat
[2009/07/14 01:11:12 | 000,058,112 | ---- | C] () -- C:\Windows\System32\ctemghgp.dat
[2009/07/14 01:11:12 | 000,055,040 | ---- | C] () -- C:\Windows\System32\wrspqyjc.dat
[2009/07/14 01:11:12 | 000,041,728 | ---- | C] () -- C:\Windows\System32\zgjuldaf.dat
[2009/07/14 01:11:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\cjwjudpa.dat
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2011/08/22 12:30:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2011/07/18 20:58:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Backup Manager
[2011/08/26 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011/08/25 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2011/08/13 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ChemTable Software
[2011/07/13 02:11:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Echo Software
[2011/08/18 04:22:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FFSJ
[2011/07/12 22:21:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2011/07/12 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2011/08/24 13:28:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2011/07/18 14:24:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2011/08/19 03:22:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/08/15 05:01:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\qBittorrent
[2011/07/12 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan
[2011/08/21 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Scirra
[2011/07/12 14:56:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sports Interactive
[2011/07/18 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
[2011/08/26 10:02:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tunngle
[2011/07/10 22:59:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TweakNow RegCleaner 2011
[2011/08/18 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2011/07/14 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoudaGames
[2011/07/18 20:58:21 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
[2011/08/25 11:07:15 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\ASOService.job
[2011/08/26 21:09:46 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/08/26 18:25:28 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 1208 bytes -> C:\ProgramData\Microsoft:bXLebRnv0FPMzslUiOVF6
@Alternate Data Stream - 1169 bytes -> C:\Program Files\Common Files\microsoft shared:BUHNHJOEUEUQuMCKmlcFD
@Alternate Data Stream - 1086 bytes -> C:\Users\User\AppData\Local\Temp:bMnd0S4faPk5Eo4BluJvm5
@Alternate Data Stream - 1081 bytes -> C:\ProgramData\Microsoft:dzuC4FVqn1G0VGiLkCvqIh0qb

< End of report >

aswMBR Log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-26 21:19:36
-----------------------------
21:19:36.341 OS Version: Windows 6.1.7601 Service Pack 1
21:19:36.341 Number of processors: 2 586 0xF0D
21:19:36.342 ComputerName: USER-PC UserName: User
21:19:38.112 Initialize success
21:39:59.642 AVAST engine defs: 11082600
21:40:25.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:40:25.949 Disk 0 Vendor: ST3250318AS CC37 Size: 238475MB BusType: 3
21:40:25.953 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
21:40:25.956 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
21:40:27.979 Disk 0 MBR read successfully
21:40:27.982 Disk 0 MBR scan
21:40:27.987 Disk 0 Windows 7 default MBR code
21:40:27.990 Disk 0 scanning sectors +488392065
21:40:28.071 Disk 0 scanning C:\Windows\system32\drivers
21:40:37.980 Service scanning
21:40:39.415 Modules scanning
21:40:46.944 Disk 0 trace - called modules:
21:40:46.956 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:40:47.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f23a38]
21:40:47.289 3 CLASSPNP.SYS[8c9d359e] -> nt!IofCallDriver -> [0x86a4b918]
21:40:47.293 5 ACPI.sys[8c4483d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x861a0610]
21:40:49.936 AVAST engine scan C:\Windows
21:40:51.992 AVAST engine scan C:\Windows\system32
21:42:28.943 File: C:\Windows\system32\vnfuiwqq.dll **INFECTED** Win32:Malware-gen
21:42:43.596 AVAST engine scan C:\Windows\system32\drivers
21:42:54.994 AVAST engine scan C:\Users\User
21:43:16.306 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
21:43:16.311 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

#4
Essexboy

Posted 26 August 2011 - 01:54 PM

GeekU Moderator

Retired Staff
69,964 posts

What is your antivirus please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2009/07/14 01:11:12 | 000,812,032 | ---- | M] () [Auto | Running] -- C:\Windows\System32\vnfuiwqq.dll -- (jofaiffg)
O2 - BHO: () - {E9AF00D1-5B6E-7E84-C833-22575AEBFD8B} - C:\Windows\System32\vnfuiwqq.dll ()
[2009/07/14 01:11:12 | 000,812,032 | ---- | C] () -- C:\Windows\System32\vnfuiwqq.dll
[2009/07/14 01:11:12 | 000,409,344 | ---- | C] () -- C:\Windows\System32\kscarjei.dat
[2009/07/14 01:11:12 | 000,365,824 | ---- | C] () -- C:\Windows\System32\ebechrld.dat
[2009/07/14 01:11:12 | 000,154,368 | ---- | C] () -- C:\Windows\System32\cqtrojte.dat
[2009/07/14 01:11:12 | 000,138,496 | ---- | C] () -- C:\Windows\System32\oujngjyc.dat
[2009/07/14 01:11:12 | 000,058,112 | ---- | C] () -- C:\Windows\System32\ctemghgp.dat
[2009/07/14 01:11:12 | 000,055,040 | ---- | C] () -- C:\Windows\System32\wrspqyjc.dat
[2009/07/14 01:11:12 | 000,041,728 | ---- | C] () -- C:\Windows\System32\zgjuldaf.dat
[2009/07/14 01:11:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\cjwjudpa.dat
@Alternate Data Stream - 1208 bytes -> C:\ProgramData\Microsoft:bXLebRnv0FPMzslUiOVF6
@Alternate Data Stream - 1169 bytes -> C:\Program Files\Common Files\microsoft shared:BUHNHJOEUEUQuMCKmlcFD
@Alternate Data Stream - 1086 bytes -> C:\Users\User\AppData\Local\Temp:bMnd0S4faPk5Eo4BluJvm5
@Alternate Data Stream - 1081 bytes -> C:\ProgramData\Microsoft:dzuC4FVqn1G0VGiLkCvqIh0qb

:Files
ipconfig /flushdns /c
C:\Windows\tasks\At*.job

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to delete:
C:\Windows\System32\vnfuiwqq.dll 
Drivers to delete:
jofaiffg

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Accept the disclaimer
Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

#5
Albano Nano

Posted 26 August 2011 - 02:12 PM

New Member

Topic Starter
Member
5 posts

OTL log

OTL logfile created on: 8/26/2011 10:04:01 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 74.05% Memory free
6.50 Gb Paging File | 5.54 Gb Available in Paging File | 85.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.86 Gb Total Space | 8.23 Gb Free Space | 6.10% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 6.97 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive E: | 82.37 Gb Total Space | 13.48 Gb Free Space | 16.37% Space Free | Partition Type: NTFS
Drive F: | 288.33 Gb Total Space | 34.89 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive H: | 15.65 Gb Total Space | 10.45 Gb Free Space | 66.79% Space Free | Partition Type: HFSJ

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/26 19:25:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/08/24 23:44:09 | 000,917,504 | ---- | M] (Mozilla Corporation) -- C:\Program Files\UX\firefox.exe
PRC - [2011/08/24 23:44:09 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Program Files\UX\plugin-container.exe
PRC - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/05 17:33:52 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/05 17:33:46 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
PRC - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009/11/07 15:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2009/09/15 12:51:40 | 000,017,408 | ---- | M] () -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/24 23:44:09 | 001,953,792 | ---- | M] () -- C:\Program Files\UX\mozjs.dll
MOD - [2011/07/10 08:07:04 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/07/14 01:11:12 | 000,812,032 | ---- | M] () -- C:\Windows\System32\vnfuiwqq.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/07/12 04:54:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/10 23:31:32 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32)
SRV - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009/11/07 15:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2009/09/15 12:51:40 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe -- (iReboot)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:11:12 | 000,812,032 | ---- | M] () [Auto | Running] -- C:\Windows\System32\vnfuiwqq.dll -- (jofaiffg)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV - [2011/07/19 13:18:42 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/07/19 13:18:40 | 000,158,000 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/07/19 13:18:40 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/07/19 13:18:40 | 000,093,488 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/06/05 17:33:58 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/06/05 17:33:13 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\TsUsbGD.sys -- (TsUsbGD)
DRV - [2011/05/06 14:30:36 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 14:30:28 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/10/07 15:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/05/12 14:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/07/14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 99 0E 92 E3 60 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\UX 9.0a1\extensions\\Components: C:\Program Files\UX\components [2011/08/24 23:44:09 | 000,000,000 | ---D | M]

[2011/08/22 17:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
File not found (No name found) --

O1 HOSTS File: ([2011/08/26 22:00:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\User\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: () - {E9AF00D1-5B6E-7E84-C833-22575AEBFD8B} - C:\Windows\System32\vnfuiwqq.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.13.2 10.2.1.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/26 21:19:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2011/08/26 21:05:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/26 19:14:51 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/26 18:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/26 18:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/26 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/26 03:09:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Windows Loader
[2011/08/25 16:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2011/08/24 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\KONAMI
[2011/08/24 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2011/08/24 13:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GHISLER
[2011/08/23 20:23:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\UniExtract
[2011/08/23 20:10:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Installshield 2011 Cab Viewer
[2011/08/23 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Codemasters
[2011/08/23 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/08/23 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Grid
[2011/08/22 17:24:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2011/08/22 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\maya
[2011/08/22 12:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alias Shared
[2011/08/22 03:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\CryEngine3
[2011/08/22 01:34:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Google
[2011/08/22 01:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/08/22 01:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/21 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Scirra
[2011/08/21 17:03:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/08/21 17:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Scirra
[2011/08/21 13:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Leadwerks Engine SDK
[2011/08/20 19:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\UX
[2011/08/20 10:37:20 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\USB
[2011/08/20 03:09:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\GameStart
[2011/08/20 03:08:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameStart
[2011/08/20 03:08:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/08/20 03:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/08/20 03:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\GameStart
[2011/08/19 22:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2011/08/19 22:25:58 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\World
[2011/08/19 14:56:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2011/08/19 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2011/08/19 05:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
[2011/08/19 04:58:19 | 000,000,000 | ---D | C] -- C:\UDK
[2011/08/19 03:22:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/08/19 01:59:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2011/08/18 04:22:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FFSJ
[2011/08/17 22:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Unity3D Tutorials
[2011/08/17 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2011/08/17 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2011/08/17 14:22:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Unity
[2011/08/17 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PACE Anti-Piracy
[2011/08/17 14:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2011/08/17 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Unity
[2011/08/17 14:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2011/08/15 05:01:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Downloads
[2011/08/15 04:59:06 | 000,000,000 | ---D | C] -- C:\Users\User\ultracopier
[2011/08/15 04:58:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\qBittorrent
[2011/08/15 04:58:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\qBittorrent
[2011/08/14 17:09:00 | 000,000,000 | ---D | C] -- C:\Gjera te Zbritura
[2011/08/13 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FL DataStorm
[2011/08/13 15:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\FL DataStorm
[2011/08/13 11:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/13 08:22:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ChemTable Software
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Uninstall
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Full Uninstall
[2011/08/13 08:21:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ChemTable Software
[2011/08/13 08:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life
[2011/08/13 08:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Life
[2011/08/12 22:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2011/08/12 19:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/08/12 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011/08/11 18:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/08/10 14:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Freelancer Companion
[2011/08/08 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/08/07 08:39:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PunkBuster
[2011/08/07 07:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spotmau
[2011/08/07 07:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/08/07 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/08/05 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/04 18:02:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/08/03 05:04:15 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\iMacros
[2011/08/01 14:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Mod Manager
[2011/08/01 14:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Freelancer Mod Manager
[2011/07/31 05:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011/07/31 05:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2011/07/31 05:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/07/31 05:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2011/07/31 05:26:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Corel
[2011/07/31 02:34:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Games
[2011/07/31 02:34:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Freelancer
[2011/07/31 02:33:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/31 01:52:44 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Tunngle
[2011/07/30 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STDUtility
[2011/07/30 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\STDUtility
[2011/07/30 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\STDU Explorer
[2011/07/30 18:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\EIGHT- start page
[2011/07/29 23:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2011/07/29 11:56:53 | 000,000,000 | ---D | C] -- C:\Users\User\VirtualBox VMs
[2011/07/28 22:31:49 | 000,000,000 | ---D | C] -- C:\Users\User\.VirtualBox
[2011/07/28 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011/07/28 21:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/07/28 17:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8 Skin Pack
[2011/07/28 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/07/28 16:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/07/28 16:30:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Chromium
[2011/07/28 16:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Skin Pack
[2011/07/28 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\MetroClock
[2011/07/28 16:19:23 | 000,000,000 | -H-D | C] -- C:\Windows\8 Skin Pack
[2011/07/28 16:19:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\TempDIR
[2011/07/28 04:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Professional Edition 6.0
[2011/07/28 04:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Professional Edition 6.0
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SelfImage
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SelfImage
[2011/07/28 03:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\SelfImage
[2011/07/28 03:20:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/07/28 03:05:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VMware
[2011/07/28 03:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware

========== Files - Modified Within 30 Days ==========

[2011/08/26 22:01:37 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/08/26 22:01:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/26 22:01:26 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/26 22:00:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011/08/26 22:00:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/26 21:19:30 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2011/08/26 21:16:50 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 21:16:50 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 18:37:50 | 000,001,244 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/26 18:37:50 | 000,001,220 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 03:10:13 | 000,289,967 | RHS- | M] () -- C:\UERXV
[2011/08/26 03:10:13 | 000,000,000 | RHS- | M] () -- C:\bscu.ld
[2011/08/26 01:59:35 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/08/25 16:30:01 | 000,001,443 | ---- | M] () -- C:\Users\User\Desktop\BurnAware Free.lnk
[2011/08/25 16:29:33 | 000,000,072 | ---- | M] () -- C:\Users\User\AppData\Roaming\burnaware.ini
[2011/08/25 11:07:15 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/08/23 18:57:47 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/08/23 18:57:16 | 000,000,582 | ---- | M] () -- C:\Users\User\Desktop\Race Driver GRID.lnk
[2011/08/23 11:57:08 | 000,659,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/23 11:57:08 | 000,120,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/22 17:24:51 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\UX.lnk
[2011/08/22 12:22:31 | 000,001,120 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2011.lnk
[2011/08/22 12:22:31 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/08/22 00:05:11 | 012,723,595 | ---- | M] () -- C:\Users\User\Desktop\CryENGINE_3_Cookbook.pdf
[2011/08/21 13:12:37 | 000,001,041 | ---- | M] () -- C:\Users\User\Desktop\LeadWerks Engine Editor.lnk
[2011/08/20 03:08:36 | 000,001,079 | ---- | M] () -- C:\Users\User\Desktop\GameStart Editor.lnk
[2011/08/17 15:27:14 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/08/13 15:12:54 | 000,001,991 | ---- | M] () -- C:\Users\User\Desktop\FL DataStorm v4.0.lnk
[2011/08/13 08:26:33 | 000,001,036 | ---- | M] () -- C:\Users\User\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/13 08:26:32 | 000,001,024 | ---- | M] () -- C:\Users\User\Desktop\Registry Life.lnk
[2011/08/12 00:10:54 | 000,000,927 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/08/12 00:10:54 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/08/11 18:07:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011/08/09 00:25:49 | 000,002,910 | ---- | M] () -- C:\Users\User\Desktop\Freelancer.reg
[2011/08/08 16:59:27 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/08/07 07:20:02 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare LiveBoot 2012.lnk
[2011/08/06 14:20:53 | 000,077,959 | ---- | M] () -- C:\Users\User\Desktop\Internet.JPG
[2011/08/06 14:10:01 | 000,072,553 | ---- | M] () -- C:\Users\User\Desktop\Capture.JPG
[2011/08/01 14:20:27 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
[2011/07/31 19:50:45 | 003,657,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/31 05:34:26 | 000,003,140 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 05:33:21 | 000,000,088 | RHS- | M] () -- C:\ProgramData\5F471B7158.sys
[2011/07/30 19:04:52 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\STDU Explorer.lnk
[2011/07/29 22:33:40 | 000,000,449 | ---- | M] () -- C:\Users\User\Desktop\Top Youngsters.slf
[2011/07/28 21:14:13 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/28 16:08:36 | 000,353,752 | ---- | M] () -- C:\Windows\UTP.exe
[2011/07/28 04:06:11 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk

========== Files Created - No Company Name ==========

[2011/08/26 22:01:35 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/08/26 18:37:50 | 000,001,244 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/26 18:37:50 | 000,001,220 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/08/26 03:10:13 | 000,289,967 | RHS- | C] () -- C:\UERXV
[2011/08/26 03:10:13 | 000,000,000 | RHS- | C] () -- C:\bscu.ld
[2011/08/25 16:30:01 | 000,001,443 | ---- | C] () -- C:\Users\User\Desktop\BurnAware Free.lnk
[2011/08/25 16:29:32 | 000,000,072 | ---- | C] () -- C:\Users\User\AppData\Roaming\burnaware.ini
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2011/08/24 13:19:58 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2011/08/23 18:57:16 | 000,000,582 | ---- | C] () -- C:\Users\User\Desktop\Race Driver GRID.lnk
[2011/08/22 17:24:51 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UX.lnk
[2011/08/22 17:24:51 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\UX.lnk
[2011/08/22 12:22:31 | 000,001,120 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2011.lnk
[2011/08/22 12:22:31 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/08/22 00:05:06 | 012,723,595 | ---- | C] () -- C:\Users\User\Desktop\CryENGINE_3_Cookbook.pdf
[2011/08/21 13:12:37 | 000,001,041 | ---- | C] () -- C:\Users\User\Desktop\LeadWerks Engine Editor.lnk
[2011/08/20 03:08:36 | 000,001,079 | ---- | C] () -- C:\Users\User\Desktop\GameStart Editor.lnk
[2011/08/17 15:27:14 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/08/13 15:12:54 | 000,001,991 | ---- | C] () -- C:\Users\User\Desktop\FL DataStorm v4.0.lnk
[2011/08/13 11:46:47 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/08/13 11:46:16 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/08/13 11:46:00 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/08/13 11:45:07 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/08/13 11:45:03 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/08/13 08:21:54 | 000,001,036 | ---- | C] () -- C:\Users\User\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/13 08:21:53 | 000,001,024 | ---- | C] () -- C:\Users\User\Desktop\Registry Life.lnk
[2011/08/12 22:48:26 | 120,845,150 | ---- | C] () -- C:\Users\User\Desktop\fm2011_semicolon.csv
[2011/08/12 22:22:25 | 005,025,045 | ---- | C] () -- C:\Users\User\Desktop\FM 2010 14000 players.csv
[2011/08/11 18:07:30 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011/08/10 14:11:22 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Companion.lnk
[2011/08/09 00:25:49 | 000,002,910 | ---- | C] () -- C:\Users\User\Desktop\Freelancer.reg
[2011/08/08 16:59:27 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/08/07 08:39:23 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/07 08:18:05 | 001,132,960 | ---- | C] () -- C:\Users\User\Desktop\Pallati.JPG
[2011/08/07 07:20:02 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare LiveBoot 2012.lnk
[2011/08/06 14:20:53 | 000,077,959 | ---- | C] () -- C:\Users\User\Desktop\Internet.JPG
[2011/08/06 14:10:00 | 000,072,553 | ---- | C] () -- C:\Users\User\Desktop\Capture.JPG
[2011/08/01 14:20:27 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
[2011/07/31 05:32:24 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter 11.lnk
[2011/07/31 05:26:42 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 05:26:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5F471B7158.sys
[2011/07/30 19:04:52 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\STDU Explorer.lnk
[2011/07/29 03:00:31 | 000,000,449 | ---- | C] () -- C:\Users\User\Desktop\Top Youngsters.slf
[2011/07/28 21:14:13 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/28 16:11:15 | 000,895,251 | ---- | C] () -- C:\Users\User\Desktop\Se7en File Replacer.exe
[2011/07/28 04:06:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/07/28 04:06:29 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/07/28 04:06:20 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/07/28 04:06:11 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk
[2011/07/28 01:37:50 | 000,353,752 | ---- | C] () -- C:\Windows\UTP.exe
[2011/07/18 20:58:36 | 000,000,092 | ---- | C] () -- C:\Windows\BackupManager.INI
[2011/07/18 20:57:25 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2011/07/13 03:54:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/07/12 22:24:16 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2011/07/12 22:21:30 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/07/10 07:47:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 003,657,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,659,634 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,120,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 01:11:12 | 000,812,032 | ---- | C] () -- C:\Windows\System32\vnfuiwqq.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2011/08/22 12:30:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2011/07/18 20:58:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Backup Manager
[2011/08/26 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011/08/25 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2011/08/13 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ChemTable Software
[2011/07/13 02:11:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Echo Software
[2011/08/18 04:22:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FFSJ
[2011/07/12 22:21:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2011/07/12 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2011/08/24 13:28:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2011/07/18 14:24:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2011/08/19 03:22:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/08/15 05:01:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\qBittorrent
[2011/07/12 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan
[2011/08/21 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Scirra
[2011/07/12 14:56:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sports Interactive
[2011/07/18 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
[2011/08/26 10:02:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tunngle
[2011/07/10 22:59:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TweakNow RegCleaner 2011
[2011/08/18 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2011/07/14 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoudaGames
[2011/07/18 20:58:21 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
[2011/08/25 11:07:15 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\ASOService.job
[2011/08/26 22:01:37 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/08/26 18:25:28 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

Avenger log

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\System32\vnfuiwqq.dll" deleted successfully.
Driver "jofaiffg" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#6
Essexboy

Posted 26 August 2011 - 03:11 PM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving at the moment ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#7
Albano Nano

Posted 27 August 2011 - 06:02 AM

New Member

Topic Starter
Member
5 posts

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7586

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/27/2011 2:00:00 PM
mbam-log-2011-08-27 (14-00-00).txt

Scan type: Quick scan
Objects scanned: 179493
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\java_is1.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Windows\setups.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#8
Essexboy

Posted 27 August 2011 - 06:27 AM

GeekU Moderator

Retired Staff
69,964 posts

What problems are you experiencing now ?

#9
Essexboy

Posted 31 August 2011 - 01:17 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.