Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot Virus halting my Asus


  • This topic is locked This topic is locked
23 replies to this topic

#1 mondoboss

mondoboss

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 30 June 2011 - 08:45 AM

Hi there. I really hope somebody can help me out with this one here.

My Asus laptop running on Windows 7 has become infected with a boot sector virus. It happened when I finally clicked "okay" on an update alert that I refused at least three times consecutively, and, just like those antivirus commercials, I let Kimbo Slice have his way with my computer.

Now it's stuck in Startup Repair. It runs and says there is no solution. The error that it gives is that "Startup Repair offline." Doing a system restore does not work, and seemingly my only option is to solve the issue in Command Prompt, which I am not experienced in. My computer did not come with any software discs.

I took it to Microcenter (where I bought it), and they confirmed it was a boot virus, and would gladly remove it and save my stuff–for a hefty fee.

I posted on Sevenforums
http://www.sevenforums.com/system-security/172282-asus-laptop-pay-do-myself.html#post1469352
but am unsure about the advice posted there.

I also attempted the advice posted here
http://www.sevenforums.com/tutorials/139576-startup-repair-infinite-loop-recovery.html
But it did not prove fruitful.

What course of action should I take? Thanks!

Edited by hamluis, 30 June 2011 - 11:06 AM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:48 PM

Posted 30 June 2011 - 08:56 AM

Are you able to boot into Safe Mode?

#3 mondoboss

mondoboss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 30 June 2011 - 09:10 AM

No. Occasionally, seemingly at random, I will be given the option, but it always goes back to Startup Repair. Every time I reset it, it, 9.5 times out of ten, goes back to Startup Repair, which cannot find the problem.

#4 mondoboss

mondoboss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 30 June 2011 - 09:17 AM

And I spent a lot of sleepless hours last night looking up this problem. Seems many people have had identical or near-identical symptoms as me, with Vista machines as well as Windows 7, and not just Asus.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:48 AM

Posted 30 June 2011 - 12:29 PM

Hi mondoboss,

Firstly welcome to Bleeping Computer. I will be assisting you with this issue.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 30 June 2011 - 12:57 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logss forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mondoboss

mondoboss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 30 June 2011 - 01:24 PM

Thanks and thanks! I've downloaded the 64-bit Farbar tool and it's on my pen drive. I am at work right now, but will be home with my laptop again in about four hours, and I'll post the results.

Should I empty or back up the other things that are on the pen drive?
Thanks!

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:48 AM

Posted 30 June 2011 - 01:31 PM

:thumbup2:

No need to empty or backup the things you have on the pen drive at this point. The log will be made there but it is just a small text file. However, it is up to you if you wanted do anything with the files on the pen drive.

#9 mondoboss

mondoboss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 30 June 2011 - 01:48 PM

Great, sounds good to me. I'll be back later. :)

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:48 AM

Posted 30 June 2011 - 01:50 PM

:thumbup2:

#11 mondoboss

mondoboss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 01 July 2011 - 01:55 AM

I'm back! Sorry I didn't respond when I said I would; it's been a crazy-busy day/night.

Anywho, below is the pasted text from the scan results. I will say, that in following the path to System Recovery via Advanced Boot Options, I was not given a choice to select my OS.

Anyway, here you are:



Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.2
Ran by SYSTEM at 2011-07-01 02:48:57
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-18] ()
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [49454024 2011-06-17] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-08-12] ()
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GIZMO2] "C:\Program Files (x86)\GIZMO2\GIZMO.exe" -BootProcess [137048 2011-01-21] (ants Inc.)
HKLM-x32\...\Run: []
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [395144 2011-05-17] (Ask)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-06-01] (RealNetworks, Inc.)
HKU\Josh\...\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\Josh\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Josh\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [1015808 2010-10-27] (Ares Development Group)
HKU\Josh\...\Run: [HKCU] C:\Users\Josh\AppData\Roaming\winlog\winlog.exe [531926 2005-12-21] ()
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe [30208 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 66.44.205.4 66.44.213.60


==================== Services (Whitelisted) ======

3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.)
2 AFBAgent; "C:\Windows\system32\FBAgent.exe" [379520 2009-12-07] (ASUSTeK Computer Inc.)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [37664 2011-02-18] (Apple Inc.)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [345376 2010-10-07] (Apple Inc.)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2011-03-13] (Macrovision Europe Ltd.)
3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [533344 2008-12-08] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [934176 2011-03-07] (Apple Inc.)
2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [226640 2008-12-04] (Microsoft Corp.)
2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [859712 2010-10-09] (Trend Micro Inc.)
3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
3 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [570632 2010-02-23] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [917768 2010-02-23] (Trend Micro Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2314240 2009-09-30] (Intel Corporation)
2 YahooAUService; "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" [602392 2008-11-09] (Yahoo! Inc.)

========================== Drivers (Whitlisted) ==============

0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [35384 2010-08-12] (ASUSTek Computer Inc)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1594368 2010-03-02] (Atheros Communications, Inc.)
3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT64.sys [717368 2010-01-18] (Conexant Systems Inc.)
3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [130048 2010-06-09] (ELAN Microelectronic Corp.)
3 fssfltr; C:\Windows\System32\DRIVERS\fssfltr.sys [61792 2008-12-08] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] (GEAR Software Inc.)
3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-13] (Microsoft Corporation)
3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2009-09-17] (Intel Corporation)
0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [408600 2009-08-06] (Intel Corporation)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10611552 2010-08-25] (Intel Corporation)
3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation)
3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-02-02] (Intel® Corporation)
3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [143472 2009-08-18] (JMicron Technology Corporation)
3 JME; C:\Windows\System32\DRIVERS\JME.sys [115312 2010-02-24] (JMicron Technology Corp.)
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-13] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [15928 2009-05-13] (ASUS)
0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-08-12] (Microsoft Corporation)
3 SiSGbeLH; C:\Windows\System32\DRIVERS\SiSG664.sys [56832 2009-06-10] (Silicon Integrated Systems Corp.)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-13] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184832 2010-03-03] (Microsoft Corporation)
2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)
3 WimFltr; C:\Windows\System32\DRIVERS\wimfltr.sys [154168 2008-05-23] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
3 tmlwf; [x]
3 tmwfp; [x]

========================= NetSvcs ============================

============ One Month Created Files and Folders =============

2011-07-01 02:48 - 2011-07-01 02:48 - 0000000 ____D C:\FRST
2011-06-24 19:30 - 2011-06-24 19:30 - 0016441 ____A C:\Users\Josh\Documents\forklift.docx
2011-06-24 18:25 - 2011-06-24 18:25 - 0035024 ____A C:\Users\Josh\Documents\An Angry Man excerpt.pdf
2011-06-21 16:58 - 2011-06-21 16:58 - 0005058 ____A C:\Users\Josh\.recently-used.xbel
2011-06-17 20:52 - 2011-06-17 20:52 - 0000889 ____A C:\Windows\System32\MRT.INI
2011-06-16 16:02 - 2011-05-02 21:21 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-06-16 16:02 - 2011-05-02 20:50 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-06-15 21:01 - 2011-06-15 21:01 - 0853908 ____A C:\Users\Josh\Desktop\Sherry Srothers corrected.zip
2011-06-13 15:18 - 2011-06-13 17:43 - 0000000 ____D C:\Users\Josh\Downloads\LS Models unsorted pictures
2011-06-13 14:56 - 2011-06-13 15:24 - 32684878 ____A C:\Users\Josh\Downloads\GirlsHandjobGame.avi
2011-06-11 08:29 - 2011-06-11 08:29 - 0031135 ____A C:\Users\Josh\Desktop\n1302564748 2.jpg
2011-06-11 08:25 - 2011-06-11 08:25 - 0013184 ____A C:\Users\Josh\Desktop\n1302564748.jpg
2011-06-10 02:22 - 2011-06-10 02:22 - 0003218 ____A C:\Users\Josh\Desktop\s1302564748.jpg
2011-06-10 02:03 - 2011-06-23 20:44 - 0010925 ____A C:\Users\Josh\Documents\Submissions.rtf
2011-06-09 15:05 - 2011-06-09 15:05 - 0000000 ____D C:\Users\Josh\AppData\Roaming\inkscape
2011-06-09 14:47 - 2011-06-13 19:33 - 0000000 ____D C:\Users\Josh\Desktop\My Shared Folder
2011-06-01 23:02 - 2011-06-22 20:57 - 5041258 ___AH C:\Users\Josh\AppData\Local\IconCache.db
2011-06-01 19:09 - 2011-06-13 19:24 - 0000000 ____D C:\Users\Josh\AppData\Local\Ares
2011-06-01 19:08 - 2011-06-01 19:09 - 0000000 ____D C:\Program Files (x86)\Ares
2011-06-01 18:47 - 2011-06-13 19:24 - 0000000 ____D C:\Users\Josh\AppData\Roaming\uTorrent
2011-06-01 18:47 - 2011-06-01 18:47 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-06-01 18:32 - 2011-06-01 18:32 - 0000000 ____D C:\Windows\Sun
2011-06-01 16:50 - 2011-06-30 01:46 - 0000000 ____D C:\Users\All Users\Real
2011-06-01 16:50 - 2011-06-30 01:46 - 0000000 ____D C:\ProgramData\Real
2011-06-01 16:50 - 2011-06-01 16:51 - 0000000 ____D C:\Program Files (x86)\Real
2011-06-01 16:50 - 2011-06-01 16:50 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2011-06-01 16:50 - 2011-06-01 16:50 - 0198848 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2011-06-01 16:50 - 2011-06-01 16:50 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2011-06-01 16:50 - 2011-06-01 16:50 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2011-06-01 16:48 - 2011-06-01 16:51 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Real
2011-06-01 16:47 - 2011-06-01 23:03 - 0000000 ____D C:\Users\Josh\AppData\Local\OpenCandy
2011-06-01 16:47 - 2011-06-01 16:47 - 0000000 ____D C:\Users\Josh\AppData\Roaming\OpenCandy
2011-06-01 16:16 - 2011-06-01 16:47 - 0000000 ____D C:\Program Files (x86)\FrostWire
2011-06-01 14:58 - 2011-06-01 14:58 - 0484808 ____A C:\Users\Josh\Desktop\banners.zip

============ 3 Months Modified Files and Folders =============

2011-07-01 02:48 - 2011-07-01 02:48 - 0000000 ____D C:\FRST
2011-06-30 01:49 - 2011-05-13 16:56 - 0000000 ____D C:\Users\All Users\Yahoo!
2011-06-30 01:49 - 2011-05-13 16:56 - 0000000 ____D C:\ProgramData\Yahoo!
2011-06-30 01:49 - 2011-03-12 11:17 - 0000000 ____D C:\Users\Josh\AppData\Roaming\vlc
2011-06-30 01:49 - 2011-03-12 04:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-30 01:49 - 2011-03-12 04:52 - 0000000 ____D C:\users\Josh
2011-06-30 01:49 - 2010-08-12 23:41 - 0000000 ____D C:\Users\All Users\P4G
2011-06-30 01:49 - 2010-08-12 23:41 - 0000000 ____D C:\ProgramData\P4G
2011-06-30 01:49 - 2010-08-12 23:28 - 0000000 ____D C:\Intel
2011-06-30 01:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wfp
2011-06-30 01:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wbem
2011-06-30 01:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-06-30 01:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-06-30 01:49 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-06-30 01:49 - 2006-06-19 09:22 - 0000000 _RSHD C:\Users\Josh\AppData\Roaming\winlog
2011-06-30 01:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Microsoft.NET
2011-06-30 01:46 - 2011-06-01 16:50 - 0000000 ____D C:\Users\All Users\Real
2011-06-30 01:46 - 2011-06-01 16:50 - 0000000 ____D C:\ProgramData\Real
2011-06-30 01:46 - 2011-05-06 03:40 - 0000000 ___RD C:\Users\Josh\Dropbox
2011-06-30 01:46 - 2011-05-06 03:39 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Dropbox
2011-06-25 00:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-06-24 19:30 - 2011-06-24 19:30 - 0016441 ____A C:\Users\Josh\Documents\forklift.docx
2011-06-24 18:25 - 2011-06-24 18:25 - 0035024 ____A C:\Users\Josh\Documents\An Angry Man excerpt.pdf
2011-06-24 18:25 - 2011-03-12 10:49 - 0000000 ____D C:\Users\Josh\Documents\Writing
2011-06-24 17:12 - 2011-03-13 07:48 - 3054940160 __ASH C:\hiberfil.sys
2011-06-23 20:44 - 2011-06-10 02:03 - 0010925 ____A C:\Users\Josh\Documents\Submissions.rtf
2011-06-22 20:57 - 2011-06-01 23:02 - 5041258 ___AH C:\Users\Josh\AppData\Local\IconCache.db
2011-06-21 17:20 - 2011-05-24 03:39 - 0025600 ____A C:\Users\Josh\Documents\Chris' Midnight Leviathan notes.doc
2011-06-21 17:04 - 2011-05-13 15:44 - 0001456 ____A C:\Users\Josh\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-06-21 16:58 - 2011-06-21 16:58 - 0005058 ____A C:\Users\Josh\.recently-used.xbel
2011-06-17 23:00 - 2010-08-12 22:50 - 1296200 ____A C:\Windows\WindowsUpdate.log
2011-06-17 22:21 - 2010-08-12 23:16 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-06-17 21:00 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-06-17 21:00 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-06-17 20:52 - 2011-06-17 20:52 - 0000889 ____A C:\Windows\System32\MRT.INI
2011-06-17 20:49 - 2011-03-16 03:19 - 49454024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-06-17 20:49 - 2010-08-12 23:16 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-06-16 22:02 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-06-16 22:02 - 2009-07-13 18:36 - 0624178 ____A C:\Windows\System32\perfh009.dat
2011-06-16 22:02 - 2009-07-13 18:36 - 0106522 ____A C:\Windows\System32\perfc009.dat
2011-06-16 16:29 - 2011-03-12 04:53 - 0102112 ____A C:\Users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2011-06-15 21:01 - 2011-06-15 21:01 - 0853908 ____A C:\Users\Josh\Desktop\Sherry Srothers corrected.zip
2011-06-14 19:21 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-06-14 19:21 - 2009-07-13 20:51 - 0038711 ____A C:\Windows\setupact.log
2011-06-13 22:05 - 2011-03-21 20:24 - 0000000 ____D C:\Users\Josh\AppData\Roaming\FrostWire
2011-06-13 19:33 - 2011-06-09 14:47 - 0000000 ____D C:\Users\Josh\Desktop\My Shared Folder
2011-06-13 19:24 - 2011-06-01 19:09 - 0000000 ____D C:\Users\Josh\AppData\Local\Ares
2011-06-13 19:24 - 2011-06-01 18:47 - 0000000 ____D C:\Users\Josh\AppData\Roaming\uTorrent
2011-06-13 17:43 - 2011-06-13 15:18 - 0000000 ____D C:\Users\Josh\Downloads\LS Models unsorted pictures
2011-06-13 15:24 - 2011-06-13 14:56 - 32684878 ____A C:\Users\Josh\Downloads\GirlsHandjobGame.avi
2011-06-11 08:29 - 2011-06-11 08:29 - 0031135 ____A C:\Users\Josh\Desktop\n1302564748 2.jpg
2011-06-11 08:25 - 2011-06-11 08:25 - 0013184 ____A C:\Users\Josh\Desktop\n1302564748.jpg
2011-06-10 02:22 - 2011-06-10 02:22 - 0003218 ____A C:\Users\Josh\Desktop\s1302564748.jpg
2011-06-09 15:05 - 2011-06-09 15:05 - 0000000 ____D C:\Users\Josh\AppData\Roaming\inkscape
2011-06-07 16:59 - 2011-04-06 14:50 - 0000000 ____D C:\Users\Josh\AppData\Roaming\gtk-2.0
2011-06-07 16:59 - 2011-03-12 11:35 - 0000000 ____D C:\Users\Josh\.gimp-2.6
2011-06-07 11:06 - 2009-07-13 20:45 - 8205264 ____A C:\Windows\System32\FNTCACHE.DAT
2011-06-03 16:07 - 2010-08-12 23:27 - 0033790 ____A C:\Windows\PFRO.log
2011-06-03 16:07 - 2009-07-13 19:20 - 0000000 ___RD C:\Program Files (x86)
2011-06-02 15:01 - 2011-03-12 04:52 - 0000000 ____D C:\Users\Josh\AppData\LocalLow
2011-06-01 23:07 - 2010-08-12 23:43 - 0002120 ____A C:\Windows\System32\AutoRunFilter.ini
2011-06-01 23:03 - 2011-06-01 16:47 - 0000000 ____D C:\Users\Josh\AppData\Local\OpenCandy
2011-06-01 20:47 - 2011-03-12 04:53 - 0000000 ____D C:\Users\Josh\AppData\Local\VirtualStore
2011-06-01 19:09 - 2011-06-01 19:08 - 0000000 ____D C:\Program Files (x86)\Ares
2011-06-01 18:47 - 2011-06-01 18:47 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-06-01 18:32 - 2011-06-01 18:32 - 0000000 ____D C:\Windows\Sun
2011-06-01 16:51 - 2011-06-01 16:50 - 0000000 ____D C:\Program Files (x86)\Real
2011-06-01 16:51 - 2011-06-01 16:48 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Real
2011-06-01 16:50 - 2011-06-01 16:50 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2011-06-01 16:50 - 2011-06-01 16:50 - 0198848 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2011-06-01 16:50 - 2011-06-01 16:50 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2011-06-01 16:50 - 2011-06-01 16:50 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2011-06-01 16:47 - 2011-06-01 16:47 - 0000000 ____D C:\Users\Josh\AppData\Roaming\OpenCandy
2011-06-01 16:47 - 2011-06-01 16:16 - 0000000 ____D C:\Program Files (x86)\FrostWire
2011-06-01 16:17 - 2011-05-01 18:10 - 0000000 ____D C:\Users\Josh\FrostWire
2011-06-01 16:16 - 2011-05-01 17:10 - 0000000 ____D C:\Program Files (x86)\Ask.com
2011-06-01 14:58 - 2011-06-01 14:58 - 0484808 ____A C:\Users\Josh\Desktop\banners.zip
2011-05-30 17:08 - 2011-05-30 17:08 - 0000000 ____D C:\Users\Josh\AppData\Local\GIZMO2
2011-05-30 17:08 - 2011-05-30 17:08 - 0000000 ____D C:\Program Files (x86)\UNIQLO SCREENSAVER
2011-05-30 17:07 - 2011-05-30 17:07 - 0000000 ____D C:\Program Files (x86)\GIZMO2
2011-05-30 13:30 - 2011-05-28 12:37 - 0027601 ____A C:\Users\Josh\Documents\UltraSorta 3 and 4 new.odt
2011-05-28 06:40 - 2011-05-06 03:40 - 0001017 ____A C:\Users\Josh\Desktop\Dropbox.lnk
2011-05-28 06:40 - 2011-05-06 03:40 - 0000997 ____A C:\Users\Josh\Start Menu\Programs\Startup\Dropbox.lnk
2011-05-28 06:40 - 2011-05-06 03:40 - 0000997 ____A C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-05-27 16:15 - 2011-03-16 05:58 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Skype
2011-05-27 15:06 - 2011-03-16 06:03 - 0000000 ____D C:\Users\Josh\AppData\Roaming\skypePM
2011-05-25 22:15 - 2011-05-25 22:15 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-05-22 12:54 - 2011-05-22 12:54 - 0013415 ____A C:\Users\Josh\Documents\Leviathan production tasks.odt
2011-05-19 16:26 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-05-19 11:57 - 2011-05-19 11:57 - 0315392 ____A (UNIQLO CO., LTD.) C:\Windows\usw.scr
2011-05-18 16:54 - 2011-03-18 05:21 - 0000000 ___RD C:\Users\Josh\Documents\Scanned Documents
2011-05-17 15:16 - 2011-05-17 15:16 - 0000000 ____D C:\Users\Josh\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-16 14:49 - 2011-03-14 09:42 - 0000000 ____D C:\Users\Josh\AppData\Local\Adobe
2011-05-16 14:31 - 2010-08-12 23:43 - 0001240 ____A C:\Windows\System32\ServiceFilter.ini
2011-05-14 23:10 - 2011-05-14 23:10 - 0000000 ____D C:\Users\Josh\Documents\ASUS
2011-05-14 23:10 - 2011-05-14 23:10 - 0000000 ____D C:\Users\Josh\AppData\Local\ASUS
2011-05-14 23:10 - 2011-05-14 23:10 - 0000000 ____D C:\Users\All Users\ASUS
2011-05-14 23:10 - 2011-05-14 23:10 - 0000000 ____D C:\ProgramData\ASUS
2011-05-14 14:11 - 2011-03-12 10:19 - 0000000 ____D C:\Users\Josh\Graphic Stuffs
2011-05-13 18:14 - 2010-08-12 23:24 - 0000824 ____A C:\Windows\System32\Drivers\etc\tmvsthfud.bin
2011-05-13 18:12 - 2010-08-12 23:24 - 0000824 ____A C:\Windows\System32\Drivers\etc\tmvsthfss.bin
2011-05-13 16:57 - 2011-05-13 16:57 - 0000000 ____D C:\Users\Josh\AppData\Local\Yahoo
2011-05-13 16:57 - 2011-05-13 16:56 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Yahoo!
2011-05-13 16:56 - 2011-05-13 16:56 - 0001143 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2011-05-13 16:56 - 2011-05-13 16:56 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2011-05-13 16:56 - 2011-05-13 16:56 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2011-05-13 16:56 - 2011-05-13 16:53 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2011-05-09 23:09 - 2011-03-21 19:31 - 0000644 ____A C:\Windows\TMFilter.log
2011-05-07 22:36 - 2011-03-12 05:40 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Adobe
2011-05-07 22:36 - 2010-08-12 23:09 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-05-07 22:35 - 2011-05-06 20:27 - 0000000 ____D C:\Program Files\Adobe
2011-05-07 22:02 - 2010-08-12 23:09 - 0000000 ____D C:\Users\All Users\Adobe
2011-05-07 22:02 - 2010-08-12 23:09 - 0000000 ____D C:\ProgramData\Adobe
2011-05-07 06:57 - 2011-05-06 20:48 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2011-05-07 06:57 - 2011-05-06 20:48 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2011-05-06 20:54 - 2011-05-06 20:54 - 0000000 ____D C:\Users\Josh\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-05-06 20:53 - 2011-05-06 20:53 - 0000000 ____D C:\Users\Josh\Documents\Adobe
2011-05-06 20:53 - 2011-05-06 20:53 - 0000000 ____D C:\Users\Josh\AppData\Roaming\PACE Anti-Piracy
2011-05-06 20:53 - 2011-05-06 20:53 - 0000000 ____D C:\Users\Josh\AppData\Local\PACE Anti-Piracy
2011-05-06 20:53 - 2011-05-06 20:53 - 0000000 ____D C:\Users\All Users\PACE Anti-Piracy
2011-05-06 20:53 - 2011-05-06 20:53 - 0000000 ____D C:\ProgramData\PACE Anti-Piracy
2011-05-06 20:53 - 2010-10-01 17:02 - 0000000 __AHD C:\Users\Josh\AppData\Local\DraV653oel2d
2011-05-06 20:53 - 2010-03-17 13:47 - 0000000 ___HD C:\Users\Josh\AppData\Local\JRO9XnWDs
2011-05-06 20:42 - 2011-05-06 20:27 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-05-06 20:37 - 2011-05-06 20:37 - 0000000 ____D C:\Users\All Users\ALM
2011-05-06 20:37 - 2011-05-06 20:37 - 0000000 ____D C:\ProgramData\ALM
2011-05-06 20:35 - 2011-05-06 20:35 - 0000000 ____D C:\Users\Public\Documents\Adobe
2011-05-06 20:30 - 2011-05-06 20:30 - 0000000 ____D C:\Program Files (x86)\Adobe Media Player
2011-05-04 21:52 - 2011-05-04 21:46 - 0016384 ____A C:\Users\Josh\Documents\NIVIS EX MACHINA excerpt.doc
2011-05-02 21:21 - 2011-06-16 16:02 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-05-02 20:50 - 2011-06-16 16:02 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-05-01 19:40 - 2011-05-01 19:40 - 0019456 ____A C:\Users\Josh\Documents\ML synopsis new.doc
2011-04-30 19:53 - 2011-03-31 17:23 - 0014420 ____A C:\Users\Josh\Documents\Midnight Leviathan budget.ods
2011-04-30 19:39 - 2011-04-30 19:39 - 0000000 ____D C:\Users\Josh\AppData\Roaming\dvdcss
2011-04-30 18:34 - 2011-04-30 18:34 - 0020480 ____A C:\Users\Josh\Documents\Ultraman Sorta 4.3 synopsis.doc
2011-04-30 14:40 - 2011-04-30 13:05 - 0031322 ____A C:\Users\Josh\Documents\Ultra Sorta 4 treatment NEW.rtf
2011-04-30 10:25 - 2011-04-30 10:25 - 0000458 ____A C:\Users\Josh\Documents\Sorta FJJ notes.rtf
2011-04-29 21:41 - 2011-03-12 05:48 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-04-29 21:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-04-27 18:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-04-26 15:45 - 2011-04-26 15:45 - 0193348 ____A C:\Users\Josh\Desktop\business card samples.pdf
2011-04-26 15:12 - 2011-04-26 15:11 - 2912271 ____A C:\Users\Josh\Desktop\logo samples.pdf
2011-04-25 14:59 - 2011-04-25 14:59 - 0002386 ____A C:\Windows\IE9_main.log
2011-04-23 21:09 - 2010-08-12 23:16 - 0000000 ____D C:\Users\All Users\Partner
2011-04-23 21:09 - 2010-08-12 23:16 - 0000000 ____D C:\ProgramData\Partner
2011-04-22 21:33 - 2011-04-22 21:03 - 0000000 ____D C:\Users\All Users\Norton
2011-04-22 21:33 - 2011-04-22 21:03 - 0000000 ____D C:\ProgramData\Norton
2011-04-22 21:03 - 2011-04-22 21:03 - 0000000 ____D C:\Users\All Users\Symantec
2011-04-22 21:03 - 2011-04-22 21:03 - 0000000 ____D C:\Users\All Users\NortonInstaller
2011-04-22 21:03 - 2011-04-22 21:03 - 0000000 ____D C:\ProgramData\Symantec
2011-04-22 21:03 - 2011-04-22 21:03 - 0000000 ____D C:\ProgramData\NortonInstaller
2011-04-22 12:18 - 2011-05-24 19:27 - 0027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-04-21 23:01 - 2011-04-21 23:01 - 0000000 ____D C:\Program Files (x86)\Vizzed
2011-04-21 22:47 - 2011-04-21 22:47 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2011-04-21 22:47 - 2010-08-12 23:22 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-04-21 19:40 - 2011-04-21 17:15 - 0020992 ____A C:\Users\Josh\Documents\ML synopsis.doc
2011-04-14 16:52 - 2011-04-14 16:50 - 0072186 ____A C:\Users\Josh\Documents\Film screening info.pdf
2011-04-14 16:52 - 2011-04-14 16:06 - 0013774 ____A C:\Users\Josh\Documents\Film screening info.odt
2011-04-11 18:04 - 2011-04-08 20:11 - 0000000 ____D C:\Users\Josh\Documents\Mai's Resume
2011-04-10 10:56 - 2011-04-10 10:56 - 0028825 ____A C:\Users\Josh\Documents\Easy Resume Template.ott
2011-04-08 22:58 - 2011-05-17 22:40 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-04-08 22:45 - 2011-05-10 19:36 - 5509504 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-04-08 22:13 - 2011-05-10 19:36 - 3957632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-04-08 22:13 - 2011-05-10 19:36 - 3901824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-04-08 21:56 - 2011-05-17 22:40 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-04-01 21:30 - 2011-04-01 21:30 - 0045543 ____A C:\Users\Josh\Documents\Godzilla Battle Royale re2.txt

========================= Known DLLs (Whitlisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ========================

Percentage of memory in use: 13%
Total physical RAM: 3884.56 MB
Available physical RAM: 3340.76 MB
Total Pagefile: 3882.71 MB
Available Pagefile: 3326.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions ===========================

1 Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:23.13 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:191.43 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (Cruzer) (Removable) (Total:3.74 GB) (Free:2.14 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:48 AM

Posted 01 July 2011 - 04:26 AM

No worries about the delay.:)

Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\Josh\...\Run: [HKCU] C:\Users\Josh\AppData\Roaming\winlog\winlog.exe [531926 2005-12-21] ()
C:\Users\Josh\AppData\Roaming\winlog\winlog.exe
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart the computer and tell me how it went.

#13 mondoboss

mondoboss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 01 July 2011 - 08:34 AM

Wow, that was fast! Kinda wish I'd brought my laptop to work, the suspense is killing me!

I'll be back tonight with the results. Thank you so much!

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:48 AM

Posted 01 July 2011 - 09:38 AM

:thumbup2:

#15 mondoboss

mondoboss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 01 July 2011 - 08:05 PM

Hi, back again. It appears to have worked! I reset my computer and it booted as normal, applied a long list (14,000 or more) of updates (it went by quick), and then booted up. My desktop appeared normal and I was notified that System Restore was completed successfully. I was also asked if I wanted to allow a program called "Malicious Software removal" to have access to my computer (the window subsequently dissapeared as I typed this).

Below is my fix log:

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.1.2)
Ran by SYSTEM at 2011-07-01 20:54:14 R:1
Running from G:\

==============================================

HKEY_USERS\Josh\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU Value deleted successfully.
C:\Users\Josh\AppData\Roaming\winlog\winlog.exe moved successfully.

========= bootrec /FixMbr =========

??T




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users