Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not start windows at all


  • This topic is locked This topic is locked
12 replies to this topic

#1 Hettydk

Hettydk

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 07 July 2011 - 07:58 PM

I hope someone can help me. A few weeks ago I managed to get some sort of virus on my laptop. After running Avast my laptop would only start in safe mode. I tried several times to resore to an earlier point but still would not boot in normal mode. I finally tried Hitman, It listed that there was a possible variant of the TDL rootkit detected, only the scan could not finish. I restarted my laptop only now it will not even load in safemode, It now goes into a continuous loop bringing me back to windows repair.

Thank you for your time

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 PM

Posted 07 July 2011 - 08:12 PM

What is your operating system?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Hettydk

Hettydk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 07 July 2011 - 08:30 PM

Ooops sorry, I have a Dell Vostro with Windows 7 32-bit.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 PM

Posted 07 July 2011 - 08:36 PM

Thanks, I am asking someonme to look here that handles non boots. Mat not be tonight.
Pt helps when they have that info before hand.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 PM

Posted 08 July 2011 - 01:06 AM

Hi Hettydk,

Welcome to this site. I will be assisting you.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#6 Hettydk

Hettydk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 08 July 2011 - 07:31 PM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.2
Ran by SYSTEM at 2011-07-08 20:28:59
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-10-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-10-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-10-07] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-01-25] (Apple Inc.)
HKLM\...\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928 2010-10-13] (SweetIM Technologies Ltd.)
HKU\Chrissy\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-11] (Google Inc.)
HKU\Chrissy\...\Run: [Google Update] "C:\Users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Heather\...\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Heather\...\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation)
HKU\Heather\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-11] (Google Inc.)
HKU\Heather\...\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Heather\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation)
HKU\sammy\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-11] (Google Inc.)
HKU\sammy\...\Run: [Google Update] "C:\Users\sammy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-24] (Google Inc.)
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

================================ Services (Whitelisted) ==================

3 Adobe Version Cue CS3; "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service [153792 2007-03-20] (Adobe Systems Incorporated)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [37664 2011-01-05] (Apple Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [345376 2010-10-07] (Apple Inc.)
2 BWH32S; "C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe" [126328 2009-07-08] (BUFFALO INC.)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2010-11-17] (Macrovision Europe Ltd.)
3 fsssvc; "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [1493352 2010-09-22] (Microsoft Corporation)
3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.)
2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.)
2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-23] (Hewlett-Packard Co.)
2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] ()
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [820008 2011-01-25] (Apple Inc.)
2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [268824 2009-11-04] (Intel Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard)
2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard)
2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [249136 2010-09-22] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe [229458 2010-04-07] (IDT, Inc.)
3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-01-16] (MicroVision Development, Inc.)
2 UNS; "C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)
4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [51040 2010-09-22] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [1710464 2010-09-21] (Microsoft Corp.)
2 YahooAUService; "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [602392 2008-11-09] (Yahoo! Inc.)

========================== Drivers (Whitelisted) =============

3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2010-12-29] ()
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [2661368 2010-08-28] (Broadcom Corporation)
3 BrSerIb; C:\Windows\System32\DRIVERS\BrSerIb.sys [265088 2009-07-13] (Brother Industries Ltd.)
3 BrUsbSIb; C:\Windows\System32\DRIVERS\BrUsbSIb.sys [11904 2009-07-13] (Brother Industries Ltd.)
3 Bufeap; C:\Windows\System32\DRIVERS\bufeap.sys [14848 2007-02-20] (BUFFALO INC.)
3 CtAudDrv; \??\C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.)
3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [143968 2009-06-15] (Creative Technology Ltd.)
3 dc3d; C:\Windows\System32\DRIVERS\dc3d.sys [44432 2010-07-01] (Microsoft Corporation)
3 Dot4; C:\Windows\System32\DRIVERS\Dot4.sys [131072 2009-07-13] (Microsoft Corporation)
3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [16384 2009-07-13] (Microsoft Corporation)
3 dot4usb; C:\Windows\System32\DRIVERS\dot4usb.sys [36864 2009-07-13] (Microsoft Corporation)
3 fssfltr; C:\Windows\System32\DRIVERS\fssfltr.sys [39272 2010-09-22] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.)
3 HECI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2009-09-17] (Intel Corporation)
0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [435736 2010-03-04] (Intel Corporation)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9024512 2010-08-26] (Intel Corporation)
3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [125696 2009-10-26] (Intel Corporation)
3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [247808 2010-08-30] (Intel® Corporation)
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2010-12-29] ()
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45200 2009-07-09] (Sonic Solutions)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [171520 2009-08-10] (Realtek Semiconductor Corp.)
3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [277536 2010-03-04] (Realtek )
3 sermouse; C:\Windows\System32\DRIVERS\sermouse.sys [19968 2009-07-13] (Microsoft Corporation)
0 stdflt; C:\Windows\System32\DRIVERS\stdflt.sys [16176 2009-11-27] (ST Microelectronics)
3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [423936 2010-04-07] (IDT, Inc.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [9216 2009-07-13] (Microsoft Corporation)
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [232624 2010-01-07] (Synaptics Incorporated)
3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2010-09-28] (Apple, Inc.)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-13] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146304 2010-03-03] (Microsoft Corporation)
1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-13] (Microsoft Corporation)
3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35840 2010-08-28] (Microsoft Corporation)

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-06-20 16:04 - 2011-06-20 16:04 - 0000000 ____D C:\Users\Heather\AppData\Local\{46141127-B396-4DBB-BD85-8480D2946C1D}
2011-06-19 16:30 - 2011-06-19 16:30 - 0000000 ____D C:\Users\All Users\MFAData
2011-06-19 16:30 - 2011-06-19 16:30 - 0000000 ____D C:\ProgramData\MFAData
2011-06-19 16:29 - 2011-06-20 22:21 - 0000000 ____D C:\Users\All Users\Hitman Pro
2011-06-19 16:29 - 2011-06-20 22:21 - 0000000 ____D C:\ProgramData\Hitman Pro
2011-06-19 13:27 - 2011-06-19 13:27 - 0000000 ____D C:\Users\Heather\AppData\Local\{56AA504D-2E76-46EF-8162-EFAD3C954591}
2011-06-19 13:06 - 2011-06-19 13:06 - 0000000 ____D C:\Users\Heather\AppData\Local\{9C4FE664-B342-496B-AA45-78B505E81DA6}
2011-06-19 12:55 - 2011-06-19 12:55 - 0000000 ____D C:\Users\Heather\AppData\Local\{C919117A-D37D-46A5-9689-49E9CB52E799}
2011-06-19 12:51 - 2011-06-19 12:51 - 0000000 ____D C:\Users\Heather\AppData\Local\{C58CF77E-3B6D-417B-9FC1-1D132DB3E6FC}
2011-06-19 07:05 - 2011-06-19 07:05 - 0000000 ____D C:\Users\Heather\AppData\Local\{198E2ACB-9BA4-422B-A3BF-F0D1F835C1F6}
2011-06-18 14:11 - 2011-06-18 14:11 - 0000000 ____D C:\Users\Heather\AppData\Local\{3ED9AD6C-B8B7-47C4-AD5E-02CC93458098}
2011-06-17 19:54 - 2011-06-17 19:54 - 0000000 ____D C:\Users\All Users\IObit
2011-06-17 19:54 - 2011-06-17 19:54 - 0000000 ____D C:\ProgramData\IObit
2011-06-17 19:53 - 2011-06-19 16:45 - 0000000 ____D C:\Users\Heather\AppData\Roaming\IObit
2011-06-17 19:53 - 2011-06-17 19:54 - 0000000 ____D C:\Program Files\IObit
2011-06-17 19:33 - 2011-06-17 19:33 - 0000000 ____D C:\Users\Heather\AppData\Local\{EBB6582C-148C-4AEC-9981-001E09872985}
2011-06-17 19:10 - 2011-07-07 18:43 - 0000000 ____D C:\Users\sammy\AppData\Local\ElevatedDiagnostics
2011-06-16 17:07 - 2011-06-16 17:07 - 0000000 ____D C:\Users\Heather\AppData\Local\{CE253499-9C18-4D8F-8F25-8012F47F01B9}
2011-06-16 16:54 - 2011-06-19 13:35 - 0000000 ____D C:\Users\Heather\AppData\Local\ElevatedDiagnostics
2011-06-16 16:49 - 2011-06-16 16:50 - 0000000 ____D C:\Users\Heather\AppData\Local\{F978298C-B413-4193-9888-9917A36CACF9}
2011-06-16 16:22 - 2011-06-16 16:22 - 0000000 ____D C:\Users\Heather\AppData\Local\{51A3B282-0242-4D1F-8F15-59BA1426CFB6}
2011-06-16 16:19 - 2011-06-16 16:20 - 0000000 ____D C:\Users\Heather\AppData\Local\{3512D8F8-8FEC-43C1-B5CA-CED1C3A6EE2C}
2011-06-15 14:56 - 2011-06-16 16:47 - 0000000 ____D C:\9336f963303cffc9fa19e4d1
2011-06-15 14:56 - 2011-06-15 14:56 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-06-15 14:56 - 2011-06-15 14:56 - 0000000 ____D C:\ProgramData\AVAST Software
2011-06-15 14:56 - 2011-06-15 14:56 - 0000000 ____D C:\Program Files\AVAST Software
2011-06-15 14:51 - 2011-06-15 14:51 - 0000000 ____D C:\Users\Heather\AppData\Local\{45997ACD-5DF7-42B1-8FF8-50A03C59F26A}
2011-06-14 17:41 - 2011-06-14 17:41 - 0000000 ____D C:\Users\Heather\AppData\Local\{4BD91118-A525-4775-AB47-D197EC95DA3F}
2011-06-14 16:23 - 2011-06-14 16:23 - 0000000 ____D C:\Users\Heather\AppData\Local\{D9CA3920-4592-4B91-B503-EF0E46A7A2D0}
2011-06-14 13:50 - 2011-06-14 13:50 - 0000000 ____D C:\Users\Heather\AppData\Local\{45FC4993-9ADE-40AA-A4A2-FDDD52752FF9}
2011-06-13 20:23 - 2011-06-14 17:31 - 1135006 ___AH C:\Users\Chrissy\AppData\Local\IconCache.db
2011-06-13 13:41 - 2011-06-21 15:18 - 0000000 ____D C:\Users\Chrissy\AppData\Local\Microsoft Games
2011-06-13 08:11 - 2011-06-13 08:14 - 0000000 ____D C:\Users\sammy\AppData\Roaming\wargaming.net
2011-06-12 19:17 - 2011-06-12 19:17 - 0000000 ____D C:\Users\Heather\AppData\Local\{222EFCA3-A307-451C-9E7A-467624CD2C18}
2011-06-12 18:51 - 2011-06-21 15:18 - 0000000 ____D C:\Games
2011-06-12 11:30 - 2011-06-12 11:30 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\CyberLink
2011-06-12 09:49 - 2011-06-12 09:52 - 0000000 ____D C:\Users\Chrissy\Documents\Stronghold 2
2011-06-12 09:48 - 2011-06-21 15:18 - 0000000 ____D C:\Users\Chrissy\Documents\Electronic Arts
2011-06-12 09:46 - 2011-06-12 09:47 - 0000000 ____D C:\Users\Chrissy\Desktop\Others
2011-06-12 09:44 - 2011-06-12 09:44 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Yahoo!
2011-06-12 09:41 - 2011-06-12 09:41 - 0699688 ____A C:\Users\Chrissy\Documents\Hd Dragon Wallpaper.jpg
2011-06-12 09:38 - 2011-06-21 15:18 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Adobe
2011-06-12 09:38 - 2011-06-21 15:18 - 0000000 ____D C:\Users\Chrissy\AppData\Local\Google
2011-06-12 09:38 - 2011-06-12 09:39 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Google
2011-06-12 09:38 - 2011-06-12 09:38 - 0073688 ____A C:\Users\Chrissy\AppData\Local\GDIPFONTCACHEV1.DAT
2011-06-12 09:38 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Apple Computer
2011-06-12 09:38 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Local\Apple Computer
2011-06-12 09:38 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Local\Adobe
2011-06-12 09:37 - 2011-06-21 15:27 - 0000000 ____D C:\users\Chrissy
2011-06-12 09:37 - 2011-06-21 15:18 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Macromedia
2011-06-12 09:37 - 2011-06-21 15:18 - 0000000 ____D C:\Users\Chrissy\AppData\LocalLow
2011-06-12 09:37 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Local\VirtualStore
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Templates
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Start Menu
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\PrintHood
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\NetHood
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\My Documents
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Documents\My Videos
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Documents\My Pictures
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Documents\My Music
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\AppData\Local\Temporary Internet Files
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\AppData\Local\History
2011-06-12 09:37 - 2009-07-13 23:48 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Media Center Programs
2011-06-11 07:03 - 2011-06-11 07:03 - 0811144 ____A C:\Users\sammy\Downloads\lockheed_ac_130_2560x1600.jpg


============ 3 Months Modified Files and Folders ===============

2011-07-08 20:29 - 2011-07-08 20:28 - 0000000 ____D C:\FRST
2011-07-07 19:56 - 2011-06-06 16:04 - 0000000 ___HD C:\Users\Heather\Documents\Runes of Magic
2011-07-07 19:56 - 2011-06-06 15:43 - 0000000 ____D C:\Program Files\Runes of Magic
2011-07-07 19:56 - 2011-06-04 17:09 - 0000000 ____D C:\users\sammy
2011-07-07 19:56 - 2010-11-21 10:42 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-07-07 19:56 - 2010-11-21 10:42 - 0000000 ____D C:\ProgramData\FLEXnet
2011-07-07 19:56 - 2010-11-16 18:13 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2011-07-07 19:56 - 2010-11-16 18:13 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2011-07-07 19:56 - 2010-11-16 18:12 - 0000000 ____D C:\Program Files\Yahoo!
2011-07-07 19:56 - 2010-11-13 08:41 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2011-07-07 19:56 - 2010-11-13 08:41 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2011-07-07 19:56 - 2010-11-10 12:46 - 0000000 ____D C:\users\Heather
2011-07-07 19:56 - 2010-08-28 01:23 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-07-07 19:56 - 2009-07-13 23:48 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-07-07 19:56 - 2009-07-13 18:37 - 0000000 __RHD C:\Users\Public\Libraries
2011-07-07 19:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2011-07-07 19:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wbem
2011-07-07 19:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2011-07-07 19:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-07-07 19:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2011-07-07 19:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2011-07-07 19:56 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-07-07 19:56 - 2009-07-13 18:36 - 0000000 __SHD C:\$Recycle.Bin
2011-07-07 18:43 - 2011-06-17 19:10 - 0000000 ____D C:\Users\sammy\AppData\Local\ElevatedDiagnostics
2011-07-07 18:43 - 2010-11-16 18:14 - 0000000 ____D C:\Users\Heather\AppData\Local\Yahoo
2011-06-21 15:27 - 2011-06-12 09:37 - 0000000 ____D C:\users\Chrissy
2011-06-21 15:18 - 2011-06-13 13:41 - 0000000 ____D C:\Users\Chrissy\AppData\Local\Microsoft Games
2011-06-21 15:18 - 2011-06-12 18:51 - 0000000 ____D C:\Games
2011-06-21 15:18 - 2011-06-12 09:48 - 0000000 ____D C:\Users\Chrissy\Documents\Electronic Arts
2011-06-21 15:18 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Adobe
2011-06-21 15:18 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Local\Google
2011-06-21 15:18 - 2011-06-12 09:37 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Macromedia
2011-06-21 15:18 - 2011-06-12 09:37 - 0000000 ____D C:\Users\Chrissy\AppData\LocalLow
2011-06-20 22:21 - 2011-06-19 16:29 - 0000000 ____D C:\Users\All Users\Hitman Pro
2011-06-20 22:21 - 2011-06-19 16:29 - 0000000 ____D C:\ProgramData\Hitman Pro
2011-06-20 16:13 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\tracing
2011-06-20 16:06 - 2010-08-28 03:05 - 1502621696 __ASH C:\hiberfil.sys
2011-06-20 16:04 - 2011-06-20 16:04 - 0000000 ____D C:\Users\Heather\AppData\Local\{46141127-B396-4DBB-BD85-8480D2946C1D}
2011-06-20 16:04 - 2010-11-10 22:01 - 0000000 ____D C:\Users\Heather\Tracing
2011-06-19 16:45 - 2011-06-17 19:53 - 0000000 ____D C:\Users\Heather\AppData\Roaming\IObit
2011-06-19 16:30 - 2011-06-19 16:30 - 0000000 ____D C:\Users\All Users\MFAData
2011-06-19 16:30 - 2011-06-19 16:30 - 0000000 ____D C:\ProgramData\MFAData
2011-06-19 13:35 - 2011-06-16 16:54 - 0000000 ____D C:\Users\Heather\AppData\Local\ElevatedDiagnostics
2011-06-19 13:27 - 2011-06-19 13:27 - 0000000 ____D C:\Users\Heather\AppData\Local\{56AA504D-2E76-46EF-8162-EFAD3C954591}
2011-06-19 13:06 - 2011-06-19 13:06 - 0000000 ____D C:\Users\Heather\AppData\Local\{9C4FE664-B342-496B-AA45-78B505E81DA6}
2011-06-19 12:55 - 2011-06-19 12:55 - 0000000 ____D C:\Users\Heather\AppData\Local\{C919117A-D37D-46A5-9689-49E9CB52E799}
2011-06-19 12:51 - 2011-06-19 12:51 - 0000000 ____D C:\Users\Heather\AppData\Local\{C58CF77E-3B6D-417B-9FC1-1D132DB3E6FC}
2011-06-19 07:05 - 2011-06-19 07:05 - 0000000 ____D C:\Users\Heather\AppData\Local\{198E2ACB-9BA4-422B-A3BF-F0D1F835C1F6}
2011-06-18 16:34 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2011-06-18 14:11 - 2011-06-18 14:11 - 0000000 ____D C:\Users\Heather\AppData\Local\{3ED9AD6C-B8B7-47C4-AD5E-02CC93458098}
2011-06-17 20:04 - 2011-06-04 20:05 - 1480518 ___AH C:\Users\sammy\AppData\Local\IconCache.db
2011-06-17 19:54 - 2011-06-17 19:54 - 0000000 ____D C:\Users\All Users\IObit
2011-06-17 19:54 - 2011-06-17 19:54 - 0000000 ____D C:\ProgramData\IObit
2011-06-17 19:54 - 2011-06-17 19:53 - 0000000 ____D C:\Program Files\IObit
2011-06-17 19:43 - 2010-11-17 06:52 - 0000000 ___HD C:\Config.Msi
2011-06-17 19:33 - 2011-06-17 19:33 - 0000000 ____D C:\Users\Heather\AppData\Local\{EBB6582C-148C-4AEC-9981-001E09872985}
2011-06-16 17:07 - 2011-06-16 17:07 - 0000000 ____D C:\Users\Heather\AppData\Local\{CE253499-9C18-4D8F-8F25-8012F47F01B9}
2011-06-16 16:50 - 2011-06-16 16:49 - 0000000 ____D C:\Users\Heather\AppData\Local\{F978298C-B413-4193-9888-9917A36CACF9}
2011-06-16 16:47 - 2011-06-15 14:56 - 0000000 ____D C:\9336f963303cffc9fa19e4d1
2011-06-16 16:22 - 2011-06-16 16:22 - 0000000 ____D C:\Users\Heather\AppData\Local\{51A3B282-0242-4D1F-8F15-59BA1426CFB6}
2011-06-16 16:20 - 2011-06-16 16:19 - 0000000 ____D C:\Users\Heather\AppData\Local\{3512D8F8-8FEC-43C1-B5CA-CED1C3A6EE2C}
2011-06-15 17:19 - 2011-04-11 16:30 - 0000000 ____D C:\Users\Heather\Desktop\playing with the hipster app
2011-06-15 14:56 - 2011-06-15 14:56 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-06-15 14:56 - 2011-06-15 14:56 - 0000000 ____D C:\ProgramData\AVAST Software
2011-06-15 14:56 - 2011-06-15 14:56 - 0000000 ____D C:\Program Files\AVAST Software
2011-06-15 14:51 - 2011-06-15 14:51 - 0000000 ____D C:\Users\Heather\AppData\Local\{45997ACD-5DF7-42B1-8FF8-50A03C59F26A}
2011-06-14 17:41 - 2011-06-14 17:41 - 0000000 ____D C:\Users\Heather\AppData\Local\{4BD91118-A525-4775-AB47-D197EC95DA3F}
2011-06-14 17:31 - 2011-06-13 20:23 - 1135006 ___AH C:\Users\Chrissy\AppData\Local\IconCache.db
2011-06-14 16:23 - 2011-06-14 16:23 - 0000000 ____D C:\Users\Heather\AppData\Local\{D9CA3920-4592-4B91-B503-EF0E46A7A2D0}
2011-06-14 13:50 - 2011-06-14 13:50 - 0000000 ____D C:\Users\Heather\AppData\Local\{45FC4993-9ADE-40AA-A4A2-FDDD52752FF9}
2011-06-13 08:14 - 2011-06-13 08:11 - 0000000 ____D C:\Users\sammy\AppData\Roaming\wargaming.net
2011-06-12 19:17 - 2011-06-12 19:17 - 0000000 ____D C:\Users\Heather\AppData\Local\{222EFCA3-A307-451C-9E7A-467624CD2C18}
2011-06-12 11:30 - 2011-06-12 11:30 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\CyberLink
2011-06-12 09:52 - 2011-06-12 09:49 - 0000000 ____D C:\Users\Chrissy\Documents\Stronghold 2
2011-06-12 09:47 - 2011-06-12 09:46 - 0000000 ____D C:\Users\Chrissy\Desktop\Others
2011-06-12 09:44 - 2011-06-12 09:44 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Yahoo!
2011-06-12 09:41 - 2011-06-12 09:41 - 0699688 ____A C:\Users\Chrissy\Documents\Hd Dragon Wallpaper.jpg
2011-06-12 09:39 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Google
2011-06-12 09:38 - 2011-06-12 09:38 - 0073688 ____A C:\Users\Chrissy\AppData\Local\GDIPFONTCACHEV1.DAT
2011-06-12 09:38 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Roaming\Apple Computer
2011-06-12 09:38 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Local\Apple Computer
2011-06-12 09:38 - 2011-06-12 09:38 - 0000000 ____D C:\Users\Chrissy\AppData\Local\Adobe
2011-06-12 09:38 - 2011-06-12 09:37 - 0000000 ____D C:\Users\Chrissy\AppData\Local\VirtualStore
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Templates
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Start Menu
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\PrintHood
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\NetHood
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\My Documents
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Documents\My Videos
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Documents\My Pictures
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\Documents\My Music
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\AppData\Local\Temporary Internet Files
2011-06-12 09:37 - 2011-06-12 09:37 - 0000000 __SHD C:\Users\Chrissy\AppData\Local\History
2011-06-11 07:03 - 2011-06-11 07:03 - 0811144 ____A C:\Users\sammy\Downloads\lockheed_ac_130_2560x1600.jpg
2011-06-07 06:14 - 2009-07-13 20:55 - 1863820 ____A C:\Windows\WindowsUpdate.log
2011-06-07 06:03 - 2011-06-04 17:30 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803881064-2245766397-3238947407-1003UA.job
2011-06-07 06:03 - 2010-11-11 13:04 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-06-06 20:05 - 2009-07-13 20:34 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-06-06 20:05 - 2009-07-13 20:34 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-06-06 17:42 - 2010-11-11 13:04 - 0000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-06-06 17:40 - 2011-06-04 17:30 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803881064-2245766397-3238947407-1003Core.job
2011-06-06 15:53 - 2011-06-06 15:53 - 0001899 ____A C:\Users\Heather\Desktop\Runes of Magic.lnk
2011-06-06 05:26 - 2011-06-05 17:16 - 0000000 ____D C:\Users\Heather\AppData\Local\{B6BFEDE3-5DD6-4812-BEF4-1677C8A5B33F}
2011-06-05 17:40 - 2011-06-04 17:30 - 0002407 ____A C:\Users\sammy\Desktop\Google Chrome.lnk
2011-06-05 12:24 - 2011-01-04 16:09 - 0005405 ____A C:\Users\Heather\AppData\Roaming\UserTile.png
2011-06-05 11:52 - 2010-11-10 12:46 - 0000000 ____D C:\Users\Heather\AppData\Local\VirtualStore
2011-06-05 08:51 - 2010-08-28 01:14 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-06-05 08:51 - 2009-07-13 18:05 - 0624178 ____A C:\Windows\System32\perfh009.dat
2011-06-05 08:51 - 2009-07-13 18:05 - 0106522 ____A C:\Windows\System32\perfc009.dat
2011-06-05 08:49 - 2011-06-05 08:48 - 0000000 ____D C:\Users\sammy\Documents\Stronghold 2
2011-06-05 08:45 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-06-05 08:45 - 2009-07-13 20:39 - 0029080 ____A C:\Windows\setupact.log
2011-06-05 05:16 - 2011-06-05 05:15 - 0000000 ____D C:\Users\Heather\AppData\Local\{393BD006-AC09-4623-B0DC-886E1AB210E7}
2011-06-04 17:30 - 2011-06-04 17:11 - 0000000 ____D C:\Users\sammy\AppData\Local\Google
2011-06-04 17:28 - 2011-06-04 17:12 - 0000000 ____D C:\Users\sammy\AppData\Roaming\Google
2011-06-04 17:14 - 2011-06-04 17:09 - 0000000 ____D C:\Users\sammy\AppData\LocalLow
2011-06-04 17:12 - 2011-06-04 17:10 - 0000000 ____D C:\Users\sammy\AppData\Roaming\Adobe
2011-06-04 17:12 - 2011-06-04 17:10 - 0000000 ____D C:\Users\sammy\AppData\Local\Adobe
2011-06-04 17:10 - 2011-06-04 17:10 - 0073688 ____A C:\Users\sammy\AppData\Local\GDIPFONTCACHEV1.DAT
2011-06-04 17:10 - 2011-06-04 17:10 - 0000000 ____D C:\Users\sammy\AppData\Roaming\Apple Computer
2011-06-04 17:10 - 2011-06-04 17:10 - 0000000 ____D C:\Users\sammy\AppData\Local\Apple Computer
2011-06-04 17:10 - 2011-06-04 17:09 - 0000000 ____D C:\Users\sammy\AppData\Local\VirtualStore
2011-06-04 17:09 - 2011-06-04 17:09 - 0000174 ___SH C:\Users\sammy\Start Menu\Programs\Startup\desktop.ini
2011-06-04 17:09 - 2011-06-04 17:09 - 0000174 ___SH C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-06-04 17:09 - 2011-06-04 17:09 - 0000020 __ASH C:\Users\sammy\ntuser.ini
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\Templates
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\Start Menu
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\PrintHood
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\NetHood
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\My Documents
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\Documents\My Videos
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\Documents\My Pictures
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\Documents\My Music
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\AppData\Local\Temporary Internet Files
2011-06-04 17:09 - 2011-06-04 17:09 - 0000000 __SHD C:\Users\sammy\AppData\Local\History
2011-06-04 11:08 - 2011-06-04 11:08 - 0000000 ____D C:\Users\Heather\AppData\Local\{C9D55B87-CD5F-4D69-806C-FEA4FA4E51A1}
2011-05-31 08:06 - 2011-05-17 08:08 - 0000000 ____D C:\Users\Heather\Desktop\Email pics to marc
2011-05-25 13:12 - 2010-08-28 03:05 - 0041654 ____A C:\Windows\PFRO.log
2011-05-25 06:31 - 2011-05-23 15:51 - 0000000 ____D C:\Users\Heather\AppData\Local\{D1DBCDB3-1F76-461F-96EC-ECF3FB41EB86}
2011-05-17 08:15 - 2011-05-17 08:15 - 0000000 ____D C:\Users\Heather\AppData\Local\{36722D17-C416-4EB1-8CBE-FD3BE671EDA9}
2011-05-17 08:14 - 2011-05-17 08:14 - 0000000 ____D C:\Users\Heather\AppData\Local\{37D38E2D-6F1B-40AE-A418-905C8FDAC6D4}
2011-05-17 08:14 - 2011-02-02 17:03 - 0000000 ____D C:\Users\Heather\AppData\Local\Windows Live
2011-05-16 18:51 - 2011-05-16 18:51 - 0000681 ____A C:\Users\Heather\Desktop\Heather - Shortcut.lnk
2011-05-16 06:47 - 2011-05-16 06:47 - 0000000 ____D C:\Users\Heather\AppData\Local\{4A6F120E-3749-40BB-B4A4-833C8DE31BFD}
2011-05-12 05:48 - 2011-05-10 23:18 - 0000000 ____D C:\Users\Heather\AppData\Local\{D283B98A-6585-4D7B-A653-74412A170986}
2011-05-11 10:39 - 2011-05-11 10:41 - 0158796 ____A C:\Users\Heather\Desktop\heather and jen.jpg
2011-05-10 23:00 - 2010-11-10 13:54 - 42829768 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-05-09 19:05 - 2011-05-09 19:05 - 0000000 ____D C:\Users\Heather\AppData\Local\{3905394A-834C-41AA-A8B5-4B8F18617DD4}
2011-05-04 06:54 - 2011-05-04 06:54 - 0195088 ____A C:\Users\Heather\Documents\eServices.mht
2011-05-02 19:07 - 2011-05-02 19:07 - 0000200 ____A C:\Users\Heather\Documents\im.txt
2011-05-02 18:39 - 2011-05-01 15:20 - 0000000 ____D C:\Users\Heather\AppData\Local\{3DEC60E8-A2DC-4F05-8D6D-97F39E04CC9A}
2011-05-02 17:01 - 2011-05-02 17:01 - 0217407 ____A C:\Users\Heather\Documents\2010TaxReturn.PDF
2011-05-02 17:01 - 2011-01-12 15:36 - 0048640 __ASH C:\Users\Heather\Documents\Thumbs.db
2011-05-02 17:01 - 2010-11-17 07:03 - 0000000 ____D C:\Users\Heather\Documents\My Scans
2011-05-01 15:19 - 2011-05-01 15:19 - 0000000 ___AH C:\Users\Heather\AppData\Local\BIT303A.tmp
2011-05-01 15:19 - 2011-05-01 15:19 - 0000000 ____A C:\Users\Heather\AppData\Local\{E1672266-44A8-45D0-A333-2DE2C304A9E2}
2011-04-28 15:46 - 2011-04-28 15:46 - 0000000 ____D C:\Users\Heather\AppData\Local\{4B7B8190-2C55-4C6B-A8AB-54A6D9464822}
2011-04-27 23:55 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2011-04-27 19:59 - 2011-04-26 17:00 - 0000000 ____D C:\Users\Heather\AppData\Local\{6B526B21-26B8-4A23-ADE2-1966E7AF9FF3}
2011-04-26 05:00 - 2011-04-26 05:00 - 0000000 ____D C:\Users\Heather\AppData\Local\{532855B0-331F-4452-ABE2-A0606FDFAB95}
2011-04-25 01:45 - 2011-04-25 01:45 - 0001773 ____A C:\Users\Heather\Desktop\iTunes.lnk
2011-04-24 16:51 - 2011-04-24 16:27 - 0000000 ____D C:\Users\Heather\Desktop\Easter 2011
2011-04-24 16:17 - 2011-04-24 16:16 - 0000000 ____D C:\Users\Heather\AppData\Local\{72C30821-BE7E-440B-8B3C-8F94E31849A9}
2011-04-22 11:36 - 2011-05-24 15:54 - 0026496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-04-20 10:20 - 2011-04-20 10:20 - 0000000 ____D C:\Users\Heather\AppData\Local\{77450D04-618E-4B98-8821-31A919E68D58}
2011-04-19 23:30 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2011-04-19 23:21 - 2009-07-13 20:33 - 1639624 ____A C:\Windows\System32\FNTCACHE.DAT
2011-04-19 20:03 - 2011-04-19 08:02 - 0000000 ____D C:\Users\Heather\AppData\Local\{FD4B28E5-5A0F-4F7A-8B04-CEDA4A7E991D}
2011-04-12 18:34 - 2011-04-12 18:34 - 0000000 ____D C:\Users\Heather\AppData\Local\{66DCCFF5-49BC-4315-95E9-9EF067506639}
2011-04-11 16:01 - 2011-04-11 16:01 - 0000000 ____D C:\Users\Heather\AppData\Local\{4C696F61-D706-410C-9AEB-1AC983E64FE1}
2011-04-10 16:09 - 2011-04-07 01:51 - 0000000 ____D C:\Users\Heather\AppData\Local\{17FD91CD-B3F7-4135-8143-F7E506269E94}
2011-04-08 22:13 - 2011-05-10 16:05 - 3957632 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-04-08 22:13 - 2011-05-10 16:05 - 3901824 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-04-08 21:56 - 2011-05-18 20:50 - 0123904 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-04-27 11:47] - [2011-02-25 21:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\System32\winlogon.exe
[2010-08-28 03:58] - [2010-08-28 03:58] - 0285696 ____A (Microsoft Corporation) 37CDB7E72EB66BA85A87CBE37E7F03FD

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys
[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD


========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 1910.68 MB
Available physical RAM: 1486.47 MB
Total Pagefile: 1910.68 MB
Available Pagefile: 1484.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.31 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:224.65 GB) (Free:116.99 GB) NTFS
3 Drive f: (Lexar) (Removable) (Total:1.87 GB) (Free:0.07 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:8.12 GB) (Free:4.42 GB) NTFS

==========================================================

Last Boot: 2011-06-04 12:19

======================= End Of Log ==========================

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 PM

Posted 09 July 2011 - 01:10 AM

Open notepad (Start => Programs => Accessories => Notepad). Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

cmd: bootrec /FixMbr
Control:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart and let the system boot normally. In case startup repair wanted to run let it run to completion. When booted you will get a system restore prompt. Please accept the current system and don't reverse the changes.

#8 Hettydk

Hettydk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 09 July 2011 - 05:11 AM

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.1.2)
Ran by SYSTEM at 2011-07-09 06:08:04 R:1
Running from F:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

The operation completed successfully.






The laptop started normally. Thank you very much.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 PM

Posted 09 July 2011 - 05:25 AM

Great. :thumbup2:

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#10 Hettydk

Hettydk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 12 July 2011 - 10:36 AM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7088

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/12/2011 11:34:53 AM
mbam-log-2011-07-12 (11-34-53).txt

Scan type: Quick scan
Objects scanned: 203306
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 PM

Posted 12 July 2011 - 01:38 PM

That looks good.

I would like to take a look at possible vulnerabilities.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste OTL.txt and attacht Extra.txt to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 PM

Posted 17 July 2011 - 07:43 AM

Please let me know if you still need assistance.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 PM

Posted 20 July 2011 - 04:24 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users