Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro killed my OS...


  • This topic is locked This topic is locked
13 replies to this topic

#1 shoenberg3

shoenberg3

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 12 November 2011 - 07:14 PM

Hello,
My windows 7 installation has been absolutely perfect until few days ago when it got infected with Trojan or rookit that caused the google results to be redirected. I was a little too aggressive with my cleaning and upon reading feedback on the internet, installed Hitman Pro. What a terrible choice that was… Upon scanning and quarantining some files through Hitman, I no longer can boot at all; after a “windows loading” sign, it quickly flashes bsod and reboots. Safe mode does not work nor does startup repair. Playing with various commands on the command prompt ( bootrec /FixMbr etc.) did nothing. I am now thinking that either the registry or some of the system files got seriously compromised by Hitman Pro.


At this point, I am going to try two things before I resort to full reinstall: restoring registry and, if that doesn’t work, a repair install with the installation CD. Regarding the first option, I fortunately made a backup of my entire registry few weeks ago. However, they are in five big chunks: classes-root, current-user, local machine, users, and current config. I can access the files of the problem OS fine from booting from a different OS on a different HD, but I cannot overwrite them by simply replacing them (located in system32/config) since they are separated into keys (bcd-template, components, default, sam, security, software) from the local machine directory. And of course, I cannot just simply double click the backup REGS to merge since they would probably just update to the OS that I am currently on. I am also aware that you can access the registry of the problem OS on regedit by loading it as hive, but that would mean I would need to try to edit the values manually, and there’s no way I am going to be able to do that.

In summary, I am wondering if there is a way of updating the registry of the unbootable OS through the backed up REG files (classes-root, current-user, local machine, users, and current config), performing all of this on a different OS.

Of course, if none of this works, I am goign to look into repair install (but some people were apparently having difficulty getting that to work with this issue..)

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:47 AM

Posted 13 November 2011 - 03:55 AM

Hello shoenberg3,

Welcome to bleeping computer.

I will be assisting you to remove the main malware and boot the computer. You might not need to alter the registry.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 shoenberg3

shoenberg3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 13 November 2011 - 02:59 PM

Thank you so much for your help.

I will try this out once I get my hardware issues sorted out:(

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:47 AM

Posted 13 November 2011 - 03:16 PM

What do you mean by hardware issues?

#5 shoenberg3

shoenberg3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 14 November 2011 - 01:12 AM

My build is

asus p5n-d
e8400 oced to 3.5ghz
gtx 260
4gb ram
thermatake 430w
intel 320 160 gb ssd + 2tb WD green

The graphics card would sometimes not turn on in the past: fan won't spin and I would not get vga signal. But often, waiting a while or reseating it would resolve this issue.

However, it seems toast for sure now. I just bought a cheap new gfx to test (gts 210) and that card also does not work in either pci-e slots (couldn't test my gtx 260 in the other slot since it was too big). The fan on it, however, does start spinning. Also tested with a different PSU, again to no avail.


My best guess is that my mobo and, in particular, the pci circuit is fried. I am planning to upgrade to a sandy bridge cpu and mobo.

I just want to be able to use my PC again....

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:47 AM

Posted 14 November 2011 - 01:58 AM

I see. Please take your time and post the log when ready. :thumbup2:

#7 shoenberg3

shoenberg3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 17 November 2011 - 09:48 PM

Got my hardware issues sorted out and did a scan!

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.9
Ran by SYSTEM at 2011-11-18 10:40:15
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKU\username\...\Run: [AdobeBridge] [x]
HKU\username\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [x]

========================== Drivers (Whitelisted) =============

2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Almico Software)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-11-09 09:39 - 2011-11-09 09:39 - 0000000 ___AH C:\Windows\System32\config\1.reg.LOG
2011-11-09 09:02 - 2011-10-22 01:48 - 22835446 ____A C:\Windows\System32\config\4.reg
2011-11-09 09:02 - 2011-10-22 01:48 - 162018242 ____A C:\Windows\System32\config\3.reg
2011-11-09 09:02 - 2011-10-22 01:48 - 12175540 ____A C:\Windows\System32\config\2.reg
2011-11-09 09:02 - 2011-10-22 01:48 - 0004510 ____A C:\Windows\System32\config\5.reg
2011-11-09 09:02 - 2011-10-22 01:47 - 47735244 ____A C:\Windows\System32\config\1.reg
2011-11-09 08:55 - 2006-09-06 14:07 - 2325034 ____A C:\fifa.db
2011-11-09 00:02 - 2011-11-09 00:02 - 0001150 ____A C:\Users\username\Downloads\wscsvc(64).zip
2011-11-08 23:59 - 2011-11-08 23:59 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2011-11-08 23:57 - 2011-11-08 23:57 - 0023112 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2011-11-08 23:55 - 2011-11-08 23:55 - 0003608 ____A C:\Users\username\Downloads\Hitman_Pro_3.5.9_(x64)_[Hyperdrive25].6496995.TPB.torrent
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\WORK
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Windows\XSxS
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Users\username\AppData\Local\Hitman Pro Portable MonbJIan
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Program Files (x86)\Ashampoo Snap
2011-11-08 23:49 - 2011-11-08 23:49 - 0010965 ____A C:\Users\username\Downloads\Hitman_Pro_3.5.9_126_Portable.6536291.TPB.torrent
2011-11-08 23:38 - 2011-11-08 23:49 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-08 23:38 - 2011-11-08 23:49 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-08 23:38 - 2011-11-08 23:39 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-08 23:38 - 2011-11-08 23:38 - 0001260 ____A C:\Users\username\Desktop\Spybot - Search & Destroy.lnk
2011-11-08 23:30 - 2011-11-08 23:30 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\Users\username\AppData\Roaming\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-08 23:29 - 2011-11-08 23:30 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-08 23:29 - 2011-11-08 23:29 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\username\Downloads\mbam-setup.exe
2011-11-08 23:29 - 2011-08-31 17:00 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-11-08 23:23 - 2011-11-08 23:59 - 0000000 ____D C:\Users\username\Downloads\backups
2011-11-08 23:22 - 2011-11-08 23:22 - 0388608 ____A (Trend Micro Inc.) C:\Users\username\Downloads\HijackThis.exe
2011-11-08 22:48 - 2011-11-08 22:49 - 0312747 ____A C:\Users\username\Downloads\6321039545_a216077a96_b.jpg
2011-11-08 22:45 - 2011-11-08 22:58 - 0431811 ____A C:\Users\username\Downloads\6327614879_344b291a59_b.jpg
2011-11-08 22:41 - 2011-11-08 22:41 - 0570976 ____A C:\Users\username\Desktop\1.jpg
2011-11-08 22:27 - 2011-11-08 22:34 - 0473136 ____A C:\Users\username\Desktop\6168961276_02e7f9572c_b.jpg
2011-11-08 22:25 - 2011-11-08 22:25 - 0012363 ____A C:\Users\username\Downloads\Tommy Sung.docx
2011-11-08 22:10 - 2011-11-08 22:12 - 0360290 ____A C:\Users\username\Desktop\6145125957_b64a106ac8_b.jpg
2011-11-08 21:10 - 2011-11-08 21:11 - 3593232 ____A C:\Users\username\Downloads\intern presentaito.pptx
2011-11-08 20:20 - 2011-11-08 20:20 - 0058668 ___SH () C:\ps121v2.exe
2011-11-08 20:15 - 2011-11-08 20:15 - 0000000 ____D C:\Windows\system64
2011-11-08 20:05 - 2011-11-08 23:38 - 0000000 ____D C:\Program Files (x86)\B26A1
2011-11-08 20:05 - 2011-11-08 20:05 - 0000000 ____D C:\Program Files (x86)\LP
2011-11-08 19:29 - 2011-11-08 19:29 - 0081709 ____A C:\Users\username\Downloads\re username Tommy Sung.docx
2011-11-08 08:11 - 2011-11-08 08:11 - 0015608 ____A C:\Users\username\Desktop\username Tommy Sung.docx
2011-11-07 21:41 - 2011-11-07 22:49 - 0356209 ____A C:\Users\username\Desktop\sky.jpg
2011-11-07 20:41 - 2011-11-03 23:33 - 0000000 ____D C:\Users\username\Downloads\Reflection
2011-11-07 20:19 - 2011-11-07 20:17 - 0003584 ____A C:\Windows\System32\SilverEfexPro2FC32.dll
2011-11-07 20:18 - 2011-11-07 20:18 - 0001226 ____A C:\Users\Guest\Desktop\Nik Software Silver Efex.lnk
2011-11-07 20:18 - 2011-11-07 20:18 - 0000000 ____D C:\Program Files\Nik Software
2011-11-07 20:18 - 2011-11-07 20:18 - 0000000 ____D C:\Program Files (x86)\Nik Software Silver Efex
2011-11-07 20:09 - 2011-11-08 23:23 - 0000332 ____A C:\Windows\Tasks\At2.job
2011-11-07 20:09 - 2011-11-08 20:20 - 0000332 ____A C:\Windows\Tasks\At5.job
2011-11-07 20:09 - 2011-11-08 20:15 - 0000334 ____A C:\Windows\Tasks\At4.job
2011-11-07 20:09 - 2011-11-08 20:10 - 0000330 ____A C:\Windows\Tasks\At3.job
2011-11-07 20:09 - 2011-11-08 19:00 - 0000332 ____A C:\Windows\Tasks\At1.job
2011-11-07 19:54 - 2011-11-07 19:54 - 6358257 ____A C:\Users\username\Downloads\reflection_wallpaper_by_xhoop-d4ez7aa.rar
2011-11-07 19:47 - 2011-11-07 20:09 - 0000000 ____D C:\Users\All Users\Nik Software
2011-11-07 19:47 - 2011-11-07 20:09 - 0000000 ____D C:\ProgramData\Nik Software
2011-11-07 19:47 - 2010-11-04 16:04 - 0004608 ____A C:\Users\username\Documents\Viveza2FC64.dll
2011-11-07 10:16 - 2011-11-07 00:14 - 0487112 ____A C:\Users\username\Desktop\skysca.jpg
2011-11-07 09:53 - 2011-11-07 09:53 - 0047104 ____A C:\Users\username\Downloads\ics20fullsyl2011fall.doc
2011-11-07 08:07 - 2011-11-07 08:07 - 0012576 ____A C:\Users\username\Downloads\??????+E333+111107+MOOBI.mp4.torrent
2011-11-06 22:19 - 2011-11-06 22:19 - 0000000 ____D C:\Users\username\AppData\Roaming\Alien Skin
2011-11-06 22:19 - 2011-11-06 22:19 - 0000000 ____D C:\Users\username\AppData\Local\Alien Skin
2011-11-06 20:39 - 2011-11-07 20:16 - 0000000 ____D C:\Program Files\Alien Skin
2011-11-06 20:39 - 2011-11-07 19:48 - 0000000 ____D C:\Users\All Users\Alien Skin
2011-11-06 20:39 - 2011-11-07 19:48 - 0000000 ____D C:\ProgramData\Alien Skin
2011-11-06 20:38 - 2011-11-06 20:38 - 0000000 ____D C:\Users\username\AppData\Roaming\Nik Software
2011-11-06 20:32 - 2011-11-07 20:20 - 0004126 ____A C:\Windows\KB893803v2.log
2011-11-06 20:19 - 2011-09-28 14:39 - 0003584 ____A C:\Users\username\Desktop\ColorEfexPro4FC32.dll
2011-11-06 20:13 - 2011-11-07 20:09 - 0000000 ____D C:\Users\username\AppData\Local\Nik Software
2011-11-06 20:13 - 2011-09-28 14:39 - 0004608 ____A C:\Windows\SysWOW64\ColorEfexPro4FC64.dll
2011-11-06 19:30 - 2011-11-07 23:01 - 0000000 ____D C:\Users\username\Desktop\temp picture
2011-11-06 19:23 - 2011-11-07 12:25 - 0000000 ____D C:\Users\username\Desktop\2011 - 11 - Mission peak with dad
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Windows\MSSecurityNS
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Windows\MSSecurityNi
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Program Files (x86)\Nik Software
2011-11-06 18:46 - 2011-11-07 20:17 - 0000000 ____D C:\Program Files (x86)\Alien Skin
2011-11-06 18:44 - 2011-11-07 00:17 - 0000818 ____A C:\Users\Public\Desktop\PTGui.lnk
2011-11-06 18:44 - 2011-11-06 20:58 - 0000000 ____D C:\Users\username\AppData\Roaming\PTGui
2011-11-06 18:44 - 2011-11-06 18:44 - 0000000 ____D C:\Program Files\PTGui
2011-11-06 13:24 - 2011-11-06 13:24 - 2547712 ____A C:\Users\username\Downloads\20111014.doc
2011-11-05 18:30 - 2011-11-08 08:11 - 0015537 ____A C:\Users\username\Documents\username Tommy Sung.docx
2011-11-03 15:06 - 2011-11-03 15:06 - 0014073 ____A C:\Users\username\Desktop\creative.docx
2011-11-02 22:01 - 2011-11-02 22:02 - 0000000 ____D C:\Users\username\Downloads\winhex
2011-11-02 21:33 - 2011-11-02 21:34 - 0000000 ____D C:\Users\username\Documents\FIFA 07
2011-11-02 20:18 - 2011-11-02 20:18 - 0002020 ____A C:\Users\Public\Desktop\FIFA 07.lnk
2011-11-02 20:18 - 2011-11-02 20:18 - 0000000 ____D C:\Program Files (x86)\EA SPORTS
2011-11-02 20:17 - 2011-11-02 20:17 - 0000544 ____A C:\Windows\DirectX.log
2011-11-02 12:55 - 2011-11-07 21:56 - 0019515 ____A C:\Users\username\Desktop\Pit. Met. Spreadsheet - tommy sung nov. 2.xlsx
2011-11-02 10:20 - 2011-11-02 20:31 - 0013082 ____A C:\Users\username\Downloads\2.docx
2011-11-02 10:20 - 2011-11-02 10:20 - 0015523 ____A C:\Users\username\Desktop\1.pdf
2011-11-02 09:55 - 2011-11-05 23:25 - 0015973 ____A C:\Users\username\Desktop\Tell me about yourself.docx
2011-11-02 07:09 - 2011-11-02 07:10 - 0056320 ____A C:\Users\username\Downloads\Complete Database 9-15-11 FOR_TOMMY (2).xls
2011-11-02 07:09 - 2011-11-02 07:09 - 0054784 ____A C:\Users\username\Downloads\Complete Database 9-15-11 FOR_TOMMY (1).xls
2011-11-02 07:08 - 2011-11-02 07:08 - 0054784 ____A C:\Users\username\Downloads\Complete Database 9-15-11 FOR_TOMMY.xls
2011-11-02 07:06 - 2011-11-02 07:06 - 0016547 ____A C:\Users\username\Downloads\spreadsheet - tommy sung (1).xlsx
2011-11-01 20:05 - 2011-11-01 20:05 - 0379732 ____A C:\Users\username\Downloads\Pituitary-magnetic-resonance-imaging-for-sellar-and-parasellar-masses-Ten-year-experience-in-2598-patients_2011_Journal-of-Clinical-Endocrinology-and-Metabolism.pdf
2011-11-01 20:04 - 2011-11-01 20:15 - 0000000 ____D C:\Users\username\Downloads\Pit met study with katznelson
2011-11-01 19:06 - 2011-11-02 12:53 - 0019519 ____A C:\Users\username\Downloads\spreadsheet - tommy sung.xlsx
2011-11-01 19:06 - 2011-11-01 19:06 - 0011099 ____A C:\Users\username\Downloads\tommy username.docx
2011-11-01 18:03 - 2011-11-01 18:05 - 0004088 ____A C:\shared.log
2011-11-01 18:03 - 2011-11-01 18:03 - 0011122 ____A C:\Users\username\Documents\cc_20111101_190310.reg
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\Users\All Users\Electronic Arts
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\Users\All Users\EA Core
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\ProgramData\Electronic Arts
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\ProgramData\EA Core
2011-11-01 11:38 - 2011-11-01 11:38 - 0000762 ____A C:\Users\username\Desktop\Solive.lnk
2011-11-01 11:38 - 2011-11-01 11:38 - 0000762 ____A C:\Users\Guest\Desktop\Solive.lnk
2011-11-01 11:38 - 2011-11-01 11:38 - 0000000 ____D C:\Program Files (x86)\Solive
2011-11-01 11:37 - 2011-11-01 11:37 - 2887553 ____A C:\Users\username\Downloads\Solive_1.1.3.0_Setup.exe
2011-11-01 11:20 - 2011-11-07 10:55 - 0000000 ____D C:\Program Files (x86)\The KMPlayer
2011-11-01 11:20 - 2011-11-01 11:20 - 0001037 ____A C:\Users\username\Desktop\KMPlayer.lnk
2011-11-01 11:20 - 2011-11-01 11:20 - 0000000 ____D C:\Users\username\AppData\Local\APN
2011-11-01 11:19 - 2011-11-01 11:20 - 17795728 ____A C:\Users\username\Desktop\KMPlayer_EN_3.0.0.1442.exe
2011-11-01 11:18 - 2011-11-01 11:19 - 0300416 ____A C:\Users\username\Downloads\SoftonicDownloader_for_kmplayer.exe
2011-11-01 09:47 - 2011-11-01 09:47 - 0031258 ____A C:\Users\username\Downloads\rS8njTDy9FSA6P1.torrent
2011-11-01 09:46 - 2011-11-01 09:46 - 0031258 ____A C:\Users\username\Downloads\PtbVUIfmyQwtX98.torrent
2011-11-01 09:44 - 2011-11-01 09:45 - 0070610 ____A C:\Users\username\Downloads\h877rGzEqH.torrent
2011-10-31 10:50 - 2011-10-31 10:50 - 0022630 ____A C:\Users\username\Downloads\Mahler_The_Complete_Symphonies_Solti_FLAC.torrent
2011-10-31 10:49 - 2011-10-31 10:49 - 0093205 ____A C:\Users\username\Downloads\Richard_Wagner___The_Complete_Operas__FLAC_.torrent
2011-10-30 22:12 - 2011-11-08 18:53 - 0307634 ____A C:\Users\username\Downloads\bwrepinfow.dat
2011-10-30 20:23 - 2005-03-10 23:30 - 0364544 ____A C:\Users\username\Downloads\bwrepinfow.exe
2011-10-30 19:38 - 2011-10-30 19:38 - 0000162 ___AH C:\Users\username\Desktop\~$ading response five.docx
2011-10-30 19:38 - 2011-10-30 19:38 - 0000162 ___AH C:\Users\username\Desktop\~$ take ourserves as objects and use others.docx
2011-10-30 11:44 - 2011-10-30 11:44 - 0015523 ____A C:\Users\username\Desktop\Cover Letter - AmniSure.pdf
2011-10-30 10:54 - 2011-10-30 10:54 - 0015062 ____A C:\Users\username\Desktop\Cover Letter - ISA.pdf
2011-10-29 20:34 - 2011-10-29 20:34 - 0011672 ____A C:\Users\username\Desktop\We take ourserves as objects and use others.docx
2011-10-29 20:06 - 2011-10-31 00:49 - 0015757 ____A C:\Users\username\Desktop\Reading response five.docx
2011-10-29 20:06 - 2011-10-30 19:45 - 0012559 ____H C:\Users\username\Desktop\~WRL2821.tmp
2011-10-29 16:44 - 2011-10-30 11:45 - 0013214 ____A C:\Users\username\Desktop\Cover Letter - ISA.docx
2011-10-29 16:24 - 2011-10-29 16:24 - 0014624 ____A C:\Users\username\Downloads\Sung H cover.pdf
2011-10-29 00:37 - 2011-10-29 00:37 - 0000456 ____A C:\Users\username\Desktop\Media (D) - Shortcut.lnk
2011-10-29 00:37 - 2011-10-29 00:37 - 0000456 ____A C:\Users\username\Desktop\Media (D) - Shortcut (2).lnk
2011-10-28 22:37 - 2011-10-28 22:37 - 0000809 ____A C:\Users\username\Desktop\Design and photography - Shortcut.lnk
2011-10-28 22:37 - 2011-10-28 22:36 - 0000683 ____A C:\Users\username\Desktop\My Music - Shortcut.lnk
2011-10-28 22:15 - 2011-10-28 22:15 - 1261314 ____A C:\Users\username\Downloads\Serenity20IconPackset11-0.rar
2011-10-28 22:15 - 2011-10-28 22:15 - 0000000 ____D C:\Users\username\Downloads\Serenity Black
2011-10-28 22:09 - 2011-10-28 22:09 - 0000000 ____D C:\Users\username\Downloads\ico
2011-10-28 21:31 - 2011-10-28 21:31 - 0000000 ____D C:\Users\username\Desktop\00 writing
2011-10-27 21:07 - 2011-10-27 21:07 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-10-27 21:06 - 2011-11-08 23:54 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-10-27 21:06 - 2011-11-08 23:11 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-10-27 21:06 - 2011-10-27 21:07 - 0000000 ____D C:\Program Files (x86)\Google
2011-10-27 18:05 - 2011-10-27 18:05 - 0031979 ____A C:\Users\username\Downloads\AETNA GRANT_cc edits 26 Oct 2011.docx
2011-10-27 11:10 - 2011-10-27 11:10 - 0041538 ____A C:\Users\username\Desktop\Passport-and-Airplane-Ticket.jpg
2011-10-27 11:03 - 2011-10-27 11:03 - 1502649 ____A C:\Users\username\Desktop\daa.jpg
2011-10-24 09:44 - 2011-10-24 09:44 - 0001999 ____A C:\Users\username\Desktop\ICCup Launcher.lnk
2011-10-24 09:44 - 2011-10-24 09:44 - 0000000 ____D C:\Program Files (x86)\ICCup
2011-10-24 09:41 - 2011-11-08 18:14 - 0000000 ____D C:\Users\username\Desktop\New folder (2)
2011-10-23 23:18 - 2011-10-23 23:18 - 0140797 ____A C:\Users\username\Desktop\17.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0086263 ____A C:\Users\username\Desktop\18.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0043943 ____A C:\Users\username\Desktop\05.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0024195 ____A C:\Users\username\Desktop\02.jpg
2011-10-23 22:16 - 2011-10-31 11:12 - 0000000 ____D C:\Users\username\Desktop\2011 misc
2011-10-23 18:09 - 2011-10-23 18:09 - 0013564 ____A C:\Users\username\Downloads\ZS Associates - 2010 Fall.docx
2011-10-23 15:32 - 2011-10-30 11:44 - 0000000 ____D C:\Users\username\AppData\Local\CutePDF Writer
2011-10-23 15:28 - 2011-10-23 15:32 - 0064340 ____A C:\Users\username\Desktop\username Sung - CV.pdf
2011-10-23 15:21 - 2011-10-23 15:21 - 0011099 ____A C:\Users\username\Downloads\katz.docx
2011-10-23 15:19 - 2011-10-23 15:19 - 0015903 ____A C:\Users\username\Downloads\interview.docx
2011-10-23 14:34 - 2011-10-23 14:34 - 0079353 ____A C:\Users\username\Downloads\Perinatal nurses study new_v2.docx
2011-10-23 00:27 - 2011-10-23 00:27 - 0000000 ____D C:\Program Files (x86)\GPLGS
2011-10-23 00:27 - 2011-10-23 00:27 - 0000000 ____D C:\Program Files (x86)\Acro Software
2011-10-23 00:27 - 2009-11-05 07:40 - 0085504 ____A C:\Windows\System32\cpwmon64.dll
2011-10-22 14:09 - 2011-10-29 19:04 - 0021267 ____A C:\Users\username\Desktop\resume word (Repaired).docx
2011-10-22 12:25 - 2011-10-22 12:25 - 0000162 ___AH C:\Users\username\Downloads\~$ants more specific.docx
2011-10-22 12:18 - 2011-10-22 12:18 - 0000162 ___AH C:\Users\username\Downloads\~$p B Moms_Gilead Grant Summary_submitted.docx
2011-10-22 01:48 - 2011-10-22 01:48 - 22835446 ____A C:\Users\username\Desktop\4.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 162018242 ____A C:\Users\username\Desktop\3.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 12175540 ____A C:\Users\username\Desktop\2.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 0028650 ____A C:\Users\username\Documents\cc_20111022_024836.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 0004510 ____A C:\Users\username\Desktop\5.reg
2011-10-22 01:47 - 2011-10-22 01:47 - 47735244 ____A C:\Users\username\Desktop\1.reg
2011-10-22 01:47 - 2011-10-22 01:47 - 0000000 ____D C:\Program Files\CCleaner
2011-10-20 16:19 - 2011-10-20 16:19 - 0000000 ____D C:\Program Files (x86)\Attribute Changer
2011-10-19 21:35 - 2011-10-19 21:35 - 0009054 ____A C:\Users\username\Desktop\registry.reg
2011-10-19 16:40 - 2011-10-19 16:40 - 0037376 ____A C:\Users\username\Desktop\ss.doc
2011-10-19 15:56 - 2011-10-19 16:37 - 0037376 ____A C:\Users\username\Desktop\studyguide2011fall.doc
2011-10-19 15:16 - 2011-10-19 15:56 - 0033792 ____A C:\Users\username\Downloads\studyguide2011fall.doc


============ 3 Months Modified Files and Folders =============

2011-11-18 10:40 - 2011-11-18 10:40 - 0000000 ____D C:\FRST
2011-11-18 08:54 - 2009-07-13 20:45 - 0469984 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-09 10:26 - 2011-10-09 23:26 - 0324372 ____A C:\Windows\ntbtlog.txt
2011-11-09 09:39 - 2011-11-09 09:39 - 0000000 ___AH C:\Windows\System32\config\1.reg.LOG
2011-11-09 00:04 - 2011-10-07 20:17 - 0000000 ____D C:\Users\username\AppData\Roaming\uTorrent
2011-11-09 00:04 - 2009-07-13 20:45 - 0012416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-09 00:04 - 2009-07-13 20:45 - 0012416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-09 00:02 - 2011-11-09 00:02 - 0001150 ____A C:\Users\username\Downloads\wscsvc(64).zip
2011-11-09 00:02 - 2011-01-26 11:11 - 0005256 ____A C:\Users\username\Downloads\wscsvc.reg
2011-11-08 23:59 - 2011-11-08 23:59 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2011-11-08 23:59 - 2011-11-08 23:23 - 0000000 ____D C:\Users\username\Downloads\backups
2011-11-08 23:58 - 2009-07-13 21:13 - 0717892 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-08 23:57 - 2011-11-08 23:57 - 0023112 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2011-11-08 23:55 - 2011-11-08 23:55 - 0003608 ____A C:\Users\username\Downloads\Hitman_Pro_3.5.9_(x64)_[Hyperdrive25].6496995.TPB.torrent
2011-11-08 23:54 - 2011-10-27 21:06 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-11-08 23:54 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-08 23:54 - 2009-07-13 20:51 - 0024133 ____A C:\Windows\setupact.log
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\WORK
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Windows\XSxS
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Users\username\AppData\Local\Hitman Pro Portable MonbJIan
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Program Files (x86)\Ashampoo Snap
2011-11-08 23:52 - 2011-10-07 23:15 - 0000000 ____D C:\Users\username\AppData\Roaming\.purple
2011-11-08 23:49 - 2011-11-08 23:49 - 0010965 ____A C:\Users\username\Downloads\Hitman_Pro_3.5.9_126_Portable.6536291.TPB.torrent
2011-11-08 23:49 - 2011-11-08 23:38 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-08 23:49 - 2011-11-08 23:38 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-08 23:39 - 2011-11-08 23:38 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-08 23:38 - 2011-11-08 23:38 - 0001260 ____A C:\Users\username\Desktop\Spybot - Search & Destroy.lnk
2011-11-08 23:38 - 2011-11-08 20:05 - 0000000 ____D C:\Program Files (x86)\B26A1
2011-11-08 23:32 - 2011-10-07 23:35 - 0006104 ____A C:\Windows\PFRO.log
2011-11-08 23:32 - 2011-10-07 20:51 - 0000000 ____D C:\Program Files (x86)\SpeedFan
2011-11-08 23:30 - 2011-11-08 23:30 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\Users\username\AppData\Roaming\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:29 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-08 23:29 - 2011-11-08 23:29 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\username\Downloads\mbam-setup.exe
2011-11-08 23:25 - 2011-10-07 20:00 - 0259793 ____A C:\Windows\WindowsUpdate.log
2011-11-08 23:23 - 2011-11-07 20:09 - 0000332 ____A C:\Windows\Tasks\At2.job
2011-11-08 23:22 - 2011-11-08 23:22 - 0388608 ____A (Trend Micro Inc.) C:\Users\username\Downloads\HijackThis.exe
2011-11-08 23:19 - 2011-10-07 20:09 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-702309957-51003666-891671904-1000UA.job
2011-11-08 23:19 - 2011-10-07 20:09 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-702309957-51003666-891671904-1000Core.job
2011-11-08 23:11 - 2011-10-27 21:06 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-11-08 22:58 - 2011-11-08 22:45 - 0431811 ____A C:\Users\username\Downloads\6327614879_344b291a59_b.jpg
2011-11-08 22:49 - 2011-11-08 22:48 - 0312747 ____A C:\Users\username\Downloads\6321039545_a216077a96_b.jpg
2011-11-08 22:41 - 2011-11-08 22:41 - 0570976 ____A C:\Users\username\Desktop\1.jpg
2011-11-08 22:34 - 2011-11-08 22:27 - 0473136 ____A C:\Users\username\Desktop\6168961276_02e7f9572c_b.jpg
2011-11-08 22:25 - 2011-11-08 22:25 - 0012363 ____A C:\Users\username\Downloads\Tommy Sung.docx
2011-11-08 22:12 - 2011-11-08 22:10 - 0360290 ____A C:\Users\username\Desktop\6145125957_b64a106ac8_b.jpg
2011-11-08 21:11 - 2011-11-08 21:10 - 3593232 ____A C:\Users\username\Downloads\intern presentaito.pptx
2011-11-08 20:20 - 2011-11-08 20:20 - 0058668 ___SH () C:\ps121v2.exe
2011-11-08 20:20 - 2011-11-07 20:09 - 0000332 ____A C:\Windows\Tasks\At5.job
2011-11-08 20:15 - 2011-11-08 20:15 - 0000000 ____D C:\Windows\system64
2011-11-08 20:15 - 2011-11-07 20:09 - 0000334 ____A C:\Windows\Tasks\At4.job
2011-11-08 20:10 - 2011-11-07 20:09 - 0000330 ____A C:\Windows\Tasks\At3.job
2011-11-08 20:05 - 2011-11-08 20:05 - 0000000 ____D C:\Program Files (x86)\LP
2011-11-08 19:29 - 2011-11-08 19:29 - 0081709 ____A C:\Users\username\Downloads\re username Tommy Sung.docx
2011-11-08 19:00 - 2011-11-07 20:09 - 0000332 ____A C:\Windows\Tasks\At1.job
2011-11-08 18:53 - 2011-10-30 22:12 - 0307634 ____A C:\Users\username\Downloads\bwrepinfow.dat
2011-11-08 18:14 - 2011-10-24 09:41 - 0000000 ____D C:\Users\username\Desktop\New folder (2)
2011-11-08 08:11 - 2011-11-08 08:11 - 0015608 ____A C:\Users\username\Desktop\username Tommy Sung.docx
2011-11-08 08:11 - 2011-11-05 18:30 - 0015537 ____A C:\Users\username\Documents\username Tommy Sung.docx
2011-11-07 23:01 - 2011-11-06 19:30 - 0000000 ____D C:\Users\username\Desktop\temp picture
2011-11-07 22:49 - 2011-11-07 21:41 - 0356209 ____A C:\Users\username\Desktop\sky.jpg
2011-11-07 21:56 - 2011-11-02 12:55 - 0019515 ____A C:\Users\username\Desktop\Pit. Met. Spreadsheet - tommy sung nov. 2.xlsx
2011-11-07 20:20 - 2011-11-06 20:32 - 0004126 ____A C:\Windows\KB893803v2.log
2011-11-07 20:18 - 2011-11-07 20:18 - 0001226 ____A C:\Users\Guest\Desktop\Nik Software Silver Efex.lnk
2011-11-07 20:18 - 2011-11-07 20:18 - 0000000 ____D C:\Program Files\Nik Software
2011-11-07 20:18 - 2011-11-07 20:18 - 0000000 ____D C:\Program Files (x86)\Nik Software Silver Efex
2011-11-07 20:17 - 2011-11-07 20:19 - 0003584 ____A C:\Windows\System32\SilverEfexPro2FC32.dll
2011-11-07 20:17 - 2011-11-06 18:46 - 0000000 ____D C:\Program Files (x86)\Alien Skin
2011-11-07 20:17 - 2011-02-21 13:17 - 0004608 ____A C:\Windows\System32\SilverEfexPro2FC64.dll
2011-11-07 20:16 - 2011-11-06 20:39 - 0000000 ____D C:\Program Files\Alien Skin
2011-11-07 20:09 - 2011-11-07 19:47 - 0000000 ____D C:\Users\All Users\Nik Software
2011-11-07 20:09 - 2011-11-07 19:47 - 0000000 ____D C:\ProgramData\Nik Software
2011-11-07 20:09 - 2011-11-06 20:13 - 0000000 ____D C:\Users\username\AppData\Local\Nik Software
2011-11-07 19:54 - 2011-11-07 19:54 - 6358257 ____A C:\Users\username\Downloads\reflection_wallpaper_by_xhoop-d4ez7aa.rar
2011-11-07 19:48 - 2011-11-06 20:39 - 0000000 ____D C:\Users\All Users\Alien Skin
2011-11-07 19:48 - 2011-11-06 20:39 - 0000000 ____D C:\ProgramData\Alien Skin
2011-11-07 12:25 - 2011-11-06 19:23 - 0000000 ____D C:\Users\username\Desktop\2011 - 11 - Mission peak with dad
2011-11-07 10:55 - 2011-11-01 11:20 - 0000000 ____D C:\Program Files (x86)\The KMPlayer
2011-11-07 09:53 - 2011-11-07 09:53 - 0047104 ____A C:\Users\username\Downloads\ics20fullsyl2011fall.doc
2011-11-07 08:07 - 2011-11-07 08:07 - 0012576 ____A C:\Users\username\Downloads\??????+E333+111107+MOOBI.mp4.torrent
2011-11-07 00:17 - 2011-11-06 18:44 - 0000818 ____A C:\Users\Public\Desktop\PTGui.lnk
2011-11-07 00:14 - 2011-11-07 10:16 - 0487112 ____A C:\Users\username\Desktop\skysca.jpg
2011-11-06 22:19 - 2011-11-06 22:19 - 0000000 ____D C:\Users\username\AppData\Roaming\Alien Skin
2011-11-06 22:19 - 2011-11-06 22:19 - 0000000 ____D C:\Users\username\AppData\Local\Alien Skin
2011-11-06 20:58 - 2011-11-06 18:44 - 0000000 ____D C:\Users\username\AppData\Roaming\PTGui
2011-11-06 20:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2011-11-06 20:39 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-11-06 20:38 - 2011-11-06 20:38 - 0000000 ____D C:\Users\username\AppData\Roaming\Nik Software
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Windows\MSSecurityNS
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Windows\MSSecurityNi
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Program Files (x86)\Nik Software
2011-11-06 18:44 - 2011-11-06 18:44 - 0000000 ____D C:\Program Files\PTGui
2011-11-06 13:24 - 2011-11-06 13:24 - 2547712 ____A C:\Users\username\Downloads\20111014.doc
2011-11-05 23:53 - 2011-10-09 17:11 - 0000000 ____D C:\Users\username\AppData\Local\Adobe
2011-11-05 23:47 - 2011-10-07 22:35 - 0000000 ____D C:\Users\username\Desktop\foobar2000
2011-11-05 23:25 - 2011-11-02 09:55 - 0015973 ____A C:\Users\username\Desktop\Tell me about yourself.docx
2011-11-05 22:54 - 2011-10-07 22:35 - 0000168 ____A C:\Users\All Users\GeorgeYohngVST.ini
2011-11-05 22:54 - 2011-10-07 22:35 - 0000168 ____A C:\ProgramData\GeorgeYohngVST.ini
2011-11-03 23:33 - 2011-11-07 20:41 - 0000000 ____D C:\Users\username\Downloads\Reflection
2011-11-03 15:06 - 2011-11-03 15:06 - 0014073 ____A C:\Users\username\Desktop\creative.docx
2011-11-02 22:02 - 2011-11-02 22:01 - 0000000 ____D C:\Users\username\Downloads\winhex
2011-11-02 21:34 - 2011-11-02 21:33 - 0000000 ____D C:\Users\username\Documents\FIFA 07
2011-11-02 20:31 - 2011-11-02 10:20 - 0013082 ____A C:\Users\username\Downloads\2.docx
2011-11-02 20:18 - 2011-11-02 20:18 - 0002020 ____A C:\Users\Public\Desktop\FIFA 07.lnk
2011-11-02 20:18 - 2011-11-02 20:18 - 0000000 ____D C:\Program Files (x86)\EA SPORTS
2011-11-02 20:17 - 2011-11-02 20:17 - 0000544 ____A C:\Windows\DirectX.log
2011-11-02 12:53 - 2011-11-01 19:06 - 0019519 ____A C:\Users\username\Downloads\spreadsheet - tommy sung.xlsx
2011-11-02 10:20 - 2011-11-02 10:20 - 0015523 ____A C:\Users\username\Desktop\1.pdf
2011-11-02 07:10 - 2011-11-02 07:09 - 0056320 ____A C:\Users\username\Downloads\Complete Database 9-15-11 FOR_TOMMY (2).xls
2011-11-02 07:09 - 2011-11-02 07:09 - 0054784 ____A C:\Users\username\Downloads\Complete Database 9-15-11 FOR_TOMMY (1).xls
2011-11-02 07:08 - 2011-11-02 07:08 - 0054784 ____A C:\Users\username\Downloads\Complete Database 9-15-11 FOR_TOMMY.xls
2011-11-02 07:06 - 2011-11-02 07:06 - 0016547 ____A C:\Users\username\Downloads\spreadsheet - tommy sung (1).xlsx
2011-11-01 21:00 - 2011-10-09 20:19 - 0000000 ____D C:\Users\username\Downloads\wind2
2011-11-01 20:15 - 2011-11-01 20:04 - 0000000 ____D C:\Users\username\Downloads\Pit met study with katznelson
2011-11-01 20:05 - 2011-11-01 20:05 - 0379732 ____A C:\Users\username\Downloads\Pituitary-magnetic-resonance-imaging-for-sellar-and-parasellar-masses-Ten-year-experience-in-2598-patients_2011_Journal-of-Clinical-Endocrinology-and-Metabolism.pdf
2011-11-01 19:06 - 2011-11-01 19:06 - 0011099 ____A C:\Users\username\Downloads\tommy username.docx
2011-11-01 18:05 - 2011-11-01 18:03 - 0004088 ____A C:\shared.log
2011-11-01 18:03 - 2011-11-01 18:03 - 0011122 ____A C:\Users\username\Documents\cc_20111101_190310.reg
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\Users\All Users\Electronic Arts
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\Users\All Users\EA Core
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\ProgramData\Electronic Arts
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\ProgramData\EA Core
2011-11-01 11:38 - 2011-11-01 11:38 - 0000762 ____A C:\Users\username\Desktop\Solive.lnk
2011-11-01 11:38 - 2011-11-01 11:38 - 0000762 ____A C:\Users\Guest\Desktop\Solive.lnk
2011-11-01 11:38 - 2011-11-01 11:38 - 0000000 ____D C:\Program Files (x86)\Solive
2011-11-01 11:37 - 2011-11-01 11:37 - 2887553 ____A C:\Users\username\Downloads\Solive_1.1.3.0_Setup.exe
2011-11-01 11:20 - 2011-11-01 11:20 - 0001037 ____A C:\Users\username\Desktop\KMPlayer.lnk
2011-11-01 11:20 - 2011-11-01 11:20 - 0000000 ____D C:\Users\username\AppData\Local\APN
2011-11-01 11:20 - 2011-11-01 11:19 - 17795728 ____A C:\Users\username\Desktop\KMPlayer_EN_3.0.0.1442.exe
2011-11-01 11:20 - 2011-10-07 20:00 - 0000000 ____D C:\Users\username\AppData\LocalLow
2011-11-01 11:19 - 2011-11-01 11:18 - 0300416 ____A C:\Users\username\Downloads\SoftonicDownloader_for_kmplayer.exe
2011-11-01 09:47 - 2011-11-01 09:47 - 0031258 ____A C:\Users\username\Downloads\rS8njTDy9FSA6P1.torrent
2011-11-01 09:46 - 2011-11-01 09:46 - 0031258 ____A C:\Users\username\Downloads\PtbVUIfmyQwtX98.torrent
2011-11-01 09:45 - 2011-11-01 09:44 - 0070610 ____A C:\Users\username\Downloads\h877rGzEqH.torrent
2011-10-31 11:12 - 2011-10-23 22:16 - 0000000 ____D C:\Users\username\Desktop\2011 misc
2011-10-31 10:50 - 2011-10-31 10:50 - 0022630 ____A C:\Users\username\Downloads\Mahler_The_Complete_Symphonies_Solti_FLAC.torrent
2011-10-31 10:49 - 2011-10-31 10:49 - 0093205 ____A C:\Users\username\Downloads\Richard_Wagner___The_Complete_Operas__FLAC_.torrent
2011-10-31 00:49 - 2011-10-29 20:06 - 0015757 ____A C:\Users\username\Desktop\Reading response five.docx
2011-10-30 19:45 - 2011-10-29 20:06 - 0012559 ____H C:\Users\username\Desktop\~WRL2821.tmp
2011-10-30 19:38 - 2011-10-30 19:38 - 0000162 ___AH C:\Users\username\Desktop\~$ading response five.docx
2011-10-30 19:38 - 2011-10-30 19:38 - 0000162 ___AH C:\Users\username\Desktop\~$ take ourserves as objects and use others.docx
2011-10-30 17:19 - 2011-10-07 20:10 - 0002398 ____A C:\Users\username\Desktop\Google Chrome.lnk
2011-10-30 11:45 - 2011-10-29 16:44 - 0013214 ____A C:\Users\username\Desktop\Cover Letter - ISA.docx
2011-10-30 11:44 - 2011-10-30 11:44 - 0015523 ____A C:\Users\username\Desktop\Cover Letter - AmniSure.pdf
2011-10-30 11:44 - 2011-10-23 15:32 - 0000000 ____D C:\Users\username\AppData\Local\CutePDF Writer
2011-10-30 10:54 - 2011-10-30 10:54 - 0015062 ____A C:\Users\username\Desktop\Cover Letter - ISA.pdf
2011-10-29 20:34 - 2011-10-29 20:34 - 0011672 ____A C:\Users\username\Desktop\We take ourserves as objects and use others.docx
2011-10-29 19:04 - 2011-10-22 14:09 - 0021267 ____A C:\Users\username\Desktop\resume word (Repaired).docx
2011-10-29 16:24 - 2011-10-29 16:24 - 0014624 ____A C:\Users\username\Downloads\Sung H cover.pdf
2011-10-29 00:37 - 2011-10-29 00:37 - 0000456 ____A C:\Users\username\Desktop\Media (D) - Shortcut.lnk
2011-10-29 00:37 - 2011-10-29 00:37 - 0000456 ____A C:\Users\username\Desktop\Media (D) - Shortcut (2).lnk
2011-10-28 23:57 - 2011-10-17 17:02 - 0000000 ____D C:\Users\username\Downloads\wind 5
2011-10-28 22:37 - 2011-10-28 22:37 - 0000809 ____A C:\Users\username\Desktop\Design and photography - Shortcut.lnk
2011-10-28 22:36 - 2011-10-28 22:37 - 0000683 ____A C:\Users\username\Desktop\My Music - Shortcut.lnk
2011-10-28 22:15 - 2011-10-28 22:15 - 1261314 ____A C:\Users\username\Downloads\Serenity20IconPackset11-0.rar
2011-10-28 22:15 - 2011-10-28 22:15 - 0000000 ____D C:\Users\username\Downloads\Serenity Black
2011-10-28 22:09 - 2011-10-28 22:09 - 0000000 ____D C:\Users\username\Downloads\ico
2011-10-28 21:31 - 2011-10-28 21:31 - 0000000 ____D C:\Users\username\Desktop\00 writing
2011-10-28 18:14 - 2009-07-13 21:08 - 0032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-27 21:07 - 2011-10-27 21:07 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-10-27 21:07 - 2011-10-27 21:06 - 0000000 ____D C:\Program Files (x86)\Google
2011-10-27 21:07 - 2011-10-07 20:09 - 0000000 ____D C:\Users\username\AppData\Local\Google
2011-10-27 18:05 - 2011-10-27 18:05 - 0031979 ____A C:\Users\username\Downloads\AETNA GRANT_cc edits 26 Oct 2011.docx
2011-10-27 11:10 - 2011-10-27 11:10 - 0041538 ____A C:\Users\username\Desktop\Passport-and-Airplane-Ticket.jpg
2011-10-27 11:10 - 2011-10-17 20:51 - 0001456 ____A C:\Users\username\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-10-27 11:03 - 2011-10-27 11:03 - 1502649 ____A C:\Users\username\Desktop\daa.jpg
2011-10-25 00:31 - 2011-10-08 09:31 - 0000000 ____D C:\Users\username\Downloads\Wind
2011-10-24 09:44 - 2011-10-24 09:44 - 0001999 ____A C:\Users\username\Desktop\ICCup Launcher.lnk
2011-10-24 09:44 - 2011-10-24 09:44 - 0000000 ____D C:\Program Files (x86)\ICCup
2011-10-23 23:18 - 2011-10-23 23:18 - 0140797 ____A C:\Users\username\Desktop\17.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0086263 ____A C:\Users\username\Desktop\18.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0043943 ____A C:\Users\username\Desktop\05.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0024195 ____A C:\Users\username\Desktop\02.jpg
2011-10-23 18:09 - 2011-10-23 18:09 - 0013564 ____A C:\Users\username\Downloads\ZS Associates - 2010 Fall.docx
2011-10-23 15:32 - 2011-10-23 15:28 - 0064340 ____A C:\Users\username\Desktop\username Sung - CV.pdf
2011-10-23 15:21 - 2011-10-23 15:21 - 0011099 ____A C:\Users\username\Downloads\katz.docx
2011-10-23 15:19 - 2011-10-23 15:19 - 0015903 ____A C:\Users\username\Downloads\interview.docx
2011-10-23 14:34 - 2011-10-23 14:34 - 0079353 ____A C:\Users\username\Downloads\Perinatal nurses study new_v2.docx
2011-10-23 00:27 - 2011-10-23 00:27 - 0000000 ____D C:\Program Files (x86)\GPLGS
2011-10-23 00:27 - 2011-10-23 00:27 - 0000000 ____D C:\Program Files (x86)\Acro Software
2011-10-22 22:35 - 2011-10-10 08:37 - 0016916 ____A C:\Users\username\Desktop\Affect yes usage of brain.docx
2011-10-22 21:05 - 2011-10-10 08:37 - 0015723 ____H C:\Users\username\Desktop\~WRL0004.tmp
2011-10-22 20:14 - 2011-10-09 20:21 - 0000000 ____D C:\Users\username\Downloads\big
2011-10-22 12:49 - 2011-10-10 08:37 - 0015293 ____H C:\Users\username\Desktop\~WRL3894.tmp
2011-10-22 12:25 - 2011-10-22 12:25 - 0000162 ___AH C:\Users\username\Downloads\~$ants more specific.docx
2011-10-22 12:18 - 2011-10-22 12:18 - 0000162 ___AH C:\Users\username\Downloads\~$p B Moms_Gilead Grant Summary_submitted.docx
2011-10-22 01:48 - 2011-11-09 09:02 - 22835446 ____A C:\Windows\System32\config\4.reg
2011-10-22 01:48 - 2011-11-09 09:02 - 162018242 ____A C:\Windows\System32\config\3.reg
2011-10-22 01:48 - 2011-11-09 09:02 - 12175540 ____A C:\Windows\System32\config\2.reg
2011-10-22 01:48 - 2011-11-09 09:02 - 0004510 ____A C:\Windows\System32\config\5.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 22835446 ____A C:\Users\username\Desktop\4.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 162018242 ____A C:\Users\username\Desktop\3.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 12175540 ____A C:\Users\username\Desktop\2.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 0028650 ____A C:\Users\username\Documents\cc_20111022_024836.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 0004510 ____A C:\Users\username\Desktop\5.reg
2011-10-22 01:47 - 2011-11-09 09:02 - 47735244 ____A C:\Windows\System32\config\1.reg
2011-10-22 01:47 - 2011-10-22 01:47 - 47735244 ____A C:\Users\username\Desktop\1.reg
2011-10-22 01:47 - 2011-10-22 01:47 - 0000000 ____D C:\Program Files\CCleaner
2011-10-20 16:19 - 2011-10-20 16:19 - 0000000 ____D C:\Program Files (x86)\Attribute Changer
2011-10-19 21:35 - 2011-10-19 21:35 - 0009054 ____A C:\Users\username\Desktop\registry.reg
2011-10-19 16:40 - 2011-10-19 16:40 - 0037376 ____A C:\Users\username\Desktop\ss.doc
2011-10-19 16:37 - 2011-10-19 15:56 - 0037376 ____A C:\Users\username\Desktop\studyguide2011fall.doc
2011-10-19 15:56 - 2011-10-19 15:16 - 0033792 ____A C:\Users\username\Downloads\studyguide2011fall.doc
2011-10-18 21:16 - 2011-10-15 11:26 - 0000000 ____D C:\Program Files\Adobe
2011-10-18 21:13 - 2011-10-09 17:11 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-10-18 21:00 - 2011-10-15 11:35 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-10-18 21:00 - 2011-10-09 17:11 - 0000000 ____D C:\Users\All Users\Adobe
2011-10-18 21:00 - 2011-10-09 17:11 - 0000000 ____D C:\ProgramData\Adobe
2011-10-18 20:52 - 2011-10-07 20:18 - 0000000 ____D C:\Users\username\AppData\Roaming\Adobe
2011-10-18 10:23 - 2011-10-18 10:23 - 2787974 ____A C:\Users\username\Desktop\receipt.pdf
2011-10-17 20:51 - 2011-10-17 20:47 - 0342238 ____A C:\Users\username\Desktop\receipt.jpg
2011-10-17 17:49 - 2011-10-14 20:14 - 0000000 ____D C:\Users\username\Downloads\wind4
2011-10-17 17:11 - 2011-10-17 17:11 - 0000000 ____D C:\Users\username\Downloads\CuBe'D WaLL
2011-10-16 12:00 - 2011-10-16 12:00 - 0012356 ____A C:\Users\username\Desktop\notes.docx
2011-10-15 11:36 - 2011-10-15 11:36 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2011-10-15 11:36 - 2011-10-15 11:36 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2011-10-15 11:34 - 2011-10-15 11:34 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-10-15 11:34 - 2011-10-15 11:34 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-10-15 11:27 - 2011-10-07 20:09 - 0109424 ____A C:\Users\username\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-14 23:31 - 2011-10-14 23:31 - 0000000 ____D C:\Program Files (x86)\Resource Hacker
2011-10-14 23:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-10-14 22:58 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2011-10-14 20:31 - 2011-10-14 18:29 - 0000000 ____D C:\Users\username\Downloads\wind3
2011-10-14 20:08 - 2011-10-14 20:08 - 0000676 ____A C:\Users\username\Desktop\RealTemp.lnk
2011-10-13 20:37 - 2011-10-13 20:37 - 0063838 ____A C:\Users\username\Downloads\Sung H Resume.pdf
2011-10-11 14:24 - 2011-10-10 08:37 - 0012063 ____H C:\Users\username\Desktop\~WRL2986.tmp
2011-10-11 02:53 - 2011-10-11 02:53 - 0001134 ____A C:\Users\username\Desktop\Daum ????? (?? ??).lnk
2011-10-11 02:53 - 2011-10-11 02:53 - 0001134 ____A C:\Users\Guest\Desktop\Daum ????? (?? ??).lnk
2011-10-11 02:53 - 2011-10-11 02:53 - 0000000 ____D C:\Users\username\AppData\Roaming\PotPlayer
2011-10-11 02:53 - 2011-10-11 02:53 - 0000000 ____D C:\Users\username\AppData\Local\Daum
2011-10-11 02:53 - 2011-10-11 02:53 - 0000000 ____D C:\Program Files (x86)\DAUM
2011-10-10 18:19 - 2011-10-10 18:19 - 0002078 ____A C:\Users\Public\Desktop\SSDlife Free.lnk
2011-10-10 18:19 - 2011-10-10 18:19 - 0000000 ____D C:\Users\All Users\Binarysense
2011-10-10 18:19 - 2011-10-10 18:19 - 0000000 ____D C:\ProgramData\Binarysense
2011-10-10 18:19 - 2011-10-10 18:19 - 0000000 ____D C:\Program Files (x86)\BinarySense
2011-10-10 08:37 - 2011-10-10 08:37 - 0000162 ___AH C:\Users\username\Desktop\~$fect yes usage of brain.docx
2011-10-09 23:24 - 2011-10-09 23:06 - 0000000 ____D C:\Windows\pss
2011-10-09 20:26 - 2011-10-09 20:26 - 0000000 ____D C:\Users\username\Downloads\Alluminate Wood Pack
2011-10-09 20:00 - 2011-10-09 20:00 - 0000000 ____D C:\Users\username\Documents\OneNote Notebooks
2011-10-09 17:12 - 2011-10-09 17:12 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-10-09 16:08 - 2011-10-09 16:08 - 0000000 ____D C:\Users\username\Documents\Amendments
2011-10-09 15:40 - 2011-10-09 15:40 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-09 15:40 - 2011-10-09 15:40 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-10-09 15:40 - 2011-10-09 15:40 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-09 15:01 - 2011-10-09 15:01 - 0730638 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-10-09 14:59 - 2011-10-09 14:59 - 0000000 ____D C:\Program Files (x86)\PowerISO
2011-10-09 14:59 - 2011-10-09 14:57 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-10-09 14:59 - 2011-10-09 14:57 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-10-09 14:58 - 2011-10-09 14:58 - 0000000 ____D C:\Windows\PCHEALTH
2011-10-09 14:58 - 2011-10-09 14:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2011-10-09 14:58 - 2011-10-09 14:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2011-10-09 14:58 - 2011-10-09 14:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-10-09 14:58 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2011-10-09 14:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2011-10-09 14:57 - 2011-10-09 14:57 - 0000000 __RHD C:\MSOCache
2011-10-09 14:57 - 2011-10-09 14:57 - 0000000 ____D C:\Users\username\AppData\Local\Microsoft Help
2011-10-09 14:57 - 2011-10-09 14:57 - 0000000 ____D C:\Program Files\Microsoft Office
2011-10-09 14:57 - 2011-10-09 14:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2011-10-09 14:57 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2011-10-09 14:42 - 2011-10-07 21:27 - 0058144 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-09 14:42 - 2011-10-07 21:27 - 0000000 ____D C:\Users\Guest\AppData\Local\Deployment
2011-10-09 10:25 - 2011-10-09 10:25 - 0001123 ____A C:\Users\Public\Desktop\GOM Player.lnk
2011-10-09 10:25 - 2011-10-09 10:25 - 0000000 ____D C:\Users\username\AppData\Roaming\GRETECH
2011-10-09 10:25 - 2011-10-09 10:25 - 0000000 ____D C:\Program Files (x86)\GRETECH
2011-10-08 10:15 - 2011-10-08 10:15 - 0000000 ____D C:\Users\username\Documents\bwchart
2011-10-08 00:20 - 2011-10-08 00:20 - 0000000 ____D C:\Windows\W7SBC
2011-10-07 23:13 - 2011-10-07 23:13 - 0000000 ____D C:\Program Files (x86)\Pidgin
2011-10-07 22:41 - 2011-10-07 22:41 - 0000000 ____D C:\Users\username\Desktop\wall
2011-10-07 22:36 - 2011-10-07 22:36 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2011-10-07 22:35 - 2011-10-07 22:35 - 0415759 ____A C:\Users\username\Downloads\ASIO4ALL_2_10_English.exe
2011-10-07 22:04 - 2011-10-07 22:04 - 0000000 ____D C:\Program Files (x86)\Intel
2011-10-07 21:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Registration
2011-10-07 21:34 - 2011-10-07 21:34 - 0001543 ____A C:\Users\Guest\Desktop\iexplore.lnk
2011-10-07 21:27 - 2011-10-07 21:27 - 0000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0
2011-10-07 21:27 - 2011-10-07 21:15 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2011-10-07 21:15 - 2011-10-07 21:15 - 0000174 ___SH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2011-10-07 21:15 - 2011-10-07 21:15 - 0000174 ___SH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-10-07 21:15 - 2011-10-07 21:15 - 0000020 ___SH C:\Users\Guest\ntuser.ini
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Templates
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Start Menu
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\PrintHood
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\NetHood
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\My Documents
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 ____D C:\users\Guest
2011-10-07 21:15 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2011-10-07 20:51 - 2011-10-07 20:51 - 0001003 ____A C:\Users\username\Desktop\SpeedFan.lnk
2011-10-07 20:51 - 2011-10-07 20:51 - 0000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2011-10-07 20:50 - 2011-10-07 20:50 - 0000000 ____D C:\Users\username\Desktop\New folder
2011-10-07 20:48 - 2011-10-07 20:48 - 0000000 ____D C:\Program Files\CPUID
2011-10-07 20:36 - 2011-10-07 20:36 - 0008192 _RASH C:\BOOTSECT.BAK
2011-10-07 20:36 - 2009-07-13 21:38 - 0025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2011-10-07 20:36 - 2009-07-13 21:32 - 0028672 ____A C:\Windows\System32\config\BCD-Template
2011-10-07 20:35 - 2011-10-07 20:35 - 0000000 ___AH C:\Users\username\Documents\Default.rdp
2011-10-07 20:22 - 2011-10-07 20:22 - 0000000 ____D C:\Program Files\7-Zip
2011-10-07 20:18 - 2011-10-07 20:18 - 0000000 ____D C:\Users\username\AppData\Roaming\Macromedia
2011-10-07 20:17 - 2011-10-07 20:17 - 0000000 ____D C:\Users\username\AppData\Local\uTorrent
2011-10-07 20:17 - 2011-10-07 20:17 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-10-07 20:12 - 2011-10-07 20:12 - 0000017 ____A C:\Users\username\AppData\Local\resmon.resmoncfg
2011-10-07 20:09 - 2011-10-07 20:09 - 0000000 ____D C:\Users\username\AppData\Local\Deployment
2011-10-07 20:09 - 2011-10-07 20:09 - 0000000 ____D C:\Users\username\AppData\Local\Apps\2.0
2011-10-07 20:00 - 2011-10-07 20:00 - 0000174 ___SH C:\Users\username\Start Menu\Programs\Startup\desktop.ini
2011-10-07 20:00 - 2011-10-07 20:00 - 0000174 ___SH C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-10-07 20:00 - 2011-10-07 20:00 - 0000020 ___SH C:\Users\username\ntuser.ini
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\Templates
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\Start Menu
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\PrintHood
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\NetHood
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\My Documents
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\Documents\My Videos
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\Documents\My Pictures
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\Documents\My Music
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\AppData\Local\Temporary Internet Files
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\username\AppData\Local\History
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 ____D C:\Users\username\AppData\Local\VirtualStore
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 ____D C:\users\username
2011-10-07 19:59 - 2011-10-07 20:36 - 0000000 ____D C:\Windows\Panther
2011-10-07 19:59 - 2011-10-07 19:59 - 0000000 __SHD C:\Recovery
2011-10-07 19:59 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-10-07 19:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-10-07 19:56 - 2009-07-13 21:01 - 0042049 ____A C:\Windows\SysWOW64\license.rtf
2011-10-07 19:56 - 2009-07-13 21:01 - 0042049 ____A C:\Windows\System32\license.rtf
2011-10-07 19:55 - 2011-10-07 19:55 - 0001313 ____A C:\Windows\TSSysprep.log
2011-10-07 19:55 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\CSC
2011-10-07 19:55 - 2009-07-13 20:46 - 0001774 ____A C:\Windows\DtcInstall.log
2011-10-07 19:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2011-10-07 19:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-09-28 14:39 - 2011-11-06 20:19 - 0003584 ____A C:\Users\username\Desktop\ColorEfexPro4FC32.dll
2011-09-28 14:39 - 2011-11-06 20:13 - 0004608 ____A C:\Windows\SysWOW64\ColorEfexPro4FC64.dll
2011-09-27 22:27 - 2011-10-09 17:09 - 3578397 ____A C:\Users\username\Desktop\Gendered Lives- Communication, Gender and Culture 9th - Wood.pdf
2011-09-22 08:31 - 2011-09-22 08:31 - 0354816 ____A C:\Windows\System32\ColorEfexPro4FC64.dll
2011-09-22 08:31 - 2011-09-22 08:31 - 0326144 ____A C:\Windows\SysWOW64\ColorEfexPro4FC32.dll
2011-09-22 08:30 - 2011-09-22 08:30 - 0066560 ____A (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2011-08-31 17:00 - 2011-11-08 23:29 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4013.18 MB
Available physical RAM: 3477.2 MB
Total Pagefile: 4011.33 MB
Available Pagefile: 3462.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (System) (Fixed) (Total:149.05 GB) (Free:117.8 GB) NTFS ==>[Boot] ==>[OS]
2 Drive d: () (Fixed) (Total:71.25 GB) (Free:5.24 GB) NTFS ==>[OS]
3 Drive e: (OTLPE) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB

Partition 1
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C System NTFS Partition 149 GB Healthy

==========================================================

Last Boot: 2011-10-07 19:54

======================= End Of Log ==========================

Edited by Farbar, 03 July 2012 - 02:06 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:47 AM

Posted 18 November 2011 - 02:14 AM

Well done.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2011-11-07 20:09 - 2011-11-08 23:23 - 0000332 ____A C:\Windows\Tasks\At2.job
2011-11-07 20:09 - 2011-11-08 20:20 - 0000332 ____A C:\Windows\Tasks\At5.job
2011-11-07 20:09 - 2011-11-08 20:15 - 0000334 ____A C:\Windows\Tasks\At4.job
2011-11-07 20:09 - 2011-11-08 20:10 - 0000330 ____A C:\Windows\Tasks\At3.job
2011-11-07 20:09 - 2011-11-08 19:00 - 0000332 ____A C:\Windows\Tasks\At1.job
2011-11-08 20:20 - 2011-11-08 20:20 - 0058668 ___SH () C:\ps121v2.exe
cmd: del /a/f/q c:\Windows\Tasks\at*.job
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart and let it boot normally. Tell me how it went.

#9 shoenberg3

shoenberg3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 18 November 2011 - 03:57 AM

hello, maybe I did something wrong but the reboot was unsuccesful and I got this fixlog:


Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.9)
Ran by SYSTEM at 2011-11-18 16:50:31 R:1
Running from F:\

==============================================

2011-11-07 2009 - 2011-11-08 2323 - 0000332 ____A CWindowsTasksAt2.job not found.
2011-11-07 2009 - 2011-11-08 2020 - 0000332 ____A CWindowsTasksAt5.job not found.
2011-11-07 2009 - 2011-11-08 2015 - 0000334 ____A CWindowsTasksAt4.job not found.
2011-11-07 2009 - 2011-11-08 2010 - 0000330 ____A CWindowsTasksAt3.job not found.
2011-11-07 2009 - 2011-11-08 1900 - 0000332 ____A CWindowsTasksAt1.job not found.
2011-11-08 2020 - 2011-11-08 2020 - 0058668 ___SH () Cps121v2.exe not found.

==== End of Fixlog ====

#10 shoenberg3

shoenberg3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 18 November 2011 - 04:09 AM

hold that thought!
i am in the OS now!! (i repasted your fix txt since it looked like the :\ notation got messed up in the first attempt). ... but i will keep you updated

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:47 AM

Posted 18 November 2011 - 05:51 AM

Great. :thumbup2:

Please let me know if you still need my assistance. In that case please don't make any changes on your own until we are done.

#12 shoenberg3

shoenberg3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 18 November 2011 - 06:14 AM

I almost killed my PC again..

Was trying to enable AHCI mode on my windows 7 build on my SSD drive.

Per some instruction online, I changed a registry value then proceeded to reboot and change from IDE to AHCI on bios.

No reboot...

but then, I tried pressing F8 wildly right after post screen, then I came up with this red screen -- Grub4Dos, with these options.

Windows 7 with SLIc loader (default)
Windows 7 without loader
Windows 7 with SLIC loader (use alternative method)
etc.

Funnily enough, choosing the second option allowed me to boot normally to windows. Upon checking my WEI scores, my hard drive score went up, indicating that AHCI mode is working. However, now whenever I have to reboot the computer, I have to go through this ordeal...

Not completely sure what's going on..

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:47 AM

Posted 18 November 2011 - 06:34 AM

I can assist you with removing any remaining malware if you wanted. For technical assistance with hardware issue you can better open a topic at open technical forums. There you can get a better assistance.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:47 AM

Posted 23 November 2011 - 05:16 PM

This thread will now be closed since the main issue seems to be resolved.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users