Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon Bootkit/Trojan. Cannot boot Windows


  • This topic is locked This topic is locked
5 replies to this topic

#1 Frustrated Guy

Frustrated Guy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 04 February 2012 - 04:18 PM

Hello! My name is Zack and I am currently having serious problems with a virus.

I am running Windows 7 Ultimate 64-bit.
The virus's name is "Alureon/TDDS". I noticed a decrease in my FPS/latency performance while gaming so, as a natural response, I launched a scan. The end result was that a portion of the virus had been removed so it recommended that I should restart my computer.

After restarting, the Windows 7 splash screen shows up for about 3 seconds, then the blue screen of death flashes for .3 or less followed by being directed to "Windows Error Recovery" screen.

When I press F8 before going to the boot menu I get these options:

Windows 7/Vista/Server (Pointer)
Windows 7/Vista/Server (de-bug - default mode)
Windows 7/Vista/Server (de-bug-legacy mode)
Windows 7/Vista/Server (No SLIC - Pointer)
Windows 7/Vista/Server (No SLIC)
Windows NT/2000/XP
Loader Help

All of these lead me back to the good ol' "Windows Error Recovery" screen. Besides being able to start windows normally... the only other given option is to attempt a start-up repair, which fails to find the problem.

When I try a system restore via system recovery options, it also fails. Via system recovery options, I can also access command prompt if that is of any use in this situation.
Windows will not load even if I boot it from the disk.

http://www.bleepingcomputer.com/download/anti-virus/tdsskiller

According to Google, this is a program that succeeds in removing most forms of the virus (which I put on a USB)... but it doesn't do me any good without being able to start Windows in the first place.

If you have suggestions or solutions, please let me know. I'm trying not to resort to wiping my hard drive since I have quite a bit on it that I REALLY don't want to lose. I will be checking this thread at least five times a day in case more information from me is needed.
Thank you for your time!

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:52 PM

Posted 04 February 2012 - 08:20 PM

Hello Frustrated Guy,

Welcome to this forum. I'll be assisting you.

I'll move the topic to malware forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 Frustrated Guy

Frustrated Guy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 05 February 2012 - 06:45 AM

Thank you, farbar for replying so promptly and with such detailed instructions!
Here are my system's results from the scan:



Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-05 06:39:37
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Lsa: [Notification Packages] scecli
C:\Program Files\Protector Suite\psqlpwd.dll

==================== Services (Whitelisted) ======

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-15] (LogMeIn Inc.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13592 2011-10-17] (Intel Corporation)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-12-07] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2011-12-07] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366152 2011-08-31] (Malwarebytes Corporation)
4 PowerBiosServer; "C:\Program Files (x86)\Hotkey\PowerBiosServer.exe" [33792 2011-02-15] ()
2 SafeBox; "C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe" [75384 2011-12-24] (Bitdefender)
4 SDHookService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.)
4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.)
4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.)
4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [169624 2011-10-05] (Safer-Networking Ltd.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-01-31] (Intel Corporation)
3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2011-10-14] (BitDefender)
2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe" /service [62512 2011-12-24] (Bitdefender)
2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe /service [1950448 2011-12-24] (Bitdefender)
4 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [246600 2011-09-14] ()

========================== Drivers (Whitelisted) =============

0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [685192 2011-12-08] (BitDefender)
3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [258736 2011-12-08] (BitDefender)
3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [543528 2011-12-08] (BitDefender)
1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [90192 2011-11-23] (BitDefender LLC)
0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [442088 2011-12-24] (BitDefender)
1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-23] (BitDefender LLC)
1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [103944 2010-01-19] (BitDefender)
3 Bridge; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2011-11-23] (IVT Corporation.)
3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-18] (DT Soft Ltd)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 JME; C:\Windows\System32\DRIVERS\JME.sys [145424 2011-11-17] (JMicron Technology Corp.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)
3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1163880 2011-10-06] (Realtek Semiconductor Corporation )
1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [48888 2011-10-05] ()
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [88960 2010-11-20] (Microsoft Corporation)
3 terminpt; C:\Windows\System32\drivers\terminpt.sys [34816 2010-11-20] (Microsoft Corporation)
0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [329800 2011-11-03] (BitDefender S.R.L.)
3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation)
3 ALSysIO; \??\C:\Users\Zack\AppData\Local\Temp\ALSysIO64.sys [x]
3 getbus; \??\C:\Users\Zack\AppData\Local\Temp\getbus.sys [x]
4 LMIRfsClientNP; [x]
3 npggsvc; C:\Windows\system32\GameMon.des -service [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-02 08:28 - 2012-02-02 08:28 - 0007119 ____A C:\Users\Zack\Desktop\Untitled.png
2012-02-02 04:08 - 2012-02-02 04:08 - 0000000 ____D C:\Users\Zack\AppData\Local\Halfbrick
2012-02-02 04:05 - 2012-02-02 04:05 - 0000000 ____D C:\Users\Zack\AppData\Local\Intel
2012-02-02 04:04 - 2012-02-04 13:42 - 0000000 ____D C:\Program Files (x86)\Fruit Ninja HD
2012-02-02 03:56 - 2012-02-04 13:42 - 0000000 ____D C:\Users\Zack\Downloads\Fruit.Ninja.HD-THETA
2012-02-02 03:55 - 2012-02-02 03:55 - 0012271 ____A C:\Users\Zack\Downloads\o-Demonoid.me-o_Fruit_Ninja_HD_THETA_7791848.047.torrent
2012-02-01 05:53 - 2012-02-01 05:53 - 0000000 ____A C:\Users\Zack\Desktop\New Text Document (7).txt
2012-01-31 13:07 - 2012-02-02 21:30 - 0000000 ____D C:\Users\Zack\Desktop\Snapshot
2012-01-31 03:24 - 2012-01-31 03:24 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Acoustica
2012-01-31 03:23 - 2012-01-31 03:24 - 0000000 ____D C:\Users\Zack\Desktop\Mixcraft
2012-01-30 22:41 - 2012-01-31 00:24 - 0000044 ____A C:\Users\Zack\Desktop\New Text Document (6).txt
2012-01-30 18:45 - 2012-01-30 18:45 - 0001524 ____A C:\Users\Zack\Desktop\ConfigurationTool.exe - Shortcut.lnk
2012-01-30 18:09 - 2012-01-30 18:09 - 0000000 ____D C:\Users\Zack\AppData\Local\.inapptracking
2012-01-30 17:57 - 2012-01-30 17:57 - 0001110 ____A C:\Users\Public\Desktop\Sonic Generations.lnk
2012-01-30 17:45 - 2012-02-04 13:42 - 0000000 ____D C:\Program Files (x86)\Sonic Generations
2012-01-30 17:13 - 2012-01-30 17:20 - 0000000 ____D C:\Users\Zack\Downloads\Winamp 5.622 Pro All
2012-01-30 17:13 - 2012-01-30 17:13 - 0020223 ____A C:\Users\Zack\Downloads\[[Demonoid.me]]-Winamp_Pro_v5_622_3189_Serial_7791848.047.torrent
2012-01-30 17:10 - 2012-01-30 17:10 - 0844793 ____A C:\Users\Zack\Downloads\portals.wmz
2012-01-29 22:36 - 2012-01-29 22:49 - 0000000 ____D C:\Users\Zack\Downloads\Acoustica.Mixcraft.v5.2.152.Mobile.Device.Edition-BEAT
2012-01-29 22:35 - 2012-01-29 22:35 - 0011923 ____A C:\Users\Zack\Downloads\Acoustica_Mixcraft_v5_2_152_Portable_BEAT-_=Demonoid.me=__7791848.047.torrent
2012-01-29 22:18 - 2012-01-29 22:22 - 260154880 ____A C:\Users\Zack\Desktop\sup.avi
2012-01-29 22:18 - 2012-01-29 22:18 - 54871040 ____A C:\Users\Zack\Desktop\Soup1.avi
2012-01-29 13:12 - 2012-01-29 13:14 - 437211648 ____A C:\Users\Zack\Desktop\Barbie part 2.avi
2012-01-29 02:42 - 2012-01-30 14:14 - 0000000 ____D C:\Users\Zack\Downloads\SonicGenerations.FLT
2012-01-29 02:41 - 2012-01-29 02:41 - 0039402 ____A C:\Users\Zack\Downloads\((Demonoid.me))-Sonic_Generations_FLT_7791848.047.torrent
2012-01-29 00:00 - 2012-01-30 02:05 - 0000000 ____D C:\Users\Zack\Downloads\Love (Deluxe Edition) (FLAC)
2012-01-28 23:26 - 2012-01-28 23:26 - 0031170 ____A C:\Users\Zack\Downloads\((Demonoid.me))-Angels_Airwaves_Love_Pt_1_2_Deluxe_Edition_(FLAC)_7791848.047.torrent
2012-01-28 23:10 - 2012-01-29 10:23 - 0000062 ____A C:\Users\Zack\Desktop\New Text Document (5).txt
2012-01-28 23:02 - 2012-01-28 23:02 - 0000000 ____D C:\Users\Zack\Downloads\Tron Legacy 2010 BRRip 1080p x264 AAC - honchorella (Kingdom Release)
2012-01-28 22:58 - 2012-01-28 22:58 - 0016303 ____A C:\Users\Zack\Downloads\[]Demonoid.me[]-Tron_Legacy_2010_BRRip_1080p_x264_AAC_honchorella_(Kingdom_Release)_7791848.047.torrent
2012-01-27 17:52 - 2012-01-28 23:02 - 0000000 ____D C:\Users\Zack\Downloads\Harold and Kumar 1&2
2012-01-27 17:46 - 2012-01-27 17:46 - 0014642 ____A C:\Users\Zack\Downloads\++Demonoid.me++-Harold_and_Kumar_1_2_7791848.047.torrent
2012-01-27 16:20 - 2012-01-27 16:20 - 0000150 ____A C:\Users\Zack\Desktop\New Text Document (4).txt
2012-01-27 16:13 - 2012-01-29 13:10 - 468250624 ____A C:\Users\Zack\Desktop\Barbie part 1.avi
2012-01-25 20:16 - 2012-01-25 20:30 - 0000000 ____D C:\Users\Zack\Downloads\A Very Harold And Kumar Christmas 2011 720p BRRip x264 AAC-26K
2012-01-25 20:11 - 2012-01-25 20:11 - 0000000 ____D C:\Users\Zack\Downloads\Time Stopper
2012-01-25 20:09 - 2012-01-25 20:09 - 0010440 ____A C:\Users\Zack\Downloads\_-Demonoid.me-_A_Very_Harold_And_Kumar_Christmas_2011_720p_BRRip_x264_AAC_26K_7791848.047.torrent
2012-01-25 20:02 - 2012-01-25 20:02 - 0004756 ____A C:\Users\Zack\Downloads\o-Demonoid.me-o_Time_Stopper_Use_Trial_Version_Apps_Forever_7791848.047.torrent
2012-01-25 16:40 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-25 16:40 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-25 16:40 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-25 16:40 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-25 16:40 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-25 16:40 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-25 16:40 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-25 16:40 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-25 16:40 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-25 16:40 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-25 16:40 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-25 16:40 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-25 16:40 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-25 16:40 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-23 17:19 - 2012-01-23 17:19 - 0010440 ____A C:\Users\Zack\Downloads\A_Very_Harold_And_Kumar_Christmas_2011_720p_BRRip_x264_AAC_26K-++Demonoid.me++_7791848.047.torrent
2012-01-23 15:14 - 2012-01-23 15:14 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-01-23 15:07 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-01-21 15:43 - 2012-02-04 13:42 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-01-21 15:43 - 2012-01-28 14:19 - 0000000 ____D C:\Users\Zack\AppData\Local\LogMeIn Hamachi
2012-01-21 15:42 - 2012-01-21 15:42 - 3819520 ____A C:\Users\Zack\Downloads\hamachi.msi
2012-01-21 15:33 - 2012-02-03 21:04 - 0000000 ____D C:\Users\All Users\LogMeIn
2012-01-21 15:33 - 2012-02-03 21:04 - 0000000 ____D C:\ProgramData\LogMeIn
2012-01-21 15:33 - 2012-01-28 17:20 - 0000000 ____D C:\Users\Zack\Desktop\New folder (2)
2012-01-21 15:33 - 2012-01-21 15:33 - 0001024 ____A C:\.rnd
2012-01-21 15:33 - 2012-01-21 15:33 - 0000000 ____D C:\Users\Zack\AppData\Local\LogMeIn
2012-01-21 15:33 - 2012-01-21 15:33 - 0000000 ____D C:\Program Files (x86)\LogMeIn
2012-01-21 15:33 - 2011-12-07 15:22 - 0087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-01-21 15:33 - 2011-12-07 15:22 - 0080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-01-21 15:33 - 2011-09-16 11:10 - 0072216 ____A (LogMeIn, Inc.) C:\Windows\System32\Drivers\LMIRfsDriver.sys
2012-01-21 15:22 - 2012-01-21 15:24 - 15919104 ____A C:\Users\Zack\Downloads\LogMeIn.msi
2012-01-21 15:09 - 2012-01-21 15:09 - 0659797 ____A C:\Users\Zack\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2012-01-14 19:24 - 2012-01-14 19:24 - 0039228 ____A C:\Users\Zack\Desktop\guilt.png
2012-01-13 05:37 - 2012-01-13 05:37 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-01-13 05:37 - 2012-01-13 05:37 - 0000000 ____D C:\Users\Zack\AppData\Local\Google
2012-01-13 05:37 - 2012-01-13 05:37 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-13 05:27 - 2012-01-13 05:28 - 0000000 ____D C:\Users\Zack\Desktop\New folder
2012-01-13 05:25 - 2012-01-13 05:26 - 0000000 ____D C:\Users\Zack\Downloads\Google Earth Plus v6.0.3.2197 + crack
2012-01-12 14:41 - 2012-01-24 22:42 - 0000000 ____D C:\Users\Zack\Downloads\Parachutes Collection
2012-01-11 10:03 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 10:03 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-11 10:03 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 10:03 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-11 10:03 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 10:03 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-11 10:03 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-11 10:03 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-08 21:24 - 2012-01-09 06:13 - 0000182 ____A C:\Users\Zack\Desktop\New Text Document (3).txt
2012-01-08 21:01 - 2012-01-08 21:24 - 0000019 ____A C:\Users\Zack\Desktop\New Text Document (2).txt
2012-01-08 00:17 - 2012-01-08 00:24 - 0000195 ____A C:\Users\Zack\Desktop\New Text Document.txt


============ 3 Months Modified Files and Folders =============

2012-02-05 06:39 - 2012-02-05 06:39 - 0000000 ____D C:\FRST
2012-02-04 13:43 - 2011-09-11 18:15 - 0000000 ____D C:\users\UpdatusUser
2012-02-04 13:43 - 2011-08-31 13:09 - 0000000 ____D C:\users\Zack
2012-02-04 13:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-02-04 13:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-02-04 13:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-02-04 13:42 - 2012-02-02 04:04 - 0000000 ____D C:\Program Files (x86)\Fruit Ninja HD
2012-02-04 13:42 - 2012-02-02 03:56 - 0000000 ____D C:\Users\Zack\Downloads\Fruit.Ninja.HD-THETA
2012-02-04 13:42 - 2012-01-30 17:45 - 0000000 ____D C:\Program Files (x86)\Sonic Generations
2012-02-04 13:42 - 2012-01-21 15:43 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-02-04 13:42 - 2011-12-18 15:30 - 0000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent
2012-02-04 13:42 - 2011-12-18 15:27 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-02-04 13:42 - 2011-12-15 16:35 - 0000000 ____D C:\Program Files\iTunes
2012-02-04 13:42 - 2011-12-15 16:35 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-04 13:42 - 2011-12-15 16:34 - 0000000 ____D C:\Program Files\Bonjour
2012-02-04 13:42 - 2011-12-15 16:34 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-02-04 13:42 - 2011-12-15 16:34 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-02-04 13:42 - 2011-12-13 10:28 - 0000000 ____D C:\Program Files (x86)\Driver Genius
2012-02-04 13:42 - 2011-12-12 02:09 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2012-02-04 13:42 - 2011-11-28 11:28 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-02-04 13:42 - 2011-11-11 00:43 - 0000000 ____D C:\Program Files\Hitman Pro 3.5
2012-02-04 13:42 - 2011-10-21 00:03 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-02-04 13:42 - 2011-10-21 00:03 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-04 13:42 - 2011-10-21 00:02 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-02-04 13:42 - 2011-09-22 02:14 - 0000000 __HDC C:\Users\All Users\{428BA3F5-8003-46AA-9B5C-D7496CECEB41}
2012-02-04 13:42 - 2011-09-22 02:14 - 0000000 __HDC C:\ProgramData\{428BA3F5-8003-46AA-9B5C-D7496CECEB41}
2012-02-04 13:42 - 2011-09-21 11:40 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-04 13:42 - 2011-09-19 18:58 - 0000000 ____D C:\Program Files (x86)\All in One Converter
2012-02-04 13:42 - 2011-09-14 14:43 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-02-04 13:42 - 2011-09-14 12:08 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-02-04 13:42 - 2011-09-06 13:17 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-02-04 13:42 - 2011-09-01 08:25 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-02-04 13:42 - 2011-08-31 22:13 - 0000000 ____D C:\Program Files (x86)\Youtube Downloader
2012-02-04 13:42 - 2011-08-31 21:45 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-02-04 13:42 - 2011-08-31 18:27 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-04 13:42 - 2011-08-31 18:26 - 0000000 ____D C:\Users\Zack\AppData\Roaming\uTorrent
2012-02-04 13:42 - 2011-08-31 16:28 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-04 13:42 - 2011-08-31 14:14 - 0000000 ____D C:\Program Files\Protector Suite
2012-02-04 13:42 - 2011-08-31 13:34 - 0000000 ____D C:\Program Files (x86)\Hotkey
2012-02-04 13:42 - 2011-08-31 13:26 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-02-04 13:42 - 2011-08-31 13:22 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-02-04 13:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-04 13:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-02-04 13:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-04 13:36 - 2011-09-06 13:17 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Skype
2012-02-04 09:36 - 2011-11-04 15:17 - 0117051 ____A C:\bdlog.txt
2012-02-04 08:46 - 2011-11-08 06:25 - 0000000 ____D C:\Users\Zack\riotsGamesLogs
2012-02-04 05:26 - 2011-08-31 13:03 - 463781888 __ASH C:\hiberfil.sys
2012-02-04 00:03 - 2011-04-12 00:28 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-03 21:04 - 2012-01-21 15:33 - 0000000 ____D C:\Users\All Users\LogMeIn
2012-02-03 21:04 - 2012-01-21 15:33 - 0000000 ____D C:\ProgramData\LogMeIn
2012-02-03 21:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-03 20:41 - 2011-11-10 23:36 - 0000376 ____A C:\Users\Zack\AppData\Roamingprivacy.xml
2012-02-03 19:36 - 2011-08-31 14:25 - 0000000 ____D C:\Users\Zack\AppData\Local\ElevatedDiagnostics
2012-02-02 21:30 - 2012-01-31 13:07 - 0000000 ____D C:\Users\Zack\Desktop\Snapshot
2012-02-02 08:28 - 2012-02-02 08:28 - 0007119 ____A C:\Users\Zack\Desktop\Untitled.png
2012-02-02 04:08 - 2012-02-02 04:08 - 0000000 ____D C:\Users\Zack\AppData\Local\Halfbrick
2012-02-02 04:05 - 2012-02-02 04:05 - 0000000 ____D C:\Users\Zack\AppData\Local\Intel
2012-02-02 03:55 - 2012-02-02 03:55 - 0012271 ____A C:\Users\Zack\Downloads\o-Demonoid.me-o_Fruit_Ninja_HD_THETA_7791848.047.torrent
2012-02-01 08:00 - 2011-10-21 00:03 - 0000330 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2012-02-01 05:53 - 2012-02-01 05:53 - 0000000 ____A C:\Users\Zack\Desktop\New Text Document (7).txt
2012-02-01 03:17 - 2011-12-22 15:13 - 0007692 ____A C:\Windows\setupact.log
2012-02-01 03:03 - 2009-07-13 18:34 - 0000700 ____A C:\Windows\win.ini
2012-01-31 07:49 - 2011-11-09 13:26 - 0000000 ____D C:\Users\Zack\Desktop\LoL
2012-01-31 03:24 - 2012-01-31 03:24 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Acoustica
2012-01-31 03:24 - 2012-01-31 03:23 - 0000000 ____D C:\Users\Zack\Desktop\Mixcraft
2012-01-31 00:26 - 2011-08-31 21:45 - 0000000 ____D C:\Users\Zack\AppData\Roaming\SystemRequirementsLab
2012-01-31 00:24 - 2012-01-30 22:41 - 0000044 ____A C:\Users\Zack\Desktop\New Text Document (6).txt
2012-01-30 18:59 - 2009-07-13 18:34 - 0000000 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-30 18:56 - 2009-07-13 20:45 - 0021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-30 18:56 - 2009-07-13 20:45 - 0021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-30 18:48 - 2011-11-23 10:25 - 0000338 ____A C:\Windows\Tasks\DriverScanner.job
2012-01-30 18:48 - 2011-10-21 00:03 - 0000360 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2012-01-30 18:48 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-30 18:47 - 2011-08-31 13:09 - 1914962 ____A C:\Windows\WindowsUpdate.log
2012-01-30 18:45 - 2012-01-30 18:45 - 0001524 ____A C:\Users\Zack\Desktop\ConfigurationTool.exe - Shortcut.lnk
2012-01-30 18:11 - 2011-11-26 17:22 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-01-30 18:09 - 2012-01-30 18:09 - 0000000 ____D C:\Users\Zack\AppData\Local\.inapptracking
2012-01-30 18:07 - 2011-09-01 08:34 - 0000000 ____D C:\Users\Zack\Documents\My Games
2012-01-30 18:01 - 2011-11-02 18:32 - 0008574 ____A C:\Windows\PFRO.log
2012-01-30 17:57 - 2012-01-30 17:57 - 0001110 ____A C:\Users\Public\Desktop\Sonic Generations.lnk
2012-01-30 17:20 - 2012-01-30 17:13 - 0000000 ____D C:\Users\Zack\Downloads\Winamp 5.622 Pro All
2012-01-30 17:13 - 2012-01-30 17:13 - 0020223 ____A C:\Users\Zack\Downloads\[[Demonoid.me]]-Winamp_Pro_v5_622_3189_Serial_7791848.047.torrent
2012-01-30 17:10 - 2012-01-30 17:10 - 0844793 ____A C:\Users\Zack\Downloads\portals.wmz
2012-01-30 14:14 - 2012-01-29 02:42 - 0000000 ____D C:\Users\Zack\Downloads\SonicGenerations.FLT
2012-01-30 02:05 - 2012-01-29 00:00 - 0000000 ____D C:\Users\Zack\Downloads\Love (Deluxe Edition) (FLAC)
2012-01-29 22:49 - 2012-01-29 22:36 - 0000000 ____D C:\Users\Zack\Downloads\Acoustica.Mixcraft.v5.2.152.Mobile.Device.Edition-BEAT
2012-01-29 22:35 - 2012-01-29 22:35 - 0011923 ____A C:\Users\Zack\Downloads\Acoustica_Mixcraft_v5_2_152_Portable_BEAT-_=Demonoid.me=__7791848.047.torrent
2012-01-29 22:22 - 2012-01-29 22:18 - 260154880 ____A C:\Users\Zack\Desktop\sup.avi
2012-01-29 22:18 - 2012-01-29 22:18 - 54871040 ____A C:\Users\Zack\Desktop\Soup1.avi
2012-01-29 13:14 - 2012-01-29 13:12 - 437211648 ____A C:\Users\Zack\Desktop\Barbie part 2.avi
2012-01-29 13:10 - 2012-01-27 16:13 - 468250624 ____A C:\Users\Zack\Desktop\Barbie part 1.avi
2012-01-29 10:23 - 2012-01-28 23:10 - 0000062 ____A C:\Users\Zack\Desktop\New Text Document (5).txt
2012-01-29 02:41 - 2012-01-29 02:41 - 0039402 ____A C:\Users\Zack\Downloads\((Demonoid.me))-Sonic_Generations_FLT_7791848.047.torrent
2012-01-28 23:26 - 2012-01-28 23:26 - 0031170 ____A C:\Users\Zack\Downloads\((Demonoid.me))-Angels_Airwaves_Love_Pt_1_2_Deluxe_Edition_(FLAC)_7791848.047.torrent
2012-01-28 23:02 - 2012-01-28 23:02 - 0000000 ____D C:\Users\Zack\Downloads\Tron Legacy 2010 BRRip 1080p x264 AAC - honchorella (Kingdom Release)
2012-01-28 23:02 - 2012-01-27 17:52 - 0000000 ____D C:\Users\Zack\Downloads\Harold and Kumar 1&2
2012-01-28 22:58 - 2012-01-28 22:58 - 0016303 ____A C:\Users\Zack\Downloads\[]Demonoid.me[]-Tron_Legacy_2010_BRRip_1080p_x264_AAC_honchorella_(Kingdom_Release)_7791848.047.torrent
2012-01-28 17:20 - 2012-01-21 15:33 - 0000000 ____D C:\Users\Zack\Desktop\New folder (2)
2012-01-28 14:26 - 2011-11-11 00:44 - 0025160 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2012-01-28 14:19 - 2012-01-21 15:43 - 0000000 ____D C:\Users\Zack\AppData\Local\LogMeIn Hamachi
2012-01-27 17:46 - 2012-01-27 17:46 - 0014642 ____A C:\Users\Zack\Downloads\++Demonoid.me++-Harold_and_Kumar_1_2_7791848.047.torrent
2012-01-27 16:20 - 2012-01-27 16:20 - 0000150 ____A C:\Users\Zack\Desktop\New Text Document (4).txt
2012-01-26 11:13 - 2011-09-01 21:54 - 0000000 ____D C:\Users\Zack\AppData\Roaming\DAEMON Tools Lite
2012-01-26 07:30 - 2011-10-21 00:03 - 0000344 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2012-01-25 20:30 - 2012-01-25 20:16 - 0000000 ____D C:\Users\Zack\Downloads\A Very Harold And Kumar Christmas 2011 720p BRRip x264 AAC-26K
2012-01-25 20:11 - 2012-01-25 20:11 - 0000000 ____D C:\Users\Zack\Downloads\Time Stopper
2012-01-25 20:09 - 2012-01-25 20:09 - 0010440 ____A C:\Users\Zack\Downloads\_-Demonoid.me-_A_Very_Harold_And_Kumar_Christmas_2011_720p_BRRip_x264_AAC_26K_7791848.047.torrent
2012-01-25 20:02 - 2012-01-25 20:02 - 0004756 ____A C:\Users\Zack\Downloads\o-Demonoid.me-o_Time_Stopper_Use_Trial_Version_Apps_Forever_7791848.047.torrent
2012-01-24 22:42 - 2012-01-12 14:41 - 0000000 ____D C:\Users\Zack\Downloads\Parachutes Collection
2012-01-23 17:19 - 2012-01-23 17:19 - 0010440 ____A C:\Users\Zack\Downloads\A_Very_Harold_And_Kumar_Christmas_2011_720p_BRRip_x264_AAC_26K-++Demonoid.me++_7791848.047.torrent
2012-01-23 15:48 - 2011-11-11 01:06 - 0002268 ____A C:\Windows\System32\.crusader
2012-01-23 15:14 - 2012-01-23 15:14 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-01-21 15:42 - 2012-01-21 15:42 - 3819520 ____A C:\Users\Zack\Downloads\hamachi.msi
2012-01-21 15:33 - 2012-01-21 15:33 - 0001024 ____A C:\.rnd
2012-01-21 15:33 - 2012-01-21 15:33 - 0000000 ____D C:\Users\Zack\AppData\Local\LogMeIn
2012-01-21 15:33 - 2012-01-21 15:33 - 0000000 ____D C:\Program Files (x86)\LogMeIn
2012-01-21 15:24 - 2012-01-21 15:22 - 15919104 ____A C:\Users\Zack\Downloads\LogMeIn.msi
2012-01-21 15:09 - 2012-01-21 15:09 - 0659797 ____A C:\Users\Zack\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2012-01-14 19:24 - 2012-01-14 19:24 - 0039228 ____A C:\Users\Zack\Desktop\guilt.png
2012-01-14 05:00 - 2009-07-13 21:13 - 0779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-13 05:39 - 2011-08-31 13:09 - 0000000 ____D C:\Users\Zack\AppData\LocalLow
2012-01-13 05:37 - 2012-01-13 05:37 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-01-13 05:37 - 2012-01-13 05:37 - 0000000 ____D C:\Users\Zack\AppData\Local\Google
2012-01-13 05:37 - 2012-01-13 05:37 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-13 05:28 - 2012-01-13 05:27 - 0000000 ____D C:\Users\Zack\Desktop\New folder
2012-01-13 05:26 - 2012-01-13 05:25 - 0000000 ____D C:\Users\Zack\Downloads\Google Earth Plus v6.0.3.2197 + crack
2012-01-11 15:26 - 2011-08-31 23:06 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-09 06:13 - 2012-01-08 21:24 - 0000182 ____A C:\Users\Zack\Desktop\New Text Document (3).txt
2012-01-08 21:24 - 2012-01-08 21:01 - 0000019 ____A C:\Users\Zack\Desktop\New Text Document (2).txt
2012-01-08 00:24 - 2012-01-08 00:17 - 0000195 ____A C:\Users\Zack\Desktop\New Text Document.txt
2012-01-07 03:07 - 2011-10-20 23:34 - 0000000 ____D C:\Users\Zack\Desktop\Desktop Stuff
2012-01-05 18:48 - 2012-01-05 18:48 - 0000000 ____D C:\Users\Zack\Downloads\Age of empires 2 + Conquerors expansion [Portable]
2012-01-05 18:35 - 2012-01-05 18:32 - 0000000 ____D C:\Users\Zack\Age of empires 2 + Conquerors expansion [Portable]
2012-01-04 21:25 - 2011-11-12 06:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-01-04 15:04 - 2012-01-04 15:04 - 0000000 ____A C:\AILog.txt
2012-01-04 04:48 - 2011-09-01 08:07 - 0773482 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-03 21:39 - 2011-08-31 13:40 - 0063136 ____A C:\Users\Zack\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-03 21:38 - 2009-07-13 20:45 - 0282904 ____A C:\Windows\System32\FNTCACHE.DAT
2012-01-03 21:13 - 2012-01-03 21:13 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2012-01-03 15:45 - 2011-09-10 11:18 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-03 15:45 - 2011-09-10 11:18 - 0000000 ____D C:\ProgramData\Adobe
2012-01-03 15:44 - 2012-01-03 15:35 - 0000000 ___AD C:\Users\Zack\Desktop\Arrested Development
2012-01-03 15:44 - 2011-08-31 16:45 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Adobe
2011-12-31 14:48 - 2011-12-30 01:54 - 0000000 ____D C:\Users\Zack\Downloads\Dragon NaturallySpeaking v11.5
2011-12-30 02:28 - 2011-12-30 02:28 - 0003071 ____A C:\Users\Zack\Desktop\fdfdf.txt
2011-12-28 16:38 - 2011-12-12 15:05 - 0001064 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2011-12-28 04:17 - 2011-12-09 13:32 - 0000000 ____D C:\Windows\Minidump
2011-12-28 04:12 - 2011-12-28 03:53 - 0000000 ____D C:\Users\Zack\Downloads\NERO 11 Platinum
2011-12-25 20:45 - 2011-11-16 21:30 - 0111320 ___AH C:\Windows\SysWOW64\mlfcache.dat
2011-12-24 13:57 - 2011-12-24 13:57 - 0000000 ____D C:\BDLOGS
2011-12-24 10:58 - 2011-12-24 10:58 - 0442088 ____A (BitDefender) C:\Windows\System32\Drivers\bdfsfltr.sys
2011-12-22 07:30 - 2009-07-13 18:34 - 0436431 ___RA C:\Windows\System32\Drivers\etc\hosts.20120119-103007.backup
2011-12-19 06:29 - 2011-11-16 11:56 - 0000000 ____D C:\Users\Zack\Downloads\Coldplay - Mylo Xyloto (2011), 320Kbit(mp3), DMT
2011-12-18 23:10 - 2011-12-18 22:53 - 0000000 ____D C:\Users\Zack\Downloads\Sherlock Holmes {2009} DVDRIP. Jaybob
2011-12-18 15:36 - 2011-12-18 15:36 - 0000000 ____D C:\Users\Zack\Documents\Amnesia
2011-12-18 15:36 - 2011-09-01 22:34 - 0000000 ____D C:\Users\Zack\AppData\Roaming\NVIDIA
2011-12-18 15:34 - 2011-12-18 15:34 - 0002176 ____A C:\Users\Zack\Desktop\Amnesia.lnk
2011-12-18 15:27 - 2011-12-18 15:27 - 0279616 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2011-12-18 15:02 - 2011-12-18 14:27 - 0000000 ____D C:\Users\Zack\Downloads\Amnesia.The.Dark.Descent-SKIDROW
2011-12-16 19:05 - 2011-12-15 16:36 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Apple Computer
2011-12-15 16:36 - 2011-12-15 16:36 - 0000000 ____D C:\Users\Zack\AppData\Local\Apple Computer
2011-12-15 16:36 - 2011-12-15 16:35 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-15 16:36 - 2011-12-15 16:35 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-15 16:35 - 2011-12-15 16:35 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-12-15 16:35 - 2011-12-15 16:35 - 0000000 ____D C:\ProgramData\Apple Computer
2011-12-15 16:35 - 2011-12-15 16:35 - 0000000 ____D C:\Program Files\iPod
2011-12-15 16:34 - 2011-12-15 16:34 - 0000000 ____D C:\Users\Zack\AppData\Local\Apple
2011-12-15 16:34 - 2011-12-15 16:34 - 0000000 ____D C:\Users\All Users\Apple
2011-12-15 16:34 - 2011-12-15 16:34 - 0000000 ____D C:\ProgramData\Apple
2011-12-15 16:34 - 2011-12-15 16:34 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-12-15 15:09 - 2011-12-15 15:06 - 71316336 ____A (Apple Inc.) C:\Users\Zack\Downloads\iTunes64Setup.exe
2011-12-15 07:30 - 2009-07-13 18:34 - 0436431 ___RA C:\Windows\System32\Drivers\etc\hosts.20111222-103004.backup
2011-12-14 18:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-14 07:59 - 2009-07-13 21:08 - 0032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-13 11:36 - 2011-09-11 18:17 - 0000000 ____D C:\Windows\SysWOW64\NV
2011-12-13 11:36 - 2011-09-11 18:17 - 0000000 ____D C:\Windows\System32\NV
2011-12-13 11:28 - 2011-08-31 14:11 - 0000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2011-12-13 11:15 - 2011-08-31 13:39 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2011-12-13 10:58 - 2011-08-31 13:20 - 0000000 ____D C:\Program Files (x86)\Intel
2011-12-13 10:56 - 2011-12-13 10:56 - 0000000 ____D C:\Users\All Users\Downloaded Installations
2011-12-13 10:56 - 2011-12-13 10:56 - 0000000 ____D C:\ProgramData\Downloaded Installations
2011-12-13 10:28 - 2011-12-13 10:27 - 0000000 ____D C:\Users\Zack\Downloads\Driver Genius 10.0.820
2011-12-12 15:06 - 2011-12-12 02:08 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-12-12 15:06 - 2011-12-12 02:08 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-12-11 06:19 - 2011-12-11 06:19 - 0002908 ____A C:\Users\Zack\Downloads\Omegle conversation log(15).html
2011-12-11 01:28 - 2011-12-11 01:28 - 0004637 ____A C:\Users\Zack\Downloads\Omegle conversation log(14).html
2011-12-11 00:42 - 2011-10-01 20:58 - 0000000 ____D C:\Users\Zack\Documents\DriverGenius
2011-12-10 10:35 - 2011-09-02 18:17 - 0000000 ____D C:\Users\Zack\AppData\Local\Microsoft Games
2011-12-08 17:31 - 2011-11-23 17:21 - 0685192 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2011-12-08 17:31 - 2011-09-01 07:15 - 0543528 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2011-12-08 17:31 - 2011-07-15 12:12 - 0258736 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2011-12-08 07:30 - 2009-07-13 18:34 - 0436431 ___RA C:\Windows\System32\Drivers\etc\hosts.20111215-103006.backup
2011-12-07 15:22 - 2012-01-21 15:33 - 0087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2011-12-07 15:22 - 2012-01-21 15:33 - 0080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2011-12-04 15:56 - 2011-12-04 15:56 - 0004086 ____A C:\Users\Zack\Downloads\Omegle conversation log(13).html
2011-12-04 15:53 - 2011-12-04 15:53 - 0006488 ____A C:\Users\Zack\Downloads\Omegle conversation log(12).html
2011-12-04 03:47 - 2011-12-04 03:47 - 0002908 ____A C:\Users\Zack\Downloads\Omegle conversation log(11).html
2011-12-04 03:12 - 2011-12-04 03:12 - 0003463 ____A C:\Users\Zack\Downloads\Omegle conversation log(10).html
2011-12-04 03:02 - 2011-12-04 03:02 - 0006115 ____A C:\Users\Zack\Downloads\Omegle conversation log(9).html
2011-12-04 02:31 - 2011-12-04 02:31 - 0003677 ____A C:\Users\Zack\Downloads\Omegle conversation log(8).html
2011-12-04 02:30 - 2011-12-04 02:30 - 0002908 ____A C:\Users\Zack\Downloads\Omegle conversation log(7).html
2011-12-04 01:51 - 2011-12-04 01:51 - 0003963 ____A C:\Users\Zack\Downloads\Omegle conversation log(6).html
2011-12-04 01:30 - 2011-12-04 01:30 - 0002908 ____A C:\Users\Zack\Downloads\Omegle conversation log(5).html
2011-12-03 23:39 - 2011-12-03 23:39 - 0007041 ____A C:\Users\Zack\Downloads\Omegle conversation log(4).html
2011-12-03 23:11 - 2011-12-03 23:11 - 0004964 ____A C:\Users\Zack\Downloads\Omegle conversation log(3).html
2011-12-03 21:07 - 2011-12-03 21:07 - 0002908 ____A C:\Users\Zack\Downloads\Omegle conversation log(2).html
2011-12-03 02:34 - 2011-12-03 02:34 - 0006318 ____A C:\Users\Zack\Downloads\Omegle conversation log(1).html
2011-12-03 02:08 - 2011-12-03 02:08 - 0005150 ____A C:\Users\Zack\Downloads\Omegle conversation log.html
2011-12-02 01:13 - 2011-12-02 00:59 - 0000000 ____D C:\Users\Zack\Downloads\Chinese Lovemaking Secrets
2011-12-02 01:00 - 2011-12-02 01:00 - 0000000 ____D C:\Users\Zack\Downloads\Why Do Men Have Nipples - Hundreds of Questions You'd Only Ask a Doctor After Your Third Martini
2011-12-02 01:00 - 2011-12-02 01:00 - 0000000 ____D C:\Users\Zack\Downloads\Brain Candy
2011-12-01 07:30 - 2009-07-13 18:34 - 0436431 ___RA C:\Windows\System32\Drivers\etc\hosts.20111208-103005.backup
2011-12-01 06:02 - 2011-12-01 06:02 - 0000017 ____A C:\Users\Zack\AppData\Local\resmon.resmoncfg
2011-11-28 15:14 - 2011-08-31 17:30 - 0000000 ____D C:\Windows\pss
2011-11-28 14:24 - 2011-11-23 10:24 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Uniblue
2011-11-28 14:16 - 2011-10-05 05:20 - 0000434 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2011-11-28 14:13 - 2011-11-23 10:24 - 0000000 ____D C:\Program Files (x86)\Uniblue
2011-11-28 14:08 - 2011-11-28 14:07 - 0000000 ____D C:\Users\Zack\Downloads\Uniblue.PowerSuite.2012.3.0.5.5.Multilingual
2011-11-28 11:28 - 2011-11-28 11:28 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2011-11-28 11:28 - 2011-11-28 11:28 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf
2011-11-28 11:28 - 2011-11-28 11:28 - 0000000 ____D C:\Windows\PCHEALTH
2011-11-28 11:28 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-11-28 11:23 - 2011-11-28 11:23 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2011-11-27 02:08 - 2011-11-27 02:08 - 0000000 ____D C:\Users\Zack\AppData\Local\Skyrim
2011-11-25 16:30 - 2011-11-24 22:44 - 0000000 ____D C:\Users\Zack\Downloads\Dragon Ball
2011-11-25 10:32 - 2011-11-25 10:32 - 0525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2011-11-25 10:32 - 2011-11-25 10:32 - 0190752 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-11-25 10:32 - 2011-11-25 10:32 - 0171808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-11-25 10:32 - 2011-11-25 10:32 - 0171808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-11-25 10:31 - 2011-11-25 10:31 - 0000000 ____D C:\Program Files\Java
2011-11-23 20:52 - 2011-12-13 12:47 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 20:27 - 2011-09-10 11:18 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-11-23 20:27 - 2011-09-10 11:17 - 0000000 ____D C:\Users\Zack\AppData\Local\Adobe
2011-11-23 20:23 - 2011-11-23 20:23 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-11-23 20:23 - 2011-11-23 20:23 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-11-23 17:20 - 2011-03-01 13:45 - 0090192 ____A (BitDefender LLC) C:\Windows\System32\Drivers\bdfndisf6.sys
2011-11-23 12:28 - 2011-11-23 12:28 - 0000000 ____D C:\Users\Zack\Downloads\Mindbleep
2011-11-23 10:34 - 2011-11-23 10:34 - 0042888 ____A (IVT Corporation.) C:\Windows\System32\Drivers\btcusb.sys
2011-11-23 10:34 - 2011-11-23 10:34 - 0019464 ____A (IVT Corporation.) C:\Windows\System32\btinstall.dll
2011-11-23 10:28 - 2011-11-23 10:28 - 0304760 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys
2011-11-23 10:28 - 2011-11-23 10:28 - 0105840 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Vxdif.dll
2011-11-23 10:28 - 2011-11-23 10:28 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2011-11-23 10:28 - 2011-11-23 10:28 - 0000000 ____D C:\Program Files\DellTPad
2011-11-23 10:24 - 2011-11-23 10:24 - 0000000 ____D C:\Users\All Users\Uniblue
2011-11-23 10:24 - 2011-11-23 10:24 - 0000000 ____D C:\ProgramData\Uniblue
2011-11-23 10:06 - 2011-11-23 10:06 - 0000000 ____D C:\Users\Zack\Downloads\Uniblue Driver Scanner 2011
2011-11-23 10:00 - 2011-11-23 10:00 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-11-22 18:09 - 2011-11-18 08:48 - 0000000 ____D C:\Users\Zack\Downloads\rzr-skrm
2011-11-21 19:15 - 2011-11-21 18:01 - 0000000 ____D C:\Users\Zack\Downloads\The Walking Dead
2011-11-19 06:58 - 2012-01-11 10:03 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:01 - 2012-01-11 10:03 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-18 11:40 - 2011-09-27 14:53 - 0000000 ____D C:\Users\Zack\Downloads\Led Zeppelin - Complete Discography
2011-11-17 14:11 - 2011-11-17 14:11 - 0145424 ____A (JMicron Technology Corp.) C:\Windows\System32\Drivers\JME.sys
2011-11-17 07:30 - 2009-07-13 18:34 - 0436431 ___RA C:\Windows\System32\Drivers\etc\hosts.20111201-103005.backup
2011-11-16 22:49 - 2012-01-25 16:40 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-16 22:49 - 2012-01-25 16:40 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 22:44 - 2012-01-25 16:40 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-16 22:41 - 2012-01-11 10:03 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 22:35 - 2012-01-25 16:40 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 22:35 - 2012-01-25 16:40 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-16 22:35 - 2012-01-25 16:40 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 22:35 - 2012-01-25 16:40 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-16 22:35 - 2012-01-25 16:40 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-16 22:35 - 2012-01-25 16:40 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 22:33 - 2012-01-25 16:40 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 21:38 - 2012-01-11 10:03 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 21:35 - 2012-01-25 16:40 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 21:34 - 2012-01-25 16:40 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 21:34 - 2012-01-25 16:40 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 21:28 - 2012-01-25 16:40 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-11-13 07:30 - 2011-11-13 07:30 - 0000439 ____A C:\Users\Zack\AppData\Roaminguser_gensett.xml
2011-11-12 07:32 - 2011-09-02 18:42 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-11-12 07:32 - 2011-09-02 18:42 - 0000000 ____D C:\ProgramData\FLEXnet
2011-11-12 06:30 - 2011-11-12 06:30 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Lionhead Studios
2011-11-12 06:24 - 2011-08-31 16:45 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-12 06:23 - 2011-11-12 06:23 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-12 06:20 - 2011-11-12 06:20 - 0000000 ____D C:\Windows\SysWOW64\xlive
2011-11-12 06:10 - 2011-09-28 19:53 - 0000000 ____D C:\Program Files (x86)\Wondershare
2011-11-11 16:40 - 2011-11-09 11:47 - 0000000 ____D C:\Users\Zack\Downloads\Fable.III-SKIDROW
2011-11-11 04:23 - 2011-10-19 16:28 - 0000000 ____D C:\Users\Zack\Downloads\The Naked and Famous - Passive Me, Aggressive You (2010)
2011-11-11 02:37 - 2011-11-11 02:37 - 0000000 ___AH C:\Users\Zack\Documents\Default.rdp
2011-11-11 01:10 - 2011-11-11 00:39 - 0000000 ____D C:\Users\All Users\Hitman Pro
2011-11-11 01:10 - 2011-11-11 00:39 - 0000000 ____D C:\ProgramData\Hitman Pro
2011-11-11 00:43 - 2011-11-11 00:43 - 0001974 ____A C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
2011-11-11 00:31 - 2011-11-11 00:30 - 0000000 ____D C:\Users\Zack\Downloads\Hitman Pro 3.5.9 Build 129 - Fully Activated -BRiNGiT
2011-11-10 22:54 - 2011-11-02 20:27 - 0000269 ___AH C:\bdr-conf
2011-11-10 22:52 - 2009-07-13 18:34 - 0436431 ___RA C:\Windows\System32\Drivers\etc\hosts.20111117-103007.backup
2011-11-10 08:27 - 2011-11-10 08:27 - 0000000 ____D C:\Windows\system64
2011-11-10 07:30 - 2009-07-13 18:34 - 0436431 ___RA C:\Windows\System32\Drivers\etc\hosts.20111111-015202.backup
2011-11-10 06:06 - 2011-11-27 02:07 - 1880400 ____A (Bethesda Softworks) C:\Users\Zack\Desktop\SkyrimLauncher.exe
2011-11-10 01:49 - 2011-11-02 20:25 - 0002096 ____A C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
2011-11-09 19:57 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-08 06:25 - 2011-11-08 06:25 - 0000000 ____D C:\Users\Zack\AppData\Roaming\LolClient
2011-11-08 05:54 - 2011-11-08 05:54 - 0001547 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2011-11-08 05:51 - 2011-11-08 05:51 - 0000000 ____D C:\Riot Games
2011-11-08 05:51 - 2011-08-31 13:34 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-11-08 03:55 - 2011-11-08 03:55 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2011-11-08 03:54 - 2011-11-08 03:54 - 2288128 ____A C:\Users\Zack\Downloads\LeagueofLegends.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 6051.06 MB
Available physical RAM: 5412.56 MB
Total Pagefile: 6049.26 MB
Available Pagefile: 5394.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:58.49 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: () (Removable) (Total:1.86 GB) (Free:0.77 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1907 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 298 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 1907 MB Healthy


==========================================================
TDL4: custom:26000022
==========================================================

Last Boot: 2012-01-30 04:39

======================= End Of Log ==========================

Edited by Frustrated Guy, 05 February 2012 - 06:49 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:52 PM

Posted 05 February 2012 - 07:29 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
2012-01-23 15:14 - 2012-01-23 15:14 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-01-23 15:07 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
cmd: bootrec /FixMbr
TDL4: custom:26000022
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST64 from the command prompt and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart, let it boot normally and tell me how it went.

#5 Frustrated Guy

Frustrated Guy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 05 February 2012 - 08:29 AM

Here are the results from fixlog.txt:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-05 08:16:16 R:1
Running from E:\

==============================================


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
C:\Windows\SysWOW64\%APPDATA% moved successfully.
C:\Windows\svchost.exe moved successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====



After rebooting, Windows loaded fine. I ran TDSKILLER as a safety precaution which found no traces... but I will continue to run various Malware scans for peace of mind! Thank you so much for your help!

I will be sure to donate in the future as soon as I have the money to do so.

With great gratitude, Zachary.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:52 PM

Posted 05 February 2012 - 08:38 AM

Great. :thumbup2:

Please delete FRST tool as we don't need it any more. Also go to C:\FRST Rith-click FRST and select Delete to delete the entire FRST folder.

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users