Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon attack, windows 7 64bit won't boot


  • This topic is locked This topic is locked
2 replies to this topic

#1 jevolution

jevolution

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 11 February 2012 - 02:00 PM

Hey, I've got an hp laptop with windows 7, microsoft security essentials started reporting and alureon infection, tried removing it, but it could not be deleted. After this, i eventually restarted the computer, but it refused to boot, after the windows loading screen, it just restarts.

i've seen other ppl solved similar problems using the farbar tool from the command prompt in the recovery console, im posting the frst.txt log to try to speed up the process a bit. any help would be very appreciated. i just can't figure out how to use the log to come up with the commands for fixlist.txt


Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-08 19:52:55
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-05-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2009-12-16] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390736 2010-08-21] (Acronis)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-11-18] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-11-18] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-11-18] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-11-18] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe [76584 2010-03-24] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536448 2010-08-20] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5458848 2010-08-21] (Acronis)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Donothan Sookraj\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [639864 2011-07-26] (BitTorrent, Inc.)
HKU\Donothan Sookraj\...\Run: [] [x]
HKU\Donothan Sookraj\...\Run: [SpeedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup [2098376 2011-04-23] (SpeedBit LTD)
HKU\Donothan Sookraj\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Donothan Sookraj\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [196608 2004-04-17] (InstallShield Software Corporation)
HKU\Donothan Sookraj\...\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe [53248 2012-01-24] (MediaMall Technologies, Inc.)
HKU\test\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\test\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\test\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\test\...\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [196608 2004-04-17] (InstallShield Software Corporation)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe,
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 200.1.104.35
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1078968 2010-08-21] (Acronis)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2010-09-10] (Acronis)
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127984 2010-01-15] (CinemaNow, Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-02-08] (DeviceVM, Inc.)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1436424 2010-08-13] (Acresso Software Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [85560 2011-06-21] (Hewlett-Packard Company)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2009-12-16] (Hewlett-Packard)
3 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-24] (Hewlett-Packard Developement Company, L.P.)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2011-05-13] (Hewlett-Packard Company)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-04] (Macrovision Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [5154680 2012-01-24] (MediaMall Technologies, Inc.)
2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-10] ()
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51445112 2010-01-21] (Microsoft Corporation)
2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [628736 2010-12-08] (Nokia)
2 szserver; "C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe" [68648 2012-01-31] (iS3, Inc.)
2 TryAndDecideService; C:\Windows\System32\screadspool.dll [6656 2009-07-13] (Oak Technology Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-04-30] (Intel Corporation)
2 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [265928 2011-04-23] (SpeedBit Ltd.)
2 KMService; C:\Windows\system32\srvany.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43320 2011-05-13] (Hewlett-Packard Company)
3 afcdp; C:\Windows\System32\DRIVERS\afcdp.sys [279136 2010-09-10] (Acronis)
3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [47160 2008-04-28] (AMD, Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [116240 2010-10-06] (ATI Technologies, Inc.)
3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-03-04] (DT Soft Ltd)
1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)
3 ggflt; C:\Windows\System32\DRIVERS\ggflt.sys [13352 2010-10-26] (Sony Ericsson Mobile Communications)
3 ggsemc; C:\Windows\System32\DRIVERS\ggsemc.sys [27176 2010-10-26] (Sony Ericsson Mobile Communications)
0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2011-05-13] (Hewlett-Packard Company)
3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [10610400 2010-11-18] (Intel Corporation)
3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2010-10-21] (MotioninJoy)
3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [8593920 2011-07-09] (Intel Corporation)
3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-07-30] (Nokia)
3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [26624 2010-07-30] (Nokia)
3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [25600 2008-08-28] (Nokia)
3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-10-26] (Sony Ericsson Mobile Communications)
0 snapman; C:\Windows\System32\DRIVERS\snapman.sys [277088 2010-09-10] (Acronis)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-03-04] (Duplex Secure Ltd.)
3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
0 szkg5; C:\Windows\SysWow64\DRIVERS\szkg64.sys [74768 2011-09-26] (iS3 Inc.)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2010-09-10] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2010-09-10] (Acronis)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2010-07-30] (Nokia)
3 usbser; C:\Windows\System32\drivers\usbser.sys [32768 2010-11-20] (Microsoft Corporation)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2010-07-30] (Nokia)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [19968 2009-07-13] (Microsoft Corporation)
3 atillk64; \??\C:\Program Files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
1 fwjpphww; \??\C:\Windows\system32\drivers\fwjpphww.sys [x]
3 LGDDCDevice; \??\C:\Windows\system32\LGI2CDriver.sys [x]
3 LGII2CDevice; \??\C:\Windows\system32\LGPII2CDriver.sys [x]
1 pknnbejy; \??\C:\Windows\system32\drivers\pknnbejy.sys [x]
3 X6va005; \??\C:\Users\DONOTH~1\AppData\Local\Temp\005F23E.tmp [x]
1 zndvjnjs; \??\C:\Windows\system32\drivers\zndvjnjs.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: TryAndDecideService

============ One Month Created Files and Folders ==============

2012-02-08 15:59 - 2012-02-08 16:08 - 0445974 ____A C:\Windows\ntbtlog.txt
2012-02-07 18:38 - 2012-02-07 18:44 - 0000800 ____A C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2012-02-07 18:38 - 2012-02-07 18:38 - 0000036 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-07 18:33 - 2012-02-07 18:48 - 0000000 ____D C:\Users\All Users\STOPzilla!
2012-02-07 18:33 - 2012-02-07 18:48 - 0000000 ____D C:\ProgramData\STOPzilla!
2012-02-07 18:33 - 2012-02-07 18:33 - 0000000 ____D C:\Program Files (x86)\STOPzilla!
2012-02-06 17:16 - 2012-02-06 17:16 - 227798769 ____A C:\Users\Donothan Sookraj\Desktop\SLIDE INTRO.mov
2012-02-06 17:00 - 2012-02-06 17:00 - 0059704 ____A C:\Users\Donothan Sookraj\Desktop\Slide 1.mov.sfk
2012-02-06 15:32 - 2012-02-06 16:23 - 570462791 ____A C:\Users\Donothan Sookraj\Desktop\Slide 1.mov
2012-02-05 15:24 - 2012-02-05 15:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{C2CBAD4A-287B-45E1-A4A6-AEC2217A2EE0}
2012-02-05 15:23 - 2012-02-05 15:23 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{6EE173C2-2F30-4EA7-8865-B77B8087C83E}
2012-02-05 13:17 - 2012-02-07 18:18 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-04 16:30 - 2012-02-04 16:30 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{DBF98841-8703-4128-89C5-41158FA2F636}
2012-02-04 16:30 - 2012-02-04 16:30 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{37F1C024-331A-4DAE-B008-727601ACFC02}
2012-02-03 23:01 - 2012-02-04 09:14 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-03 23:01 - 2011-12-10 15:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-02-03 22:51 - 2012-02-03 22:51 - 0000604 ____A C:\Windows\PFRO.log
2012-02-03 21:44 - 2012-02-03 21:51 - 0024490 ____A C:\Users\Donothan Sookraj\Downloads\smtl quote calculator 2012v3.xlsx
2012-02-03 14:55 - 2011-12-05 14:55 - 0000032 ___RA C:\Users\All Users\hash.dat
2012-02-03 14:55 - 2011-12-05 14:55 - 0000032 ___RA C:\ProgramData\hash.dat
2012-02-03 14:35 - 2012-02-03 14:34 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-03 14:35 - 2012-02-03 14:34 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-03 14:35 - 2012-02-03 14:34 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-03 14:28 - 2012-02-03 14:28 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{EEABE9C5-B8A3-4BCC-A9B5-F09399B66FC3}
2012-02-03 14:28 - 2012-02-03 14:28 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{74F5EFE6-E4E1-4FAF-AE37-C5461E8E0783}
2012-02-02 18:24 - 2012-02-02 18:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{817B59A0-FFE1-40ED-8014-F3A436FD7014}
2012-02-02 18:24 - 2012-02-02 18:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{11E3B432-985F-41D9-B4A9-8204A282F39E}
2012-01-31 19:58 - 2012-01-31 19:58 - 0547880 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZComp5.dll
2012-01-31 19:58 - 2012-01-31 19:58 - 0482344 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZBase5.dll
2012-01-31 19:58 - 2012-01-31 19:58 - 0134184 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3HTUI5.dll
2012-01-31 19:58 - 2012-01-31 19:58 - 0024616 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZIO5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0810024 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Base5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0457768 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3DBA5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0392232 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3UI5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0232488 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Win325.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0105512 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Inet5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0101416 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Svc5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0068648 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Hks5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0030248 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3XDat5.dll
2012-01-31 17:55 - 2012-01-31 17:55 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{E61500C2-062C-4298-8989-C17CEDEBE88E}
2012-01-31 17:55 - 2012-01-31 17:55 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B790A7A1-47BD-4FD9-9295-A1C30448C0C5}
2012-01-30 22:55 - 2012-01-30 22:55 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{6BABD490-E6B9-42C6-982C-9BEE725CFFCD}
2012-01-30 22:54 - 2012-01-30 22:55 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{58F98E9B-C3FF-49DB-AD1E-D31A25F23003}
2012-01-30 19:45 - 2012-02-07 18:16 - 0002632 ____A C:\Windows\setupact.log
2012-01-30 19:45 - 2012-01-30 19:45 - 0000000 ____A C:\Windows\setuperr.log
2012-01-29 22:20 - 2012-01-29 22:20 - 0000000 ____D C:\Program Files (x86)\Seamless Entertainment
2012-01-29 21:29 - 2012-01-29 22:09 - 0000000 ____D C:\Program Files (x86)\inXile Entertainment
2012-01-29 21:29 - 2012-01-29 21:29 - 0000000 ____D C:\Windows\system64
2012-01-29 21:29 - 2012-01-29 21:29 - 0000000 ____A C:\Users\Donothan Sookraj\AppData\Roaming\AVKAY.txt
2012-01-29 16:02 - 2012-01-29 16:02 - 0000000 ____D C:\Windows\XSxS
2012-01-26 03:26 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-26 03:26 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-26 03:26 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-26 03:26 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-26 03:26 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-26 03:26 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-26 03:26 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-26 03:26 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-26 03:26 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-26 03:26 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-26 03:26 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-26 03:26 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-26 03:26 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-26 03:26 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-25 17:54 - 2012-01-26 17:02 - 0000000 ____D C:\Program Files (x86)\Radiangames
2012-01-25 16:35 - 2012-01-25 17:02 - 0000000 ____D C:\Users\Donothan Sookraj\OilRush
2012-01-25 16:28 - 2012-01-28 19:10 - 0000000 ____D C:\Program Files (x86)\Unigine
2012-01-22 07:19 - 2012-01-22 07:19 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5F31D409-2942-433D-9F6A-B42CA72664E1}
2012-01-22 07:19 - 2012-01-22 07:19 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5E0A85B6-1BC8-4E62-A6BC-25F25733BE2D}
2012-01-21 19:19 - 2012-01-21 19:19 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{BCDF81F4-2792-4CC4-97F6-5053CED15801}
2012-01-21 19:18 - 2012-01-21 19:19 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{35F3307A-6F78-40F1-86ED-9B4E8BDFE28A}
2012-01-21 05:52 - 2012-01-21 05:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B1AE50B6-6A28-4C71-B224-9D1CECF8862C}
2012-01-21 05:52 - 2012-01-21 05:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5E40246A-A465-43CA-AFCD-8487D6F7E4F4}
2012-01-21 04:36 - 2012-01-21 04:36 - 43090900 ____A C:\Users\Donothan Sookraj\Desktop\The Jump.mov
2012-01-20 17:52 - 2012-01-20 17:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{DC26BA5E-751B-4C34-AC23-D78AE3EA6ED3}
2012-01-20 17:52 - 2012-01-20 17:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{01123DF6-19BA-45F2-B3B4-44C29BCD0D6F}
2012-01-20 05:51 - 2012-01-20 05:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{F1134028-7E26-4EE2-8FDB-FFEC870F473F}
2012-01-20 05:51 - 2012-01-20 05:51 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{8B1DEA35-69A1-4C18-9B54-BD6714603E6D}
2012-01-19 15:43 - 2012-01-19 15:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{FC19869B-F341-4AC3-A5BC-E189C6EF5CBF}
2012-01-19 15:43 - 2012-01-19 15:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{87C271B3-01E7-46FC-A3BC-01702C101981}
2012-01-19 05:14 - 2012-01-20 05:41 - 0000000 ____D C:\Users\Donothan Sookraj\Downloads\templates
2012-01-19 01:50 - 2012-01-19 01:50 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{68535285-64BD-48F4-85A9-70C190CC89E6}
2012-01-19 01:49 - 2012-01-19 01:50 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{1491C6C9-B264-487C-9BA6-38C4A56648E8}
2012-01-18 21:23 - 2012-01-18 21:24 - 0000000 ____D C:\Program Files (x86)\TextAloud
2012-01-18 21:23 - 2012-01-18 21:23 - 0001700 ____A C:\Users\Donothan Sookraj\Desktop\TextAloud.lnk
2012-01-18 03:01 - 2012-01-18 03:01 - 9704224 ____A (Microsoft Corporation) C:\Users\Donothan Sookraj\Downloads\BingLandscapePack.EXE
2012-01-18 00:57 - 2012-01-18 00:57 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{95620F2B-8A21-4BE7-B17A-8CC66F6FA191}
2012-01-18 00:57 - 2012-01-18 00:57 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{28ADAEA0-444B-4CC4-962A-DCB9BAF06FF8}
2012-01-17 12:57 - 2012-01-17 12:57 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{0A5E6EC0-59B9-4980-A1B3-D570B7880BFD}
2012-01-17 12:56 - 2012-01-17 12:57 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{3C3C225A-00C8-4B32-B359-B3ABC71D9FC9}
2012-01-16 00:17 - 2012-01-16 00:17 - 0000000 ____D C:\Users\All Users\NextUp
2012-01-16 00:17 - 2012-01-16 00:17 - 0000000 ____D C:\ProgramData\NextUp
2012-01-16 00:15 - 2012-01-16 00:15 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\NextUp
2012-01-15 18:45 - 2012-01-15 18:45 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B68D219F-91FB-4557-9119-D30410C2E7EB}
2012-01-15 18:45 - 2012-01-15 18:45 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{565C4171-28C2-477E-A9AD-4612F98656E9}
2012-01-15 02:35 - 2010-08-09 00:15 - 0000854 ____A C:\Windows\System32\Drivers\etc\hosts.msn
2012-01-14 18:05 - 2012-01-14 18:05 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{F554C5D2-FD23-41CD-9DC0-4150E8783CEA}
2012-01-14 18:05 - 2012-01-14 18:05 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{14657951-AB66-472B-AB57-67422B2FA3AA}
2012-01-13 22:43 - 2012-01-13 22:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5EA58494-3C7E-457B-9B14-CD9AFFB67E3D}
2012-01-13 22:43 - 2012-01-13 22:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{46473FC8-CE3C-4613-BA7D-7D0B5A5F9099}
2012-01-12 00:12 - 2012-01-17 19:40 - 0000000 ____D C:\Users\Donothan Sookraj\Desktop\SMTL
2012-01-11 13:25 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 13:25 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-11 13:25 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 13:25 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-11 13:25 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 13:25 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-11 13:25 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-11 13:25 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-10 22:24 - 2012-01-10 22:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{BD97B734-A93E-4359-880A-B39DF68C8126}
2012-01-10 22:23 - 2012-01-10 22:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{20CCE2E9-B9E1-40C1-861A-0BAE927EA998}
2012-01-10 09:34 - 2012-01-10 09:34 - 0000218 ____A C:\Users\Donothan Sookraj\.recently-used.xbel
2012-01-10 00:41 - 2012-01-10 00:41 - 0000000 ____D C:\Program Files (x86)\THQ


============ 3 Months Modified Files and Folders =============

2012-02-08 19:52 - 2012-02-08 19:52 - 0000000 ____D C:\FRST
2012-02-08 19:35 - 2010-06-26 00:34 - 3062255616 __ASH C:\hiberfil.sys
2012-02-08 19:35 - 2009-07-13 20:45 - 0579040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-08 16:08 - 2012-02-08 15:59 - 0445974 ____A C:\Windows\ntbtlog.txt
2012-02-08 11:32 - 2011-09-18 14:56 - 0000000 ____D C:\Windows\AutoKMS
2012-02-07 18:48 - 2012-02-07 18:33 - 0000000 ____D C:\Users\All Users\STOPzilla!
2012-02-07 18:48 - 2012-02-07 18:33 - 0000000 ____D C:\ProgramData\STOPzilla!
2012-02-07 18:48 - 2011-08-30 19:39 - 0000000 ____D C:\Users\All Users\MediaMall
2012-02-07 18:48 - 2011-08-30 19:39 - 0000000 ____D C:\ProgramData\MediaMall
2012-02-07 18:48 - 2010-08-25 03:48 - 1585805 ____A C:\Windows\WindowsUpdate.log
2012-02-07 18:48 - 2010-08-03 18:05 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\uTorrent
2012-02-07 18:44 - 2012-02-07 18:38 - 0000800 ____A C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2012-02-07 18:38 - 2012-02-07 18:38 - 0000036 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-07 18:33 - 2012-02-07 18:33 - 0000000 ____D C:\Program Files (x86)\STOPzilla!
2012-02-07 18:23 - 2009-07-13 20:45 - 0026192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-07 18:23 - 2009-07-13 20:45 - 0026192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-07 18:19 - 2011-09-18 14:56 - 0000266 ____A C:\Windows\Tasks\AutoKMS.job
2012-02-07 18:18 - 2012-02-05 13:17 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-07 18:18 - 2011-09-23 18:34 - 0000000 ___RD C:\Users\Donothan Sookraj\Dropbox
2012-02-07 18:18 - 2011-09-23 18:29 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\Dropbox
2012-02-07 18:17 - 2011-02-03 16:50 - 0000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-07 18:17 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-07 18:16 - 2012-01-30 19:45 - 0002632 ____A C:\Windows\setupact.log
2012-02-07 18:08 - 2011-02-03 16:50 - 0000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-06 23:05 - 2010-08-03 17:56 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-06 23:01 - 2011-12-23 09:53 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\Spotify
2012-02-06 22:48 - 2011-12-23 09:53 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\Spotify
2012-02-06 22:44 - 2011-06-13 16:34 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\ElevatedDiagnostics
2012-02-06 17:16 - 2012-02-06 17:16 - 227798769 ____A C:\Users\Donothan Sookraj\Desktop\SLIDE INTRO.mov
2012-02-06 17:00 - 2012-02-06 17:00 - 0059704 ____A C:\Users\Donothan Sookraj\Desktop\Slide 1.mov.sfk
2012-02-06 16:23 - 2012-02-06 15:32 - 570462791 ____A C:\Users\Donothan Sookraj\Desktop\Slide 1.mov
2012-02-06 14:25 - 2010-08-03 15:19 - 0148560 ____A C:\Users\Donothan Sookraj\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-06 13:47 - 2010-08-09 02:01 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-02-06 13:47 - 2010-08-09 02:01 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-02-05 19:16 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-02-05 18:56 - 2010-08-07 14:23 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\CrashDumps
2012-02-05 15:24 - 2012-02-05 15:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{C2CBAD4A-287B-45E1-A4A6-AEC2217A2EE0}
2012-02-05 15:24 - 2010-10-22 09:22 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\Windows Live
2012-02-05 15:23 - 2012-02-05 15:23 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{6EE173C2-2F30-4EA7-8865-B77B8087C83E}
2012-02-04 21:00 - 2011-09-14 21:58 - 0806400 __ASH C:\Users\Donothan Sookraj\Desktop\Thumbs.db
2012-02-04 20:13 - 2011-11-14 23:52 - 0000000 ____D C:\Program Files (x86)\Fraps
2012-02-04 20:03 - 2011-07-23 15:50 - 0000376 ____A C:\Windows\Tasks\HPCeeScheduleForDonothan Sookraj.job
2012-02-04 19:24 - 2010-08-11 17:17 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-02-04 19:23 - 2011-10-29 19:53 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-02-04 16:30 - 2012-02-04 16:30 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{DBF98841-8703-4128-89C5-41158FA2F636}
2012-02-04 16:30 - 2012-02-04 16:30 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{37F1C024-331A-4DAE-B008-727601ACFC02}
2012-02-04 09:14 - 2012-02-03 23:01 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-03 22:51 - 2012-02-03 22:51 - 0000604 ____A C:\Windows\PFRO.log
2012-02-03 21:51 - 2012-02-03 21:44 - 0024490 ____A C:\Users\Donothan Sookraj\Downloads\smtl quote calculator 2012v3.xlsx
2012-02-03 20:38 - 2011-11-21 21:16 - 0000427 ____A C:\Users\Donothan Sookraj\Desktop\Songs.txt
2012-02-03 17:45 - 2009-07-13 21:13 - 0786790 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-03 15:01 - 2010-12-10 21:04 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\My Received Files
2012-02-03 14:48 - 2010-08-03 15:12 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\LocalLow
2012-02-03 14:34 - 2012-02-03 14:35 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-03 14:34 - 2012-02-03 14:35 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-03 14:34 - 2012-02-03 14:35 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-03 14:34 - 2010-08-06 20:03 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-03 14:28 - 2012-02-03 14:28 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{EEABE9C5-B8A3-4BCC-A9B5-F09399B66FC3}
2012-02-03 14:28 - 2012-02-03 14:28 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{74F5EFE6-E4E1-4FAF-AE37-C5461E8E0783}
2012-02-02 18:24 - 2012-02-02 18:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{817B59A0-FFE1-40ED-8014-F3A436FD7014}
2012-02-02 18:24 - 2012-02-02 18:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{11E3B432-985F-41D9-B4A9-8204A282F39E}
2012-01-31 20:50 - 2010-08-03 11:47 - 0004613 ____A C:\Users\Donothan Sookraj\Documents\GAME LIST.txt
2012-01-31 19:58 - 2012-01-31 19:58 - 0547880 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZComp5.dll
2012-01-31 19:58 - 2012-01-31 19:58 - 0482344 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZBase5.dll
2012-01-31 19:58 - 2012-01-31 19:58 - 0134184 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3HTUI5.dll
2012-01-31 19:58 - 2012-01-31 19:58 - 0024616 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZIO5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0810024 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Base5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0457768 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3DBA5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0392232 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3UI5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0232488 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Win325.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0105512 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Inet5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0101416 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Svc5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0068648 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Hks5.dll
2012-01-31 19:57 - 2012-01-31 19:57 - 0030248 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3XDat5.dll
2012-01-31 17:55 - 2012-01-31 17:55 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{E61500C2-062C-4298-8989-C17CEDEBE88E}
2012-01-31 17:55 - 2012-01-31 17:55 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B790A7A1-47BD-4FD9-9295-A1C30448C0C5}
2012-01-30 22:55 - 2012-01-30 22:55 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{6BABD490-E6B9-42C6-982C-9BEE725CFFCD}
2012-01-30 22:55 - 2012-01-30 22:54 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{58F98E9B-C3FF-49DB-AD1E-D31A25F23003}
2012-01-30 20:48 - 2010-08-05 11:32 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\SKIDROW
2012-01-30 19:45 - 2012-01-30 19:45 - 0000000 ____A C:\Windows\setuperr.log
2012-01-30 14:44 - 2010-08-15 19:07 - 0000000 ____D C:\Windows\Minidump
2012-01-30 14:39 - 2010-08-05 14:28 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\Back Up
2012-01-29 22:49 - 2010-08-03 18:50 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\My Games
2012-01-29 22:48 - 2010-08-03 18:18 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\Skype
2012-01-29 22:44 - 2010-08-03 16:40 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\Webcam
2012-01-29 22:20 - 2012-01-29 22:20 - 0000000 ____D C:\Program Files (x86)\Seamless Entertainment
2012-01-29 22:09 - 2012-01-29 21:29 - 0000000 ____D C:\Program Files (x86)\inXile Entertainment
2012-01-29 21:29 - 2012-01-29 21:29 - 0000000 ____D C:\Windows\system64
2012-01-29 21:29 - 2012-01-29 21:29 - 0000000 ____A C:\Users\Donothan Sookraj\AppData\Roaming\AVKAY.txt
2012-01-29 16:02 - 2012-01-29 16:02 - 0000000 ____D C:\Windows\XSxS
2012-01-29 05:10 - 2010-08-19 21:41 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-28 19:12 - 2012-01-03 15:12 - 0000000 ____D C:\Users\Donothan Sookraj\Desktop\Extra Games
2012-01-28 19:10 - 2012-01-25 16:28 - 0000000 ____D C:\Program Files (x86)\Unigine
2012-01-28 18:32 - 2011-08-27 01:57 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\deluge
2012-01-26 17:02 - 2012-01-25 17:54 - 0000000 ____D C:\Program Files (x86)\Radiangames
2012-01-25 17:02 - 2012-01-25 16:35 - 0000000 ____D C:\Users\Donothan Sookraj\OilRush
2012-01-25 16:35 - 2010-08-03 15:12 - 0000000 ____D C:\users\Donothan Sookraj
2012-01-23 23:56 - 2011-07-25 15:47 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\PMB Files
2012-01-23 21:06 - 2011-07-25 15:47 - 0000000 ____D C:\Users\All Users\PMB Files
2012-01-23 21:06 - 2011-07-25 15:47 - 0000000 ____D C:\ProgramData\PMB Files
2012-01-22 18:27 - 2011-08-27 02:11 - 0000000 ____D C:\Program Files (x86)\Deluge
2012-01-22 07:19 - 2012-01-22 07:19 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5F31D409-2942-433D-9F6A-B42CA72664E1}
2012-01-22 07:19 - 2012-01-22 07:19 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5E0A85B6-1BC8-4E62-A6BC-25F25733BE2D}
2012-01-21 19:19 - 2012-01-21 19:19 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{BCDF81F4-2792-4CC4-97F6-5053CED15801}
2012-01-21 19:19 - 2012-01-21 19:18 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{35F3307A-6F78-40F1-86ED-9B4E8BDFE28A}
2012-01-21 05:52 - 2012-01-21 05:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B1AE50B6-6A28-4C71-B224-9D1CECF8862C}
2012-01-21 05:52 - 2012-01-21 05:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5E40246A-A465-43CA-AFCD-8487D6F7E4F4}
2012-01-21 04:36 - 2012-01-21 04:36 - 43090900 ____A C:\Users\Donothan Sookraj\Desktop\The Jump.mov
2012-01-20 17:52 - 2012-01-20 17:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{DC26BA5E-751B-4C34-AC23-D78AE3EA6ED3}
2012-01-20 17:52 - 2012-01-20 17:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{01123DF6-19BA-45F2-B3B4-44C29BCD0D6F}
2012-01-20 05:52 - 2012-01-20 05:51 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{F1134028-7E26-4EE2-8FDB-FFEC870F473F}
2012-01-20 05:51 - 2012-01-20 05:51 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{8B1DEA35-69A1-4C18-9B54-BD6714603E6D}
2012-01-20 05:41 - 2012-01-19 05:14 - 0000000 ____D C:\Users\Donothan Sookraj\Downloads\templates
2012-01-19 15:43 - 2012-01-19 15:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{FC19869B-F341-4AC3-A5BC-E189C6EF5CBF}
2012-01-19 15:43 - 2012-01-19 15:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{87C271B3-01E7-46FC-A3BC-01702C101981}
2012-01-19 01:50 - 2012-01-19 01:50 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{68535285-64BD-48F4-85A9-70C190CC89E6}
2012-01-19 01:50 - 2012-01-19 01:49 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{1491C6C9-B264-487C-9BA6-38C4A56648E8}
2012-01-18 21:24 - 2012-01-18 21:23 - 0000000 ____D C:\Program Files (x86)\TextAloud
2012-01-18 21:23 - 2012-01-18 21:23 - 0001700 ____A C:\Users\Donothan Sookraj\Desktop\TextAloud.lnk
2012-01-18 03:01 - 2012-01-18 03:01 - 9704224 ____A (Microsoft Corporation) C:\Users\Donothan Sookraj\Downloads\BingLandscapePack.EXE
2012-01-18 00:57 - 2012-01-18 00:57 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{95620F2B-8A21-4BE7-B17A-8CC66F6FA191}
2012-01-18 00:57 - 2012-01-18 00:57 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{28ADAEA0-444B-4CC4-962A-DCB9BAF06FF8}
2012-01-17 19:40 - 2012-01-12 00:12 - 0000000 ____D C:\Users\Donothan Sookraj\Desktop\SMTL
2012-01-17 12:57 - 2012-01-17 12:57 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{0A5E6EC0-59B9-4980-A1B3-D570B7880BFD}
2012-01-17 12:57 - 2012-01-17 12:56 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{3C3C225A-00C8-4B32-B359-B3ABC71D9FC9}
2012-01-16 22:55 - 2012-01-03 04:17 - 2030586 ____A C:\vraylog.txt
2012-01-16 11:12 - 2009-09-06 16:40 - 0000000 ____D C:\SwSetup
2012-01-16 00:17 - 2012-01-16 00:17 - 0000000 ____D C:\Users\All Users\NextUp
2012-01-16 00:17 - 2012-01-16 00:17 - 0000000 ____D C:\ProgramData\NextUp
2012-01-16 00:15 - 2012-01-16 00:15 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\NextUp
2012-01-15 18:45 - 2012-01-15 18:45 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B68D219F-91FB-4557-9119-D30410C2E7EB}
2012-01-15 18:45 - 2012-01-15 18:45 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{565C4171-28C2-477E-A9AD-4612F98656E9}
2012-01-14 18:05 - 2012-01-14 18:05 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{F554C5D2-FD23-41CD-9DC0-4150E8783CEA}
2012-01-14 18:05 - 2012-01-14 18:05 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{14657951-AB66-472B-AB57-67422B2FA3AA}
2012-01-13 22:43 - 2012-01-13 22:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5EA58494-3C7E-457B-9B14-CD9AFFB67E3D}
2012-01-13 22:43 - 2012-01-13 22:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{46473FC8-CE3C-4613-BA7D-7D0B5A5F9099}
2012-01-12 03:07 - 2010-08-31 12:29 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-12 03:07 - 2010-08-31 12:29 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-12 03:01 - 2010-08-31 09:27 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-10 22:24 - 2012-01-10 22:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{BD97B734-A93E-4359-880A-B39DF68C8126}
2012-01-10 22:24 - 2012-01-10 22:23 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{20CCE2E9-B9E1-40C1-861A-0BAE927EA998}
2012-01-10 09:34 - 2012-01-10 09:34 - 0000218 ____A C:\Users\Donothan Sookraj\.recently-used.xbel
2012-01-10 00:41 - 2012-01-10 00:41 - 0000000 ____D C:\Program Files (x86)\THQ
2012-01-10 00:03 - 2011-12-27 20:48 - 0000000 ____D C:\Program Files (x86)\Kalypso Media Digital
2012-01-08 22:19 - 2010-08-04 20:14 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-01-08 22:19 - 2010-08-04 20:14 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-01-08 14:53 - 2011-04-30 02:13 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\Gas Powered Games
2012-01-08 14:50 - 2012-01-08 14:33 - 0000000 ____D C:\Users\All Users\Stardock
2012-01-08 14:50 - 2012-01-08 14:33 - 0000000 ____D C:\ProgramData\Stardock
2012-01-08 14:34 - 2012-01-08 14:34 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\Stardock
2012-01-08 14:32 - 2012-01-08 14:32 - 0000000 __HDC C:\Users\Donothan Sookraj\AppData\Local\{CB7FF897-1B11-4C55-92CE-581430D45766}
2012-01-08 14:32 - 2012-01-08 14:32 - 0000000 ____D C:\Program Files (x86)\Stardock Games
2012-01-08 14:31 - 2012-01-08 14:31 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\Stardock
2012-01-08 14:18 - 2011-03-16 16:48 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-01-08 14:15 - 2011-03-16 17:03 - 0000000 ____D C:\Users\All Users\Ubisoft
2012-01-08 14:15 - 2011-03-16 17:03 - 0000000 ____D C:\ProgramData\Ubisoft
2012-01-08 14:13 - 2010-05-16 16:56 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-07 15:24 - 2012-01-03 19:45 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\Trine2
2012-01-07 15:24 - 2012-01-03 19:36 - 0000000 ____D C:\Program Files (x86)\Frozenbyte
2012-01-05 20:54 - 2012-01-05 20:54 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{C67FBBF5-BCA6-445A-A090-1174A8BEDC4A}
2012-01-05 20:54 - 2012-01-05 20:54 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{C2424906-9E8C-499A-A145-BEE6165A2C07}
2012-01-05 00:57 - 2010-09-09 15:55 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\UTT
2012-01-04 18:43 - 2012-01-03 04:11 - 0000000 ____D C:\Program Files (x86)\RayFire Studios
2012-01-04 17:13 - 2011-11-03 22:11 - 0000000 ____D C:\Users\Donothan Sookraj\Desktop\excel
2012-01-03 15:40 - 2011-03-30 01:42 - 0000000 ____D C:\Users\test\AppData\Local\CrashDumps
2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Users\test\AppData\Local\{75E3BC02-6143-41A4-8A02-8EBC2AFAD5E5}
2012-01-03 15:39 - 2011-06-07 21:54 - 0000000 ____D C:\Users\test\Tracing
2012-01-03 15:21 - 2011-05-14 10:38 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-01-03 04:10 - 2012-01-03 04:10 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-01-03 03:07 - 2011-01-06 17:30 - 0781006 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-12-31 03:03 - 2011-12-31 03:02 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{8D4D01F6-C2DA-4F3B-AEC7-573B1C4D2052}
2011-12-31 03:02 - 2011-12-31 03:02 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{AA1064B0-89AC-4475-9A2A-6638921A3869}
2011-12-30 23:54 - 2011-06-14 23:38 - 0000000 ____D C:\Users\Donothan Sookraj\Desktop\Lightroom
2011-12-30 15:02 - 2011-12-30 15:02 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{3C2C5091-CBBA-48C8-81A1-FEC95067068A}
2011-12-30 15:02 - 2011-12-30 15:02 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{1048DC42-0A05-4A50-83F0-2E7A8FBE2368}
2011-12-27 20:47 - 2011-12-27 20:47 - 0000000 ____A C:\Users\Donothan Sookraj\AppData\Roaming\VgEZI.txt
2011-12-26 14:37 - 2011-12-26 14:37 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{FC511622-01CE-4D59-A6C7-7198E2B67C2F}
2011-12-26 14:37 - 2011-12-26 14:37 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{29BFDDD1-9241-4AC3-BED6-8D3E8BC88A6E}
2011-12-25 21:35 - 2011-12-25 21:35 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{538BA5D8-EEB8-4BBE-88AA-43595E1C4BDE}
2011-12-25 21:35 - 2011-12-25 21:35 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{27C3DEA9-24B6-4066-8F5A-E7CEF607C151}
2011-12-24 13:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-12-23 06:38 - 2011-12-23 06:38 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{2828BE77-BB09-48E7-8CDD-00CD6A59A1C9}
2011-12-23 06:38 - 2011-12-23 06:37 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{DF69A8E9-6972-44A0-92AD-683C5314732D}
2011-12-22 18:37 - 2011-12-22 18:37 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{4A0D4E59-208A-4A0B-8756-29AB85F34D44}
2011-12-22 18:37 - 2011-12-22 18:37 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{0A233913-8310-463E-A9CF-83947258D705}
2011-12-21 15:26 - 2011-08-21 05:14 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\Ubisoft Game Launcher
2011-12-21 04:53 - 2011-12-21 04:53 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\Ubisoft
2011-12-20 15:34 - 2011-12-20 15:34 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{654CA062-914E-40F1-8508-13ECE64BC2B6}
2011-12-20 15:34 - 2011-12-20 15:34 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{643E6A0D-9DE1-41AA-B1DA-C0C7FFCB7868}
2011-12-19 06:21 - 2011-12-19 06:20 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{0B17C1C5-ABBC-49A4-BA3A-F12A5BBE5E40}
2011-12-19 06:20 - 2011-12-19 06:20 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{D80CABDF-08C6-448C-B05B-A317FF1F4220}
2011-12-18 17:36 - 2011-12-18 17:36 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{FE80DCB0-D76C-41CA-B185-FAC0ADA2BD34}
2011-12-18 17:36 - 2011-12-18 17:36 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{A96F8E8D-D004-4B05-AD8D-C6E79DABAE35}
2011-12-17 19:08 - 2011-12-17 19:08 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{9D4A1049-1E14-45CD-B495-B28EF89DFB40}
2011-12-17 19:08 - 2011-12-17 19:08 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{4C052D85-448B-41AA-A88A-2A4FE1403165}
2011-12-17 05:25 - 2011-12-17 05:25 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{9629AF44-183A-4BE0-B062-1F30B93F968E}
2011-12-17 05:25 - 2011-12-17 05:25 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{33C7A16B-7290-4ACF-8D4A-60246057E68E}
2011-12-15 07:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-15 04:42 - 2011-12-15 04:42 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\WB Games
2011-12-10 23:47 - 2011-12-10 23:47 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{CB25D0A8-0DD6-472F-89DA-83EADFE264B7}
2011-12-10 23:47 - 2011-12-10 23:47 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{71F92A44-F050-4C20-BF0E-D06767A01DC0}
2011-12-10 15:24 - 2012-02-03 23:01 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 05:53 - 2011-12-10 05:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{D7982BBA-F62A-4B7C-A8D5-2B59842D9262}
2011-12-10 05:52 - 2011-12-10 05:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B5221F34-647E-4DF4-9D58-A8120F6F4616}
2011-12-09 05:17 - 2011-11-15 13:12 - 0040029 ____A C:\Windows\Run32A50.mch
2011-12-09 05:13 - 2011-11-15 13:12 - 0000035 ____A C:\Windows\A5W.INI
2011-12-09 05:13 - 2011-11-15 13:12 - 0000000 ____D C:\Windows\A5W_DATA
2011-12-08 22:26 - 2011-12-08 22:26 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{6F1A81A0-75A1-44BB-9FAC-FD77F50B8F9A}
2011-12-08 22:26 - 2011-12-08 22:25 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{D6635DF3-FA4E-46DD-99E2-D7A47A0AB9A4}
2011-12-08 10:25 - 2011-12-08 10:25 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{D01738E3-1566-45F6-B981-B3404253C604}
2011-12-08 10:25 - 2011-12-08 10:25 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{2B9453A5-003D-41F4-B512-FB75EEC67914}
2011-12-07 22:25 - 2011-12-07 22:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{67A2B2F7-EF95-447F-9B6D-CCB936EB2A70}
2011-12-07 22:24 - 2011-12-07 22:24 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{4CFB6E2A-5713-4368-B336-82D897C6480B}
2011-12-07 22:24 - 2010-05-16 16:58 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-12-07 22:13 - 2011-12-07 22:13 - 1287016 ____A (Microsoft Corporation) C:\Users\Donothan Sookraj\Downloads\wlsetup-web.exe
2011-12-07 21:38 - 2011-12-07 21:38 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\Messenger Plus
2011-12-07 13:41 - 2011-12-07 13:41 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{52772742-4175-4E8E-A043-79DF30E0E692}
2011-12-07 13:41 - 2011-12-07 13:40 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{1D188052-3E22-4C55-8727-9CAAF8E5EFEF}
2011-12-06 13:52 - 2011-12-06 13:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{EEB029F7-37A8-45FA-A479-C8E01EE71ACE}
2011-12-06 13:52 - 2011-12-06 13:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{679A6AAA-86E0-49D4-AEE6-D0C3831CCD88}
2011-12-06 01:52 - 2011-12-06 01:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{D1FC45B5-014D-4503-A76B-81EF65FBBF20}
2011-12-06 01:52 - 2011-12-06 01:51 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{F3A8628E-F7D1-4D93-8E7B-229D54766240}
2011-12-05 14:55 - 2012-02-03 14:55 - 0000032 ___RA C:\Users\All Users\hash.dat
2011-12-05 14:55 - 2012-02-03 14:55 - 0000032 ___RA C:\ProgramData\hash.dat
2011-12-05 13:51 - 2011-12-05 13:51 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{EA31A10E-3B5A-4C2F-9A50-BFC200C02EF6}
2011-12-05 13:51 - 2011-12-05 13:51 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{4A9181C7-987C-40B8-AAB3-29DF31CBEDBE}
2011-12-04 21:26 - 2011-12-04 21:26 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{BB09EE57-1646-4145-9A34-343C651A33B4}
2011-12-04 21:26 - 2011-12-04 21:26 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{527C07BE-FC48-4D03-AB46-3BEFA8F148C0}
2011-12-04 19:10 - 2011-12-04 19:10 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-04 08:53 - 2011-12-04 08:53 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{F165DA8C-B7D9-4912-A461-07899B2AE261}
2011-12-04 08:53 - 2011-12-04 08:53 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{769B25C5-372E-471D-A96B-82C3C4607B6F}
2011-12-03 20:53 - 2011-12-03 20:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{67B367BF-DBF7-4E2B-99F7-3B8403C4B32F}
2011-12-03 20:52 - 2011-12-03 20:52 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{317A5873-580D-49FD-8CEA-1F5D343118DB}
2011-12-02 23:21 - 2011-12-02 23:21 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{9E8ADBFB-F990-499D-A9BD-BB461F90C644}
2011-12-02 23:21 - 2011-12-02 23:21 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{6A24688D-E4DE-443E-A940-DC24B85B7934}
2011-12-02 13:11 - 2011-11-18 15:27 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-30 16:52 - 2011-08-27 06:58 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\ALI213
2011-11-29 11:22 - 2011-11-29 11:19 - 2363771 ____A C:\Users\Donothan Sookraj\Desktop\DSC02509.JPG
2011-11-29 11:20 - 2011-11-29 11:20 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{8E3C20D7-DC5F-43C7-AB0E-A577AE993843}
2011-11-29 11:20 - 2011-11-29 11:20 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{5F3F25A0-D042-4003-83CD-E36360472752}
2011-11-28 21:43 - 2011-11-28 21:43 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{DE8E4B2B-676D-4A4A-94BC-ACED5B53BE2C}
2011-11-28 21:42 - 2011-11-28 21:42 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{0C4BF9F2-C38D-46AC-BCB2-B0F0E152D96C}
2011-11-25 16:37 - 2011-11-25 16:37 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{9F55ADE8-9D4E-415E-8998-99C153BBDE08}
2011-11-25 16:37 - 2011-11-25 16:37 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{1594AE64-63B9-438B-BED1-2DD407485BE5}
2011-11-24 13:39 - 2011-11-01 21:56 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Roaming\gtk-2.0
2011-11-23 20:52 - 2011-12-15 00:30 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-20 20:14 - 2011-11-20 20:13 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{6B296D63-4BAF-4337-9422-1B3B8EC88A6B}
2011-11-20 20:13 - 2011-11-20 20:13 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B35B0FBF-2B06-4EFF-BD04-A004B13488E6}
2011-11-20 08:13 - 2011-11-20 08:13 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B0979D77-B344-48E0-8A34-F70739D985B7}
2011-11-20 08:13 - 2011-11-20 08:13 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{7C2512C7-023E-4F91-A570-1428F90510C9}
2011-11-19 20:13 - 2011-11-19 20:12 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{508836B7-BDD7-4706-AA81-15B91FD4662C}
2011-11-19 20:12 - 2011-11-19 20:12 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{36D7DF92-D32A-4FEA-A72E-FD71D22CDEE4}
2011-11-19 11:18 - 2011-11-19 11:14 - 32395196 ____A C:\Users\Donothan Sookraj\Downloads\L.A.Noire.v1.0.2396.Update-SKIDROW.rar
2011-11-19 06:58 - 2012-01-11 13:25 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:01 - 2012-01-11 13:25 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-18 21:34 - 2011-11-18 21:34 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\Skyrim
2011-11-18 12:17 - 2011-11-18 12:17 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\PAYDAY
2011-11-18 12:17 - 2011-11-18 12:17 - 0000000 ____D C:\Users\All Users\RELOADED
2011-11-18 12:17 - 2011-11-18 12:17 - 0000000 ____D C:\ProgramData\RELOADED
2011-11-18 09:44 - 2011-07-26 00:13 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\Conduit
2011-11-18 09:40 - 2011-05-14 17:32 - 0000000 ____D C:\Program Files (x86)\Zuxxez
2011-11-17 12:52 - 2011-11-17 12:50 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\NFSTR
2011-11-17 05:07 - 2011-11-17 04:57 - 50082848 ____A C:\Users\Donothan Sookraj\Downloads\Anime_Girls_Babes.rar
2011-11-17 01:56 - 2011-09-23 20:57 - 0000000 ____D C:\Games
2011-11-17 01:54 - 2010-10-28 22:20 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
2011-11-16 22:49 - 2012-01-26 03:26 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-16 22:49 - 2012-01-26 03:26 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 22:44 - 2012-01-26 03:26 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-16 22:41 - 2012-01-11 13:25 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 22:35 - 2012-01-26 03:26 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 22:35 - 2012-01-26 03:26 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-16 22:35 - 2012-01-26 03:26 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 22:35 - 2012-01-26 03:26 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-16 22:35 - 2012-01-26 03:26 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-16 22:35 - 2012-01-26 03:26 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 22:33 - 2012-01-26 03:26 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 21:38 - 2012-01-11 13:25 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 21:35 - 2012-01-26 03:26 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 21:34 - 2012-01-26 03:26 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 21:34 - 2012-01-26 03:26 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 21:28 - 2012-01-26 03:26 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-11-15 00:12 - 2011-11-15 00:12 - 0000000 ____D C:\Users\Donothan Sookraj\Documents\Microsoft Hardware
2011-11-14 23:51 - 2011-11-14 23:51 - 2619659 ____A C:\Users\Donothan Sookraj\Downloads\Beepa.Fraps.v3.4.7.13808.Retail-ZWT.rar
2011-11-14 21:28 - 2011-11-14 21:27 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{A462A07D-DFA1-4E31-95CE-10E9EB95AEBF}
2011-11-14 21:27 - 2011-11-14 21:27 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{59CA8F8C-2781-4E54-AE48-984AA60337EE}
2011-11-14 18:07 - 2010-08-06 21:36 - 0000000 ____D C:\Program Files (x86)\Google
2011-11-13 20:59 - 2011-11-13 20:58 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B4282519-C383-412B-B4B9-7C9592B2B1E5}
2011-11-13 20:58 - 2011-11-13 20:58 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{B8016222-5122-4EC3-A8F5-29C8747F2E43}
2011-11-13 15:27 - 2011-11-09 17:07 - 0000000 ____D C:\Program Files (x86)\Sonic Generations
2011-11-12 21:18 - 2011-11-12 21:18 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{ACBD0D9C-C860-4451-A589-6949C1F1F8D5}
2011-11-12 21:18 - 2011-11-12 21:18 - 0000000 ____D C:\Users\Donothan Sookraj\AppData\Local\{3617615D-B253-4946-96C7-0864CA16B68F}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3893.86 MB
Available physical RAM: 3142.62 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3138.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:444.34 GB) (Free:73.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:21.12 GB) (Free:3.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: (KINGSTON) (Removable) (Total:3.96 GB) (Free:0.58 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 4070 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 444 GB 200 MB
Partition 3 Primary 21 GB 444 GB
Partition 4 Primary 103 MB 465 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 444 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 21 GB Healthy

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4063 MB 31 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT32 Removable 4063 MB Healthy

==========================================================

Last Boot: 2012-01-30 15:26

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:39 PM

Posted 11 February 2012 - 07:57 PM

Hello jevolution,

Welcome to this forum.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe,
SubSystems: [Windows] ==> ZeroAccess
1 fwjpphww; \??\C:\Windows\system32\drivers\fwjpphww.sys [x]
1 pknnbejy; \??\C:\Windows\system32\drivers\pknnbejy.sys [x]
1 zndvjnjs; \??\C:\Windows\system32\drivers\zndvjnjs.sys [x]
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:39 PM

Posted 17 February 2012 - 06:36 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users