Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hitman Pro killed my OS...

Started by shoenberg3 , Nov 13 2011 11:33 AM

  • This topic is locked This topic is locked

#1
shoenberg3
Posted 13 November 2011 - 11:33 AM

shoenberg3

    New Member

  • Member
  • Pip
  • 3 posts
Hello,
I realize that a lot of ppl on this forum seems to having this problem but it seems most are forced to reinstall the OS... wondering if I could do without that.

My windows 7 installation has been absolutely perfect until few days ago when it got infected with Trojan or rookit that caused the google results to be redirected. I was a little too aggressive with my cleaning and upon reading feedback on the internet, installed Hitman Pro. What a terrible choice that was… Upon scanning and quarantining some files through Hitman, I no longer can boot at all; after a “windows loading” sign, it quickly flashes bsod and reboots. Safe mode does not work nor does startup repair. Playing with various commands on the command prompt ( bootrec /FixMbr etc.) did nothing. I am now thinking that either the registry or some of the system files got seriously compromised by Hitman Pro.


At this point, I am going to try two things before I resort to full reinstall: restoring registry and, if that doesn’t work, a repair install with the installation CD. Regarding the first option, I fortunately made a backup of my entire registry few weeks ago. However, they are in five big chunks: classes-root, current-user, local machine, users, and current config. I can access the files of the problem OS fine from booting from a different OS on a different HD, but I cannot overwrite them by simply replacing them (located in system32/config) since they are separated into keys (bcd-template, components, default, sam, security, software) from the local machine directory. And of course, I cannot just simply double click the backup REGS to merge since they would probably just update to the OS that I am currently on. I am also aware that you can access the registry of the problem OS on regedit by loading it as hive, but that would mean I would need to try to edit the values manually, and there’s no way I am going to be able to do that.

In summary, I am wondering if there is a way of updating the registry of the unbootable OS through the backed up REG files (classes-root, current-user, local machine, users, and current config), performing all of this on a different OS.

Of course, if none of this works, I am goign to look into repair install (but some people were apparently having difficulty getting that to work with this issue..)
  • 0

Advertisements

#2
azarl
Posted 16 November 2011 - 09:37 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
We can give it a go

You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save to your USB drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save to your USB drive.

Plug the flashdrive into the infected PC.

Booting your PC to Command Promp
  • Restart your PC, press and hold the F8 key as it restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
  • On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter.
  • Select a keyboard layout, and then click Next.
  • On the System Recovery Options menu, click on Command Prompt

Posted Image

Running FRST
  • In the command window type in "notepad" and press theEnter key.The notepad should open.
  • Under File menu select "Open".
  • Select "Computer" and locate your flash drive. Make a note of the drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64.exe) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive (from step 3 above).
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
  • 0

#3
shoenberg3
Posted 17 November 2011 - 08:57 PM

shoenberg3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello,
Thanks for the response.
I just did a scan with farbar.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.9
Ran by SYSTEM at 2011-11-18 10:40:15
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKU\Hotaik\...\Run: [AdobeBridge] [x]
HKU\Hotaik\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [x]

========================== Drivers (Whitelisted) =============

2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Almico Software)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-11-09 09:39 - 2011-11-09 09:39 - 0000000 ___AH C:\Windows\System32\config\1.reg.LOG
2011-11-09 09:02 - 2011-10-22 01:48 - 22835446 ____A C:\Windows\System32\config\4.reg
2011-11-09 09:02 - 2011-10-22 01:48 - 162018242 ____A C:\Windows\System32\config\3.reg
2011-11-09 09:02 - 2011-10-22 01:48 - 12175540 ____A C:\Windows\System32\config\2.reg
2011-11-09 09:02 - 2011-10-22 01:48 - 0004510 ____A C:\Windows\System32\config\5.reg
2011-11-09 09:02 - 2011-10-22 01:47 - 47735244 ____A C:\Windows\System32\config\1.reg
2011-11-09 08:55 - 2006-09-06 14:07 - 2325034 ____A C:\fifa.db
2011-11-09 00:02 - 2011-11-09 00:02 - 0001150 ____A C:\Users\Hotaik\Downloads\wscsvc(64).zip
2011-11-08 23:59 - 2011-11-08 23:59 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2011-11-08 23:57 - 2011-11-08 23:57 - 0023112 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2011-11-08 23:55 - 2011-11-08 23:55 - 0003608 ____A C:\Users\Hotaik\Downloads\Hitman_Pro_3.5.9_(x64)_[Hyperdrive25].6496995.TPB.torrent
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\WORK
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Windows\XSxS
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Hitman Pro Portable MonbJIan
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Program Files (x86)\Ashampoo Snap
2011-11-08 23:49 - 2011-11-08 23:49 - 0010965 ____A C:\Users\Hotaik\Downloads\Hitman_Pro_3.5.9_126_Portable.6536291.TPB.torrent
2011-11-08 23:38 - 2011-11-08 23:49 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-08 23:38 - 2011-11-08 23:49 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-08 23:38 - 2011-11-08 23:39 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-08 23:38 - 2011-11-08 23:38 - 0001260 ____A C:\Users\Hotaik\Desktop\Spybot - Search & Destroy.lnk
2011-11-08 23:30 - 2011-11-08 23:30 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-08 23:29 - 2011-11-08 23:30 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-08 23:29 - 2011-11-08 23:29 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\Hotaik\Downloads\mbam-setup.exe
2011-11-08 23:29 - 2011-08-31 17:00 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-11-08 23:23 - 2011-11-08 23:59 - 0000000 ____D C:\Users\Hotaik\Downloads\backups
2011-11-08 23:22 - 2011-11-08 23:22 - 0388608 ____A (Trend Micro Inc.) C:\Users\Hotaik\Downloads\HijackThis.exe
2011-11-08 22:48 - 2011-11-08 22:49 - 0312747 ____A C:\Users\Hotaik\Downloads\6321039545_a216077a96_b.jpg
2011-11-08 22:45 - 2011-11-08 22:58 - 0431811 ____A C:\Users\Hotaik\Downloads\6327614879_344b291a59_b.jpg
2011-11-08 22:41 - 2011-11-08 22:41 - 0570976 ____A C:\Users\Hotaik\Desktop\1.jpg
2011-11-08 22:27 - 2011-11-08 22:34 - 0473136 ____A C:\Users\Hotaik\Desktop\6168961276_02e7f9572c_b.jpg
2011-11-08 22:25 - 2011-11-08 22:25 - 0012363 ____A C:\Users\Hotaik\Downloads\Tommy Sung.docx
2011-11-08 22:10 - 2011-11-08 22:12 - 0360290 ____A C:\Users\Hotaik\Desktop\6145125957_b64a106ac8_b.jpg
2011-11-08 21:10 - 2011-11-08 21:11 - 3593232 ____A C:\Users\Hotaik\Downloads\intern presentaito.pptx
2011-11-08 20:20 - 2011-11-08 20:20 - 0058668 ___SH () C:\ps121v2.exe
2011-11-08 20:15 - 2011-11-08 20:15 - 0000000 ____D C:\Windows\system64
2011-11-08 20:05 - 2011-11-08 23:38 - 0000000 ____D C:\Program Files (x86)\B26A1
2011-11-08 20:05 - 2011-11-08 20:05 - 0000000 ____D C:\Program Files (x86)\LP
2011-11-08 19:29 - 2011-11-08 19:29 - 0081709 ____A C:\Users\Hotaik\Downloads\re Hotaik Tommy Sung.docx
2011-11-08 08:11 - 2011-11-08 08:11 - 0015608 ____A C:\Users\Hotaik\Desktop\Hotaik Tommy Sung.docx
2011-11-07 21:41 - 2011-11-07 22:49 - 0356209 ____A C:\Users\Hotaik\Desktop\sky.jpg
2011-11-07 20:41 - 2011-11-03 23:33 - 0000000 ____D C:\Users\Hotaik\Downloads\Reflection
2011-11-07 20:19 - 2011-11-07 20:17 - 0003584 ____A C:\Windows\System32\SilverEfexPro2FC32.dll
2011-11-07 20:18 - 2011-11-07 20:18 - 0001226 ____A C:\Users\Guest\Desktop\Nik Software Silver Efex.lnk
2011-11-07 20:18 - 2011-11-07 20:18 - 0000000 ____D C:\Program Files\Nik Software
2011-11-07 20:18 - 2011-11-07 20:18 - 0000000 ____D C:\Program Files (x86)\Nik Software Silver Efex
2011-11-07 20:09 - 2011-11-08 23:23 - 0000332 ____A C:\Windows\Tasks\At2.job
2011-11-07 20:09 - 2011-11-08 20:20 - 0000332 ____A C:\Windows\Tasks\At5.job
2011-11-07 20:09 - 2011-11-08 20:15 - 0000334 ____A C:\Windows\Tasks\At4.job
2011-11-07 20:09 - 2011-11-08 20:10 - 0000330 ____A C:\Windows\Tasks\At3.job
2011-11-07 20:09 - 2011-11-08 19:00 - 0000332 ____A C:\Windows\Tasks\At1.job
2011-11-07 19:54 - 2011-11-07 19:54 - 6358257 ____A C:\Users\Hotaik\Downloads\reflection_wallpaper_by_xhoop-d4ez7aa.rar
2011-11-07 19:47 - 2011-11-07 20:09 - 0000000 ____D C:\Users\All Users\Nik Software
2011-11-07 19:47 - 2011-11-07 20:09 - 0000000 ____D C:\ProgramData\Nik Software
2011-11-07 19:47 - 2010-11-04 16:04 - 0004608 ____A C:\Users\Hotaik\Documents\Viveza2FC64.dll
2011-11-07 10:16 - 2011-11-07 00:14 - 0487112 ____A C:\Users\Hotaik\Desktop\skysca.jpg
2011-11-07 09:53 - 2011-11-07 09:53 - 0047104 ____A C:\Users\Hotaik\Downloads\ics20fullsyl2011fall.doc
2011-11-07 08:07 - 2011-11-07 08:07 - 0012576 ____A C:\Users\Hotaik\Downloads\??????+E333+111107+MOOBI.mp4.torrent
2011-11-06 22:19 - 2011-11-06 22:19 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\Alien Skin
2011-11-06 22:19 - 2011-11-06 22:19 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Alien Skin
2011-11-06 20:39 - 2011-11-07 20:16 - 0000000 ____D C:\Program Files\Alien Skin
2011-11-06 20:39 - 2011-11-07 19:48 - 0000000 ____D C:\Users\All Users\Alien Skin
2011-11-06 20:39 - 2011-11-07 19:48 - 0000000 ____D C:\ProgramData\Alien Skin
2011-11-06 20:38 - 2011-11-06 20:38 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\Nik Software
2011-11-06 20:32 - 2011-11-07 20:20 - 0004126 ____A C:\Windows\KB893803v2.log
2011-11-06 20:19 - 2011-09-28 14:39 - 0003584 ____A C:\Users\Hotaik\Desktop\ColorEfexPro4FC32.dll
2011-11-06 20:13 - 2011-11-07 20:09 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Nik Software
2011-11-06 20:13 - 2011-09-28 14:39 - 0004608 ____A C:\Windows\SysWOW64\ColorEfexPro4FC64.dll
2011-11-06 19:30 - 2011-11-07 23:01 - 0000000 ____D C:\Users\Hotaik\Desktop\temp picture
2011-11-06 19:23 - 2011-11-07 12:25 - 0000000 ____D C:\Users\Hotaik\Desktop\2011 - 11 - Mission peak with dad
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Windows\MSSecurityNS
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Windows\MSSecurityNi
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Program Files (x86)\Nik Software
2011-11-06 18:46 - 2011-11-07 20:17 - 0000000 ____D C:\Program Files (x86)\Alien Skin
2011-11-06 18:44 - 2011-11-07 00:17 - 0000818 ____A C:\Users\Public\Desktop\PTGui.lnk
2011-11-06 18:44 - 2011-11-06 20:58 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\PTGui
2011-11-06 18:44 - 2011-11-06 18:44 - 0000000 ____D C:\Program Files\PTGui
2011-11-06 13:24 - 2011-11-06 13:24 - 2547712 ____A C:\Users\Hotaik\Downloads\20111014.doc
2011-11-05 18:30 - 2011-11-08 08:11 - 0015537 ____A C:\Users\Hotaik\Documents\Hotaik Tommy Sung.docx
2011-11-03 15:06 - 2011-11-03 15:06 - 0014073 ____A C:\Users\Hotaik\Desktop\creative.docx
2011-11-02 22:01 - 2011-11-02 22:02 - 0000000 ____D C:\Users\Hotaik\Downloads\winhex
2011-11-02 21:33 - 2011-11-02 21:34 - 0000000 ____D C:\Users\Hotaik\Documents\FIFA 07
2011-11-02 20:18 - 2011-11-02 20:18 - 0002020 ____A C:\Users\Public\Desktop\FIFA 07.lnk
2011-11-02 20:18 - 2011-11-02 20:18 - 0000000 ____D C:\Program Files (x86)\EA SPORTS
2011-11-02 20:17 - 2011-11-02 20:17 - 0000544 ____A C:\Windows\DirectX.log
2011-11-02 12:55 - 2011-11-07 21:56 - 0019515 ____A C:\Users\Hotaik\Desktop\Pit. Met. Spreadsheet - tommy sung nov. 2.xlsx
2011-11-02 10:20 - 2011-11-02 20:31 - 0013082 ____A C:\Users\Hotaik\Downloads\2.docx
2011-11-02 10:20 - 2011-11-02 10:20 - 0015523 ____A C:\Users\Hotaik\Desktop\1.pdf
2011-11-02 09:55 - 2011-11-05 23:25 - 0015973 ____A C:\Users\Hotaik\Desktop\Tell me about yourself.docx
2011-11-02 07:09 - 2011-11-02 07:10 - 0056320 ____A C:\Users\Hotaik\Downloads\Complete Database 9-15-11 FOR_TOMMY (2).xls
2011-11-02 07:09 - 2011-11-02 07:09 - 0054784 ____A C:\Users\Hotaik\Downloads\Complete Database 9-15-11 FOR_TOMMY (1).xls
2011-11-02 07:08 - 2011-11-02 07:08 - 0054784 ____A C:\Users\Hotaik\Downloads\Complete Database 9-15-11 FOR_TOMMY.xls
2011-11-02 07:06 - 2011-11-02 07:06 - 0016547 ____A C:\Users\Hotaik\Downloads\spreadsheet - tommy sung (1).xlsx
2011-11-01 20:05 - 2011-11-01 20:05 - 0379732 ____A C:\Users\Hotaik\Downloads\Pituitary-magnetic-resonance-imaging-for-sellar-and-parasellar-masses-Ten-year-experience-in-2598-patients_2011_Journal-of-Clinical-Endocrinology-and-Metabolism.pdf
2011-11-01 20:04 - 2011-11-01 20:15 - 0000000 ____D C:\Users\Hotaik\Downloads\Pit met study with katznelson
2011-11-01 19:06 - 2011-11-02 12:53 - 0019519 ____A C:\Users\Hotaik\Downloads\spreadsheet - tommy sung.xlsx
2011-11-01 19:06 - 2011-11-01 19:06 - 0011099 ____A C:\Users\Hotaik\Downloads\tommy hotaik.docx
2011-11-01 18:03 - 2011-11-01 18:05 - 0004088 ____A C:\shared.log
2011-11-01 18:03 - 2011-11-01 18:03 - 0011122 ____A C:\Users\Hotaik\Documents\cc_20111101_190310.reg
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\Users\All Users\Electronic Arts
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\Users\All Users\EA Core
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\ProgramData\Electronic Arts
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\ProgramData\EA Core
2011-11-01 11:38 - 2011-11-01 11:38 - 0000762 ____A C:\Users\Hotaik\Desktop\Solive.lnk
2011-11-01 11:38 - 2011-11-01 11:38 - 0000762 ____A C:\Users\Guest\Desktop\Solive.lnk
2011-11-01 11:38 - 2011-11-01 11:38 - 0000000 ____D C:\Program Files (x86)\Solive
2011-11-01 11:37 - 2011-11-01 11:37 - 2887553 ____A C:\Users\Hotaik\Downloads\Solive_1.1.3.0_Setup.exe
2011-11-01 11:20 - 2011-11-07 10:55 - 0000000 ____D C:\Program Files (x86)\The KMPlayer
2011-11-01 11:20 - 2011-11-01 11:20 - 0001037 ____A C:\Users\Hotaik\Desktop\KMPlayer.lnk
2011-11-01 11:20 - 2011-11-01 11:20 - 0000000 ____D C:\Users\Hotaik\AppData\Local\APN
2011-11-01 11:19 - 2011-11-01 11:20 - 17795728 ____A C:\Users\Hotaik\Desktop\KMPlayer_EN_3.0.0.1442.exe
2011-11-01 11:18 - 2011-11-01 11:19 - 0300416 ____A C:\Users\Hotaik\Downloads\SoftonicDownloader_for_kmplayer.exe
2011-11-01 09:47 - 2011-11-01 09:47 - 0031258 ____A C:\Users\Hotaik\Downloads\rS8njTDy9FSA6P1.torrent
2011-11-01 09:46 - 2011-11-01 09:46 - 0031258 ____A C:\Users\Hotaik\Downloads\PtbVUIfmyQwtX98.torrent
2011-11-01 09:44 - 2011-11-01 09:45 - 0070610 ____A C:\Users\Hotaik\Downloads\h877rGzEqH.torrent
2011-10-31 10:50 - 2011-10-31 10:50 - 0022630 ____A C:\Users\Hotaik\Downloads\Mahler_The_Complete_Symphonies_Solti_FLAC.torrent
2011-10-31 10:49 - 2011-10-31 10:49 - 0093205 ____A C:\Users\Hotaik\Downloads\Richard_Wagner___The_Complete_Operas__FLAC_.torrent
2011-10-30 22:12 - 2011-11-08 18:53 - 0307634 ____A C:\Users\Hotaik\Downloads\bwrepinfow.dat
2011-10-30 20:23 - 2005-03-10 23:30 - 0364544 ____A C:\Users\Hotaik\Downloads\bwrepinfow.exe
2011-10-30 19:38 - 2011-10-30 19:38 - 0000162 ___AH C:\Users\Hotaik\Desktop\~$ading response five.docx
2011-10-30 19:38 - 2011-10-30 19:38 - 0000162 ___AH C:\Users\Hotaik\Desktop\~$ take ourserves as objects and use others.docx
2011-10-30 11:44 - 2011-10-30 11:44 - 0015523 ____A C:\Users\Hotaik\Desktop\Cover Letter - AmniSure.pdf
2011-10-30 10:54 - 2011-10-30 10:54 - 0015062 ____A C:\Users\Hotaik\Desktop\Cover Letter - ISA.pdf
2011-10-29 20:34 - 2011-10-29 20:34 - 0011672 ____A C:\Users\Hotaik\Desktop\We take ourserves as objects and use others.docx
2011-10-29 20:06 - 2011-10-31 00:49 - 0015757 ____A C:\Users\Hotaik\Desktop\Reading response five.docx
2011-10-29 20:06 - 2011-10-30 19:45 - 0012559 ____H C:\Users\Hotaik\Desktop\~WRL2821.tmp
2011-10-29 16:44 - 2011-10-30 11:45 - 0013214 ____A C:\Users\Hotaik\Desktop\Cover Letter - ISA.docx
2011-10-29 16:24 - 2011-10-29 16:24 - 0014624 ____A C:\Users\Hotaik\Downloads\Sung H cover.pdf
2011-10-29 00:37 - 2011-10-29 00:37 - 0000456 ____A C:\Users\Hotaik\Desktop\Media (D) - Shortcut.lnk
2011-10-29 00:37 - 2011-10-29 00:37 - 0000456 ____A C:\Users\Hotaik\Desktop\Media (D) - Shortcut (2).lnk
2011-10-28 22:37 - 2011-10-28 22:37 - 0000809 ____A C:\Users\Hotaik\Desktop\Design and photography - Shortcut.lnk
2011-10-28 22:37 - 2011-10-28 22:36 - 0000683 ____A C:\Users\Hotaik\Desktop\My Music - Shortcut.lnk
2011-10-28 22:15 - 2011-10-28 22:15 - 1261314 ____A C:\Users\Hotaik\Downloads\Serenity20IconPackset11-0.rar
2011-10-28 22:15 - 2011-10-28 22:15 - 0000000 ____D C:\Users\Hotaik\Downloads\Serenity Black
2011-10-28 22:09 - 2011-10-28 22:09 - 0000000 ____D C:\Users\Hotaik\Downloads\ico
2011-10-28 21:31 - 2011-10-28 21:31 - 0000000 ____D C:\Users\Hotaik\Desktop\00 writing
2011-10-27 21:07 - 2011-10-27 21:07 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-10-27 21:06 - 2011-11-08 23:54 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-10-27 21:06 - 2011-11-08 23:11 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-10-27 21:06 - 2011-10-27 21:07 - 0000000 ____D C:\Program Files (x86)\Google
2011-10-27 18:05 - 2011-10-27 18:05 - 0031979 ____A C:\Users\Hotaik\Downloads\AETNA GRANT_cc edits 26 Oct 2011.docx
2011-10-27 11:10 - 2011-10-27 11:10 - 0041538 ____A C:\Users\Hotaik\Desktop\Passport-and-Airplane-Ticket.jpg
2011-10-27 11:03 - 2011-10-27 11:03 - 1502649 ____A C:\Users\Hotaik\Desktop\daa.jpg
2011-10-24 09:44 - 2011-10-24 09:44 - 0001999 ____A C:\Users\Hotaik\Desktop\ICCup Launcher.lnk
2011-10-24 09:44 - 2011-10-24 09:44 - 0000000 ____D C:\Program Files (x86)\ICCup
2011-10-24 09:41 - 2011-11-08 18:14 - 0000000 ____D C:\Users\Hotaik\Desktop\New folder (2)
2011-10-23 23:18 - 2011-10-23 23:18 - 0140797 ____A C:\Users\Hotaik\Desktop\17.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0086263 ____A C:\Users\Hotaik\Desktop\18.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0043943 ____A C:\Users\Hotaik\Desktop\05.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0024195 ____A C:\Users\Hotaik\Desktop\02.jpg
2011-10-23 22:16 - 2011-10-31 11:12 - 0000000 ____D C:\Users\Hotaik\Desktop\2011 misc
2011-10-23 18:09 - 2011-10-23 18:09 - 0013564 ____A C:\Users\Hotaik\Downloads\ZS Associates - 2010 Fall.docx
2011-10-23 15:32 - 2011-10-30 11:44 - 0000000 ____D C:\Users\Hotaik\AppData\Local\CutePDF Writer
2011-10-23 15:28 - 2011-10-23 15:32 - 0064340 ____A C:\Users\Hotaik\Desktop\Hotaik Sung - CV.pdf
2011-10-23 15:21 - 2011-10-23 15:21 - 0011099 ____A C:\Users\Hotaik\Downloads\katz.docx
2011-10-23 15:19 - 2011-10-23 15:19 - 0015903 ____A C:\Users\Hotaik\Downloads\interview.docx
2011-10-23 14:34 - 2011-10-23 14:34 - 0079353 ____A C:\Users\Hotaik\Downloads\Perinatal nurses study new_v2.docx
2011-10-23 00:27 - 2011-10-23 00:27 - 0000000 ____D C:\Program Files (x86)\GPLGS
2011-10-23 00:27 - 2011-10-23 00:27 - 0000000 ____D C:\Program Files (x86)\Acro Software
2011-10-23 00:27 - 2009-11-05 07:40 - 0085504 ____A C:\Windows\System32\cpwmon64.dll
2011-10-22 14:09 - 2011-10-29 19:04 - 0021267 ____A C:\Users\Hotaik\Desktop\resume word (Repaired).docx
2011-10-22 12:25 - 2011-10-22 12:25 - 0000162 ___AH C:\Users\Hotaik\Downloads\~$ants more specific.docx
2011-10-22 12:18 - 2011-10-22 12:18 - 0000162 ___AH C:\Users\Hotaik\Downloads\~$p B Moms_Gilead Grant Summary_submitted.docx
2011-10-22 01:48 - 2011-10-22 01:48 - 22835446 ____A C:\Users\Hotaik\Desktop\4.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 162018242 ____A C:\Users\Hotaik\Desktop\3.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 12175540 ____A C:\Users\Hotaik\Desktop\2.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 0028650 ____A C:\Users\Hotaik\Documents\cc_20111022_024836.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 0004510 ____A C:\Users\Hotaik\Desktop\5.reg
2011-10-22 01:47 - 2011-10-22 01:47 - 47735244 ____A C:\Users\Hotaik\Desktop\1.reg
2011-10-22 01:47 - 2011-10-22 01:47 - 0000000 ____D C:\Program Files\CCleaner
2011-10-20 16:19 - 2011-10-20 16:19 - 0000000 ____D C:\Program Files (x86)\Attribute Changer
2011-10-19 21:35 - 2011-10-19 21:35 - 0009054 ____A C:\Users\Hotaik\Desktop\registry.reg
2011-10-19 16:40 - 2011-10-19 16:40 - 0037376 ____A C:\Users\Hotaik\Desktop\ss.doc
2011-10-19 15:56 - 2011-10-19 16:37 - 0037376 ____A C:\Users\Hotaik\Desktop\studyguide2011fall.doc
2011-10-19 15:16 - 2011-10-19 15:56 - 0033792 ____A C:\Users\Hotaik\Downloads\studyguide2011fall.doc


============ 3 Months Modified Files and Folders =============

2011-11-18 10:40 - 2011-11-18 10:40 - 0000000 ____D C:\FRST
2011-11-18 08:54 - 2009-07-13 20:45 - 0469984 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-09 10:26 - 2011-10-09 23:26 - 0324372 ____A C:\Windows\ntbtlog.txt
2011-11-09 09:39 - 2011-11-09 09:39 - 0000000 ___AH C:\Windows\System32\config\1.reg.LOG
2011-11-09 00:04 - 2011-10-07 20:17 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\uTorrent
2011-11-09 00:04 - 2009-07-13 20:45 - 0012416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-09 00:04 - 2009-07-13 20:45 - 0012416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-09 00:02 - 2011-11-09 00:02 - 0001150 ____A C:\Users\Hotaik\Downloads\wscsvc(64).zip
2011-11-09 00:02 - 2011-01-26 11:11 - 0005256 ____A C:\Users\Hotaik\Downloads\wscsvc.reg
2011-11-08 23:59 - 2011-11-08 23:59 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2011-11-08 23:59 - 2011-11-08 23:23 - 0000000 ____D C:\Users\Hotaik\Downloads\backups
2011-11-08 23:58 - 2009-07-13 21:13 - 0717892 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-08 23:57 - 2011-11-08 23:57 - 0023112 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2011-11-08 23:55 - 2011-11-08 23:55 - 0003608 ____A C:\Users\Hotaik\Downloads\Hitman_Pro_3.5.9_(x64)_[Hyperdrive25].6496995.TPB.torrent
2011-11-08 23:54 - 2011-10-27 21:06 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-11-08 23:54 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-08 23:54 - 2009-07-13 20:51 - 0024133 ____A C:\Windows\setupact.log
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\WORK
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Windows\XSxS
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Hitman Pro Portable MonbJIan
2011-11-08 23:52 - 2011-11-08 23:52 - 0000000 ____D C:\Program Files (x86)\Ashampoo Snap
2011-11-08 23:52 - 2011-10-07 23:15 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\.purple
2011-11-08 23:49 - 2011-11-08 23:49 - 0010965 ____A C:\Users\Hotaik\Downloads\Hitman_Pro_3.5.9_126_Portable.6536291.TPB.torrent
2011-11-08 23:49 - 2011-11-08 23:38 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-08 23:49 - 2011-11-08 23:38 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-08 23:39 - 2011-11-08 23:38 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-08 23:38 - 2011-11-08 23:38 - 0001260 ____A C:\Users\Hotaik\Desktop\Spybot - Search & Destroy.lnk
2011-11-08 23:38 - 2011-11-08 20:05 - 0000000 ____D C:\Program Files (x86)\B26A1
2011-11-08 23:32 - 2011-10-07 23:35 - 0006104 ____A C:\Windows\PFRO.log
2011-11-08 23:32 - 2011-10-07 20:51 - 0000000 ____D C:\Program Files (x86)\SpeedFan
2011-11-08 23:30 - 2011-11-08 23:30 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:30 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-08 23:30 - 2011-11-08 23:29 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-08 23:29 - 2011-11-08 23:29 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\Hotaik\Downloads\mbam-setup.exe
2011-11-08 23:25 - 2011-10-07 20:00 - 0259793 ____A C:\Windows\WindowsUpdate.log
2011-11-08 23:23 - 2011-11-07 20:09 - 0000332 ____A C:\Windows\Tasks\At2.job
2011-11-08 23:22 - 2011-11-08 23:22 - 0388608 ____A (Trend Micro Inc.) C:\Users\Hotaik\Downloads\HijackThis.exe
2011-11-08 23:19 - 2011-10-07 20:09 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-702309957-51003666-891671904-1000UA.job
2011-11-08 23:19 - 2011-10-07 20:09 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-702309957-51003666-891671904-1000Core.job
2011-11-08 23:11 - 2011-10-27 21:06 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-11-08 22:58 - 2011-11-08 22:45 - 0431811 ____A C:\Users\Hotaik\Downloads\6327614879_344b291a59_b.jpg
2011-11-08 22:49 - 2011-11-08 22:48 - 0312747 ____A C:\Users\Hotaik\Downloads\6321039545_a216077a96_b.jpg
2011-11-08 22:41 - 2011-11-08 22:41 - 0570976 ____A C:\Users\Hotaik\Desktop\1.jpg
2011-11-08 22:34 - 2011-11-08 22:27 - 0473136 ____A C:\Users\Hotaik\Desktop\6168961276_02e7f9572c_b.jpg
2011-11-08 22:25 - 2011-11-08 22:25 - 0012363 ____A C:\Users\Hotaik\Downloads\Tommy Sung.docx
2011-11-08 22:12 - 2011-11-08 22:10 - 0360290 ____A C:\Users\Hotaik\Desktop\6145125957_b64a106ac8_b.jpg
2011-11-08 21:11 - 2011-11-08 21:10 - 3593232 ____A C:\Users\Hotaik\Downloads\intern presentaito.pptx
2011-11-08 20:20 - 2011-11-08 20:20 - 0058668 ___SH () C:\ps121v2.exe
2011-11-08 20:20 - 2011-11-07 20:09 - 0000332 ____A C:\Windows\Tasks\At5.job
2011-11-08 20:15 - 2011-11-08 20:15 - 0000000 ____D C:\Windows\system64
2011-11-08 20:15 - 2011-11-07 20:09 - 0000334 ____A C:\Windows\Tasks\At4.job
2011-11-08 20:10 - 2011-11-07 20:09 - 0000330 ____A C:\Windows\Tasks\At3.job
2011-11-08 20:05 - 2011-11-08 20:05 - 0000000 ____D C:\Program Files (x86)\LP
2011-11-08 19:29 - 2011-11-08 19:29 - 0081709 ____A C:\Users\Hotaik\Downloads\re Hotaik Tommy Sung.docx
2011-11-08 19:00 - 2011-11-07 20:09 - 0000332 ____A C:\Windows\Tasks\At1.job
2011-11-08 18:53 - 2011-10-30 22:12 - 0307634 ____A C:\Users\Hotaik\Downloads\bwrepinfow.dat
2011-11-08 18:14 - 2011-10-24 09:41 - 0000000 ____D C:\Users\Hotaik\Desktop\New folder (2)
2011-11-08 08:11 - 2011-11-08 08:11 - 0015608 ____A C:\Users\Hotaik\Desktop\Hotaik Tommy Sung.docx
2011-11-08 08:11 - 2011-11-05 18:30 - 0015537 ____A C:\Users\Hotaik\Documents\Hotaik Tommy Sung.docx
2011-11-07 23:01 - 2011-11-06 19:30 - 0000000 ____D C:\Users\Hotaik\Desktop\temp picture
2011-11-07 22:49 - 2011-11-07 21:41 - 0356209 ____A C:\Users\Hotaik\Desktop\sky.jpg
2011-11-07 21:56 - 2011-11-02 12:55 - 0019515 ____A C:\Users\Hotaik\Desktop\Pit. Met. Spreadsheet - tommy sung nov. 2.xlsx
2011-11-07 20:20 - 2011-11-06 20:32 - 0004126 ____A C:\Windows\KB893803v2.log
2011-11-07 20:18 - 2011-11-07 20:18 - 0001226 ____A C:\Users\Guest\Desktop\Nik Software Silver Efex.lnk
2011-11-07 20:18 - 2011-11-07 20:18 - 0000000 ____D C:\Program Files\Nik Software
2011-11-07 20:18 - 2011-11-07 20:18 - 0000000 ____D C:\Program Files (x86)\Nik Software Silver Efex
2011-11-07 20:17 - 2011-11-07 20:19 - 0003584 ____A C:\Windows\System32\SilverEfexPro2FC32.dll
2011-11-07 20:17 - 2011-11-06 18:46 - 0000000 ____D C:\Program Files (x86)\Alien Skin
2011-11-07 20:17 - 2011-02-21 13:17 - 0004608 ____A C:\Windows\System32\SilverEfexPro2FC64.dll
2011-11-07 20:16 - 2011-11-06 20:39 - 0000000 ____D C:\Program Files\Alien Skin
2011-11-07 20:09 - 2011-11-07 19:47 - 0000000 ____D C:\Users\All Users\Nik Software
2011-11-07 20:09 - 2011-11-07 19:47 - 0000000 ____D C:\ProgramData\Nik Software
2011-11-07 20:09 - 2011-11-06 20:13 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Nik Software
2011-11-07 19:54 - 2011-11-07 19:54 - 6358257 ____A C:\Users\Hotaik\Downloads\reflection_wallpaper_by_xhoop-d4ez7aa.rar
2011-11-07 19:48 - 2011-11-06 20:39 - 0000000 ____D C:\Users\All Users\Alien Skin
2011-11-07 19:48 - 2011-11-06 20:39 - 0000000 ____D C:\ProgramData\Alien Skin
2011-11-07 12:25 - 2011-11-06 19:23 - 0000000 ____D C:\Users\Hotaik\Desktop\2011 - 11 - Mission peak with dad
2011-11-07 10:55 - 2011-11-01 11:20 - 0000000 ____D C:\Program Files (x86)\The KMPlayer
2011-11-07 09:53 - 2011-11-07 09:53 - 0047104 ____A C:\Users\Hotaik\Downloads\ics20fullsyl2011fall.doc
2011-11-07 08:07 - 2011-11-07 08:07 - 0012576 ____A C:\Users\Hotaik\Downloads\??????+E333+111107+MOOBI.mp4.torrent
2011-11-07 00:17 - 2011-11-06 18:44 - 0000818 ____A C:\Users\Public\Desktop\PTGui.lnk
2011-11-07 00:14 - 2011-11-07 10:16 - 0487112 ____A C:\Users\Hotaik\Desktop\skysca.jpg
2011-11-06 22:19 - 2011-11-06 22:19 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\Alien Skin
2011-11-06 22:19 - 2011-11-06 22:19 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Alien Skin
2011-11-06 20:58 - 2011-11-06 18:44 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\PTGui
2011-11-06 20:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2011-11-06 20:39 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-11-06 20:38 - 2011-11-06 20:38 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\Nik Software
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Windows\MSSecurityNS
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Windows\MSSecurityNi
2011-11-06 18:47 - 2011-11-06 18:47 - 0000000 ____D C:\Program Files (x86)\Nik Software
2011-11-06 18:44 - 2011-11-06 18:44 - 0000000 ____D C:\Program Files\PTGui
2011-11-06 13:24 - 2011-11-06 13:24 - 2547712 ____A C:\Users\Hotaik\Downloads\20111014.doc
2011-11-05 23:53 - 2011-10-09 17:11 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Adobe
2011-11-05 23:47 - 2011-10-07 22:35 - 0000000 ____D C:\Users\Hotaik\Desktop\foobar2000
2011-11-05 23:25 - 2011-11-02 09:55 - 0015973 ____A C:\Users\Hotaik\Desktop\Tell me about yourself.docx
2011-11-05 22:54 - 2011-10-07 22:35 - 0000168 ____A C:\Users\All Users\GeorgeYohngVST.ini
2011-11-05 22:54 - 2011-10-07 22:35 - 0000168 ____A C:\ProgramData\GeorgeYohngVST.ini
2011-11-03 23:33 - 2011-11-07 20:41 - 0000000 ____D C:\Users\Hotaik\Downloads\Reflection
2011-11-03 15:06 - 2011-11-03 15:06 - 0014073 ____A C:\Users\Hotaik\Desktop\creative.docx
2011-11-02 22:02 - 2011-11-02 22:01 - 0000000 ____D C:\Users\Hotaik\Downloads\winhex
2011-11-02 21:34 - 2011-11-02 21:33 - 0000000 ____D C:\Users\Hotaik\Documents\FIFA 07
2011-11-02 20:31 - 2011-11-02 10:20 - 0013082 ____A C:\Users\Hotaik\Downloads\2.docx
2011-11-02 20:18 - 2011-11-02 20:18 - 0002020 ____A C:\Users\Public\Desktop\FIFA 07.lnk
2011-11-02 20:18 - 2011-11-02 20:18 - 0000000 ____D C:\Program Files (x86)\EA SPORTS
2011-11-02 20:17 - 2011-11-02 20:17 - 0000544 ____A C:\Windows\DirectX.log
2011-11-02 12:53 - 2011-11-01 19:06 - 0019519 ____A C:\Users\Hotaik\Downloads\spreadsheet - tommy sung.xlsx
2011-11-02 10:20 - 2011-11-02 10:20 - 0015523 ____A C:\Users\Hotaik\Desktop\1.pdf
2011-11-02 07:10 - 2011-11-02 07:09 - 0056320 ____A C:\Users\Hotaik\Downloads\Complete Database 9-15-11 FOR_TOMMY (2).xls
2011-11-02 07:09 - 2011-11-02 07:09 - 0054784 ____A C:\Users\Hotaik\Downloads\Complete Database 9-15-11 FOR_TOMMY (1).xls
2011-11-02 07:08 - 2011-11-02 07:08 - 0054784 ____A C:\Users\Hotaik\Downloads\Complete Database 9-15-11 FOR_TOMMY.xls
2011-11-02 07:06 - 2011-11-02 07:06 - 0016547 ____A C:\Users\Hotaik\Downloads\spreadsheet - tommy sung (1).xlsx
2011-11-01 21:00 - 2011-10-09 20:19 - 0000000 ____D C:\Users\Hotaik\Downloads\wind2
2011-11-01 20:15 - 2011-11-01 20:04 - 0000000 ____D C:\Users\Hotaik\Downloads\Pit met study with katznelson
2011-11-01 20:05 - 2011-11-01 20:05 - 0379732 ____A C:\Users\Hotaik\Downloads\Pituitary-magnetic-resonance-imaging-for-sellar-and-parasellar-masses-Ten-year-experience-in-2598-patients_2011_Journal-of-Clinical-Endocrinology-and-Metabolism.pdf
2011-11-01 19:06 - 2011-11-01 19:06 - 0011099 ____A C:\Users\Hotaik\Downloads\tommy hotaik.docx
2011-11-01 18:05 - 2011-11-01 18:03 - 0004088 ____A C:\shared.log
2011-11-01 18:03 - 2011-11-01 18:03 - 0011122 ____A C:\Users\Hotaik\Documents\cc_20111101_190310.reg
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\Users\All Users\Electronic Arts
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\Users\All Users\EA Core
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\ProgramData\Electronic Arts
2011-11-01 18:03 - 2011-11-01 18:03 - 0000000 ____D C:\ProgramData\EA Core
2011-11-01 11:38 - 2011-11-01 11:38 - 0000762 ____A C:\Users\Hotaik\Desktop\Solive.lnk
2011-11-01 11:38 - 2011-11-01 11:38 - 0000762 ____A C:\Users\Guest\Desktop\Solive.lnk
2011-11-01 11:38 - 2011-11-01 11:38 - 0000000 ____D C:\Program Files (x86)\Solive
2011-11-01 11:37 - 2011-11-01 11:37 - 2887553 ____A C:\Users\Hotaik\Downloads\Solive_1.1.3.0_Setup.exe
2011-11-01 11:20 - 2011-11-01 11:20 - 0001037 ____A C:\Users\Hotaik\Desktop\KMPlayer.lnk
2011-11-01 11:20 - 2011-11-01 11:20 - 0000000 ____D C:\Users\Hotaik\AppData\Local\APN
2011-11-01 11:20 - 2011-11-01 11:19 - 17795728 ____A C:\Users\Hotaik\Desktop\KMPlayer_EN_3.0.0.1442.exe
2011-11-01 11:20 - 2011-10-07 20:00 - 0000000 ____D C:\Users\Hotaik\AppData\LocalLow
2011-11-01 11:19 - 2011-11-01 11:18 - 0300416 ____A C:\Users\Hotaik\Downloads\SoftonicDownloader_for_kmplayer.exe
2011-11-01 09:47 - 2011-11-01 09:47 - 0031258 ____A C:\Users\Hotaik\Downloads\rS8njTDy9FSA6P1.torrent
2011-11-01 09:46 - 2011-11-01 09:46 - 0031258 ____A C:\Users\Hotaik\Downloads\PtbVUIfmyQwtX98.torrent
2011-11-01 09:45 - 2011-11-01 09:44 - 0070610 ____A C:\Users\Hotaik\Downloads\h877rGzEqH.torrent
2011-10-31 11:12 - 2011-10-23 22:16 - 0000000 ____D C:\Users\Hotaik\Desktop\2011 misc
2011-10-31 10:50 - 2011-10-31 10:50 - 0022630 ____A C:\Users\Hotaik\Downloads\Mahler_The_Complete_Symphonies_Solti_FLAC.torrent
2011-10-31 10:49 - 2011-10-31 10:49 - 0093205 ____A C:\Users\Hotaik\Downloads\Richard_Wagner___The_Complete_Operas__FLAC_.torrent
2011-10-31 00:49 - 2011-10-29 20:06 - 0015757 ____A C:\Users\Hotaik\Desktop\Reading response five.docx
2011-10-30 19:45 - 2011-10-29 20:06 - 0012559 ____H C:\Users\Hotaik\Desktop\~WRL2821.tmp
2011-10-30 19:38 - 2011-10-30 19:38 - 0000162 ___AH C:\Users\Hotaik\Desktop\~$ading response five.docx
2011-10-30 19:38 - 2011-10-30 19:38 - 0000162 ___AH C:\Users\Hotaik\Desktop\~$ take ourserves as objects and use others.docx
2011-10-30 17:19 - 2011-10-07 20:10 - 0002398 ____A C:\Users\Hotaik\Desktop\Google Chrome.lnk
2011-10-30 11:45 - 2011-10-29 16:44 - 0013214 ____A C:\Users\Hotaik\Desktop\Cover Letter - ISA.docx
2011-10-30 11:44 - 2011-10-30 11:44 - 0015523 ____A C:\Users\Hotaik\Desktop\Cover Letter - AmniSure.pdf
2011-10-30 11:44 - 2011-10-23 15:32 - 0000000 ____D C:\Users\Hotaik\AppData\Local\CutePDF Writer
2011-10-30 10:54 - 2011-10-30 10:54 - 0015062 ____A C:\Users\Hotaik\Desktop\Cover Letter - ISA.pdf
2011-10-29 20:34 - 2011-10-29 20:34 - 0011672 ____A C:\Users\Hotaik\Desktop\We take ourserves as objects and use others.docx
2011-10-29 19:04 - 2011-10-22 14:09 - 0021267 ____A C:\Users\Hotaik\Desktop\resume word (Repaired).docx
2011-10-29 16:24 - 2011-10-29 16:24 - 0014624 ____A C:\Users\Hotaik\Downloads\Sung H cover.pdf
2011-10-29 00:37 - 2011-10-29 00:37 - 0000456 ____A C:\Users\Hotaik\Desktop\Media (D) - Shortcut.lnk
2011-10-29 00:37 - 2011-10-29 00:37 - 0000456 ____A C:\Users\Hotaik\Desktop\Media (D) - Shortcut (2).lnk
2011-10-28 23:57 - 2011-10-17 17:02 - 0000000 ____D C:\Users\Hotaik\Downloads\wind 5
2011-10-28 22:37 - 2011-10-28 22:37 - 0000809 ____A C:\Users\Hotaik\Desktop\Design and photography - Shortcut.lnk
2011-10-28 22:36 - 2011-10-28 22:37 - 0000683 ____A C:\Users\Hotaik\Desktop\My Music - Shortcut.lnk
2011-10-28 22:15 - 2011-10-28 22:15 - 1261314 ____A C:\Users\Hotaik\Downloads\Serenity20IconPackset11-0.rar
2011-10-28 22:15 - 2011-10-28 22:15 - 0000000 ____D C:\Users\Hotaik\Downloads\Serenity Black
2011-10-28 22:09 - 2011-10-28 22:09 - 0000000 ____D C:\Users\Hotaik\Downloads\ico
2011-10-28 21:31 - 2011-10-28 21:31 - 0000000 ____D C:\Users\Hotaik\Desktop\00 writing
2011-10-28 18:14 - 2009-07-13 21:08 - 0032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-27 21:07 - 2011-10-27 21:07 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-10-27 21:07 - 2011-10-27 21:06 - 0000000 ____D C:\Program Files (x86)\Google
2011-10-27 21:07 - 2011-10-07 20:09 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Google
2011-10-27 18:05 - 2011-10-27 18:05 - 0031979 ____A C:\Users\Hotaik\Downloads\AETNA GRANT_cc edits 26 Oct 2011.docx
2011-10-27 11:10 - 2011-10-27 11:10 - 0041538 ____A C:\Users\Hotaik\Desktop\Passport-and-Airplane-Ticket.jpg
2011-10-27 11:10 - 2011-10-17 20:51 - 0001456 ____A C:\Users\Hotaik\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-10-27 11:03 - 2011-10-27 11:03 - 1502649 ____A C:\Users\Hotaik\Desktop\daa.jpg
2011-10-25 00:31 - 2011-10-08 09:31 - 0000000 ____D C:\Users\Hotaik\Downloads\Wind
2011-10-24 09:44 - 2011-10-24 09:44 - 0001999 ____A C:\Users\Hotaik\Desktop\ICCup Launcher.lnk
2011-10-24 09:44 - 2011-10-24 09:44 - 0000000 ____D C:\Program Files (x86)\ICCup
2011-10-23 23:18 - 2011-10-23 23:18 - 0140797 ____A C:\Users\Hotaik\Desktop\17.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0086263 ____A C:\Users\Hotaik\Desktop\18.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0043943 ____A C:\Users\Hotaik\Desktop\05.jpg
2011-10-23 23:18 - 2011-10-23 23:18 - 0024195 ____A C:\Users\Hotaik\Desktop\02.jpg
2011-10-23 18:09 - 2011-10-23 18:09 - 0013564 ____A C:\Users\Hotaik\Downloads\ZS Associates - 2010 Fall.docx
2011-10-23 15:32 - 2011-10-23 15:28 - 0064340 ____A C:\Users\Hotaik\Desktop\Hotaik Sung - CV.pdf
2011-10-23 15:21 - 2011-10-23 15:21 - 0011099 ____A C:\Users\Hotaik\Downloads\katz.docx
2011-10-23 15:19 - 2011-10-23 15:19 - 0015903 ____A C:\Users\Hotaik\Downloads\interview.docx
2011-10-23 14:34 - 2011-10-23 14:34 - 0079353 ____A C:\Users\Hotaik\Downloads\Perinatal nurses study new_v2.docx
2011-10-23 00:27 - 2011-10-23 00:27 - 0000000 ____D C:\Program Files (x86)\GPLGS
2011-10-23 00:27 - 2011-10-23 00:27 - 0000000 ____D C:\Program Files (x86)\Acro Software
2011-10-22 22:35 - 2011-10-10 08:37 - 0016916 ____A C:\Users\Hotaik\Desktop\Affect yes usage of brain.docx
2011-10-22 21:05 - 2011-10-10 08:37 - 0015723 ____H C:\Users\Hotaik\Desktop\~WRL0004.tmp
2011-10-22 20:14 - 2011-10-09 20:21 - 0000000 ____D C:\Users\Hotaik\Downloads\big
2011-10-22 12:49 - 2011-10-10 08:37 - 0015293 ____H C:\Users\Hotaik\Desktop\~WRL3894.tmp
2011-10-22 12:25 - 2011-10-22 12:25 - 0000162 ___AH C:\Users\Hotaik\Downloads\~$ants more specific.docx
2011-10-22 12:18 - 2011-10-22 12:18 - 0000162 ___AH C:\Users\Hotaik\Downloads\~$p B Moms_Gilead Grant Summary_submitted.docx
2011-10-22 01:48 - 2011-11-09 09:02 - 22835446 ____A C:\Windows\System32\config\4.reg
2011-10-22 01:48 - 2011-11-09 09:02 - 162018242 ____A C:\Windows\System32\config\3.reg
2011-10-22 01:48 - 2011-11-09 09:02 - 12175540 ____A C:\Windows\System32\config\2.reg
2011-10-22 01:48 - 2011-11-09 09:02 - 0004510 ____A C:\Windows\System32\config\5.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 22835446 ____A C:\Users\Hotaik\Desktop\4.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 162018242 ____A C:\Users\Hotaik\Desktop\3.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 12175540 ____A C:\Users\Hotaik\Desktop\2.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 0028650 ____A C:\Users\Hotaik\Documents\cc_20111022_024836.reg
2011-10-22 01:48 - 2011-10-22 01:48 - 0004510 ____A C:\Users\Hotaik\Desktop\5.reg
2011-10-22 01:47 - 2011-11-09 09:02 - 47735244 ____A C:\Windows\System32\config\1.reg
2011-10-22 01:47 - 2011-10-22 01:47 - 47735244 ____A C:\Users\Hotaik\Desktop\1.reg
2011-10-22 01:47 - 2011-10-22 01:47 - 0000000 ____D C:\Program Files\CCleaner
2011-10-20 16:19 - 2011-10-20 16:19 - 0000000 ____D C:\Program Files (x86)\Attribute Changer
2011-10-19 21:35 - 2011-10-19 21:35 - 0009054 ____A C:\Users\Hotaik\Desktop\registry.reg
2011-10-19 16:40 - 2011-10-19 16:40 - 0037376 ____A C:\Users\Hotaik\Desktop\ss.doc
2011-10-19 16:37 - 2011-10-19 15:56 - 0037376 ____A C:\Users\Hotaik\Desktop\studyguide2011fall.doc
2011-10-19 15:56 - 2011-10-19 15:16 - 0033792 ____A C:\Users\Hotaik\Downloads\studyguide2011fall.doc
2011-10-18 21:16 - 2011-10-15 11:26 - 0000000 ____D C:\Program Files\Adobe
2011-10-18 21:13 - 2011-10-09 17:11 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-10-18 21:00 - 2011-10-15 11:35 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-10-18 21:00 - 2011-10-09 17:11 - 0000000 ____D C:\Users\All Users\Adobe
2011-10-18 21:00 - 2011-10-09 17:11 - 0000000 ____D C:\ProgramData\Adobe
2011-10-18 20:52 - 2011-10-07 20:18 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\Adobe
2011-10-18 10:23 - 2011-10-18 10:23 - 2787974 ____A C:\Users\Hotaik\Desktop\receipt.pdf
2011-10-17 20:51 - 2011-10-17 20:47 - 0342238 ____A C:\Users\Hotaik\Desktop\receipt.jpg
2011-10-17 17:49 - 2011-10-14 20:14 - 0000000 ____D C:\Users\Hotaik\Downloads\wind4
2011-10-17 17:11 - 2011-10-17 17:11 - 0000000 ____D C:\Users\Hotaik\Downloads\CuBe'D WaLL
2011-10-16 12:00 - 2011-10-16 12:00 - 0012356 ____A C:\Users\Hotaik\Desktop\notes.docx
2011-10-15 11:36 - 2011-10-15 11:36 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2011-10-15 11:36 - 2011-10-15 11:36 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2011-10-15 11:34 - 2011-10-15 11:34 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-10-15 11:34 - 2011-10-15 11:34 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-10-15 11:27 - 2011-10-07 20:09 - 0109424 ____A C:\Users\Hotaik\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-14 23:31 - 2011-10-14 23:31 - 0000000 ____D C:\Program Files (x86)\Resource Hacker
2011-10-14 23:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-10-14 22:58 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2011-10-14 20:31 - 2011-10-14 18:29 - 0000000 ____D C:\Users\Hotaik\Downloads\wind3
2011-10-14 20:08 - 2011-10-14 20:08 - 0000676 ____A C:\Users\Hotaik\Desktop\RealTemp.lnk
2011-10-13 20:37 - 2011-10-13 20:37 - 0063838 ____A C:\Users\Hotaik\Downloads\Sung H Resume.pdf
2011-10-11 14:24 - 2011-10-10 08:37 - 0012063 ____H C:\Users\Hotaik\Desktop\~WRL2986.tmp
2011-10-11 02:53 - 2011-10-11 02:53 - 0001134 ____A C:\Users\Hotaik\Desktop\Daum ????? (?? ??).lnk
2011-10-11 02:53 - 2011-10-11 02:53 - 0001134 ____A C:\Users\Guest\Desktop\Daum ????? (?? ??).lnk
2011-10-11 02:53 - 2011-10-11 02:53 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\PotPlayer
2011-10-11 02:53 - 2011-10-11 02:53 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Daum
2011-10-11 02:53 - 2011-10-11 02:53 - 0000000 ____D C:\Program Files (x86)\DAUM
2011-10-10 18:19 - 2011-10-10 18:19 - 0002078 ____A C:\Users\Public\Desktop\SSDlife Free.lnk
2011-10-10 18:19 - 2011-10-10 18:19 - 0000000 ____D C:\Users\All Users\Binarysense
2011-10-10 18:19 - 2011-10-10 18:19 - 0000000 ____D C:\ProgramData\Binarysense
2011-10-10 18:19 - 2011-10-10 18:19 - 0000000 ____D C:\Program Files (x86)\BinarySense
2011-10-10 08:37 - 2011-10-10 08:37 - 0000162 ___AH C:\Users\Hotaik\Desktop\~$fect yes usage of brain.docx
2011-10-09 23:24 - 2011-10-09 23:06 - 0000000 ____D C:\Windows\pss
2011-10-09 20:26 - 2011-10-09 20:26 - 0000000 ____D C:\Users\Hotaik\Downloads\Alluminate Wood Pack
2011-10-09 20:00 - 2011-10-09 20:00 - 0000000 ____D C:\Users\Hotaik\Documents\OneNote Notebooks
2011-10-09 17:12 - 2011-10-09 17:12 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-10-09 16:08 - 2011-10-09 16:08 - 0000000 ____D C:\Users\Hotaik\Documents\Amendments
2011-10-09 15:40 - 2011-10-09 15:40 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-09 15:40 - 2011-10-09 15:40 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-10-09 15:40 - 2011-10-09 15:40 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-09 15:01 - 2011-10-09 15:01 - 0730638 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-10-09 14:59 - 2011-10-09 14:59 - 0000000 ____D C:\Program Files (x86)\PowerISO
2011-10-09 14:59 - 2011-10-09 14:57 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-10-09 14:59 - 2011-10-09 14:57 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-10-09 14:58 - 2011-10-09 14:58 - 0000000 ____D C:\Windows\PCHEALTH
2011-10-09 14:58 - 2011-10-09 14:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2011-10-09 14:58 - 2011-10-09 14:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2011-10-09 14:58 - 2011-10-09 14:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-10-09 14:58 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2011-10-09 14:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2011-10-09 14:57 - 2011-10-09 14:57 - 0000000 __RHD C:\MSOCache
2011-10-09 14:57 - 2011-10-09 14:57 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Microsoft Help
2011-10-09 14:57 - 2011-10-09 14:57 - 0000000 ____D C:\Program Files\Microsoft Office
2011-10-09 14:57 - 2011-10-09 14:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2011-10-09 14:57 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2011-10-09 14:42 - 2011-10-07 21:27 - 0058144 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-09 14:42 - 2011-10-07 21:27 - 0000000 ____D C:\Users\Guest\AppData\Local\Deployment
2011-10-09 10:25 - 2011-10-09 10:25 - 0001123 ____A C:\Users\Public\Desktop\GOM Player.lnk
2011-10-09 10:25 - 2011-10-09 10:25 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\GRETECH
2011-10-09 10:25 - 2011-10-09 10:25 - 0000000 ____D C:\Program Files (x86)\GRETECH
2011-10-08 10:15 - 2011-10-08 10:15 - 0000000 ____D C:\Users\Hotaik\Documents\bwchart
2011-10-08 00:20 - 2011-10-08 00:20 - 0000000 ____D C:\Windows\W7SBC
2011-10-07 23:13 - 2011-10-07 23:13 - 0000000 ____D C:\Program Files (x86)\Pidgin
2011-10-07 22:41 - 2011-10-07 22:41 - 0000000 ____D C:\Users\Hotaik\Desktop\wall
2011-10-07 22:36 - 2011-10-07 22:36 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2011-10-07 22:35 - 2011-10-07 22:35 - 0415759 ____A C:\Users\Hotaik\Downloads\ASIO4ALL_2_10_English.exe
2011-10-07 22:04 - 2011-10-07 22:04 - 0000000 ____D C:\Program Files (x86)\Intel
2011-10-07 21:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Registration
2011-10-07 21:34 - 2011-10-07 21:34 - 0001543 ____A C:\Users\Guest\Desktop\iexplore.lnk
2011-10-07 21:27 - 2011-10-07 21:27 - 0000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0
2011-10-07 21:27 - 2011-10-07 21:15 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2011-10-07 21:15 - 2011-10-07 21:15 - 0000174 ___SH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2011-10-07 21:15 - 2011-10-07 21:15 - 0000174 ___SH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-10-07 21:15 - 2011-10-07 21:15 - 0000020 ___SH C:\Users\Guest\ntuser.ini
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Templates
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Start Menu
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\PrintHood
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\NetHood
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\My Documents
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2011-10-07 21:15 - 2011-10-07 21:15 - 0000000 ____D C:\users\Guest
2011-10-07 21:15 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2011-10-07 20:51 - 2011-10-07 20:51 - 0001003 ____A C:\Users\Hotaik\Desktop\SpeedFan.lnk
2011-10-07 20:51 - 2011-10-07 20:51 - 0000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2011-10-07 20:50 - 2011-10-07 20:50 - 0000000 ____D C:\Users\Hotaik\Desktop\New folder
2011-10-07 20:48 - 2011-10-07 20:48 - 0000000 ____D C:\Program Files\CPUID
2011-10-07 20:36 - 2011-10-07 20:36 - 0008192 _RASH C:\BOOTSECT.BAK
2011-10-07 20:36 - 2009-07-13 21:38 - 0025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2011-10-07 20:36 - 2009-07-13 21:32 - 0028672 ____A C:\Windows\System32\config\BCD-Template
2011-10-07 20:35 - 2011-10-07 20:35 - 0000000 ___AH C:\Users\Hotaik\Documents\Default.rdp
2011-10-07 20:22 - 2011-10-07 20:22 - 0000000 ____D C:\Program Files\7-Zip
2011-10-07 20:18 - 2011-10-07 20:18 - 0000000 ____D C:\Users\Hotaik\AppData\Roaming\Macromedia
2011-10-07 20:17 - 2011-10-07 20:17 - 0000000 ____D C:\Users\Hotaik\AppData\Local\uTorrent
2011-10-07 20:17 - 2011-10-07 20:17 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-10-07 20:12 - 2011-10-07 20:12 - 0000017 ____A C:\Users\Hotaik\AppData\Local\resmon.resmoncfg
2011-10-07 20:09 - 2011-10-07 20:09 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Deployment
2011-10-07 20:09 - 2011-10-07 20:09 - 0000000 ____D C:\Users\Hotaik\AppData\Local\Apps\2.0
2011-10-07 20:00 - 2011-10-07 20:00 - 0000174 ___SH C:\Users\Hotaik\Start Menu\Programs\Startup\desktop.ini
2011-10-07 20:00 - 2011-10-07 20:00 - 0000174 ___SH C:\Users\Hotaik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-10-07 20:00 - 2011-10-07 20:00 - 0000020 ___SH C:\Users\Hotaik\ntuser.ini
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\Templates
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\Start Menu
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\PrintHood
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\NetHood
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\My Documents
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\Documents\My Videos
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\Documents\My Pictures
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\Documents\My Music
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\AppData\Local\Temporary Internet Files
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 __SHD C:\Users\Hotaik\AppData\Local\History
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 ____D C:\Users\Hotaik\AppData\Local\VirtualStore
2011-10-07 20:00 - 2011-10-07 20:00 - 0000000 ____D C:\users\Hotaik
2011-10-07 19:59 - 2011-10-07 20:36 - 0000000 ____D C:\Windows\Panther
2011-10-07 19:59 - 2011-10-07 19:59 - 0000000 __SHD C:\Recovery
2011-10-07 19:59 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-10-07 19:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-10-07 19:56 - 2009-07-13 21:01 - 0042049 ____A C:\Windows\SysWOW64\license.rtf
2011-10-07 19:56 - 2009-07-13 21:01 - 0042049 ____A C:\Windows\System32\license.rtf
2011-10-07 19:55 - 2011-10-07 19:55 - 0001313 ____A C:\Windows\TSSysprep.log
2011-10-07 19:55 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\CSC
2011-10-07 19:55 - 2009-07-13 20:46 - 0001774 ____A C:\Windows\DtcInstall.log
2011-10-07 19:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2011-10-07 19:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-09-28 14:39 - 2011-11-06 20:19 - 0003584 ____A C:\Users\Hotaik\Desktop\ColorEfexPro4FC32.dll
2011-09-28 14:39 - 2011-11-06 20:13 - 0004608 ____A C:\Windows\SysWOW64\ColorEfexPro4FC64.dll
2011-09-27 22:27 - 2011-10-09 17:09 - 3578397 ____A C:\Users\Hotaik\Desktop\Gendered Lives- Communication, Gender and Culture 9th - Wood.pdf
2011-09-22 08:31 - 2011-09-22 08:31 - 0354816 ____A C:\Windows\System32\ColorEfexPro4FC64.dll
2011-09-22 08:31 - 2011-09-22 08:31 - 0326144 ____A C:\Windows\SysWOW64\ColorEfexPro4FC32.dll
2011-09-22 08:30 - 2011-09-22 08:30 - 0066560 ____A (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2011-08-31 17:00 - 2011-11-08 23:29 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4013.18 MB
Available physical RAM: 3477.2 MB
Total Pagefile: 4011.33 MB
Available Pagefile: 3462.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (System) (Fixed) (Total:149.05 GB) (Free:117.8 GB) NTFS ==>[Boot] ==>[OS]
2 Drive d: () (Fixed) (Total:71.25 GB) (Free:5.24 GB) NTFS ==>[OS]
3 Drive e: (OTLPE) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB

Partition 1
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C System NTFS Partition 149 GB Healthy

==========================================================

Last Boot: 2011-10-07 19:54

======================= End Of Log ==========================
  • 0

#4
azarl
Posted 18 November 2011 - 05:35 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
On a clean machine...

»Firstly..«
I need you to download a new copy of Farbar Recovery Scan Tool x64 and save it to your USB drive.

»Next ...«

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt 

Start
SubSystems: [Windows] ==> ZeroAccess
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Plug the flashdrive into the infected PC.

Booting your PC to Command Promp
  • Restart your PC, press and hold the F8 key as it restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
  • On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter.
  • Select a keyboard layout, and then click Next.
  • On the System Recovery Options menu, click on Command Prompt

Posted Image

Running FRST
  • In the command window type in "notepad" and press the Enter key.The notepad should open.
  • Under File menu select "Open".
  • Select "Computer" and locate your flash drive. Make a note of the drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive (from step 3 above).
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Check if the machine will boot normally now please. If it does close it down until we complete the next phase
  • 0

#5
azarl
Posted 23 November 2011 - 04:54 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP