Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran Hitman Pro, Now I can't boot up my OS

Started by Grarg , Nov 20 2011 07:50 PM

  • Please log in to reply

#1
Grarg
Posted 20 November 2011 - 07:50 PM

Grarg

    New Member

  • Member
  • Pip
  • 2 posts
So I had a spyware issue and ran Hitman Pro, which replaced a file called MasterBoot or something. I didn't think too much of it at first but after restarting, my OS wouldn't boot. I tried repairing and messing around with various boot alternatives but nothing worked.

My windows OS is Windows 7.
I came across this: http://www.geekstogo...ow-wont-reboot/
which seemed like it was a workable alternative.
I followed all the instructions on the first page and got this the OTL log file, which is attached below for your convenience. Can you help me repair the necessary files that Hitman Pro deleted?

Thanks a bunch.

OTL logfile created on: 11/20/2011 8:42:47 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 6090 6090 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 100.10 Gb Total Space | 5.18 Gb Free Space | 5.18% Space Free | Partition Type: NTFS
Drive E: | 350.33 Gb Total Space | 157.75 Gb Free Space | 45.03% Space Free | Partition Type: NTFS
Drive F: | 15.13 Gb Total Space | 9.33 Gb Free Space | 61.68% Space Free | Partition Type: NTFS
Drive X: | 1.87 Gb Total Space | 1.53 Gb Free Space | 82.16% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/11/20 12:00:32 | 007,514,432 | ---- | M] (SurfRight B.V.) [Auto] -- D:\Users\764DHP101710\Desktop\HitmanPro35_x64.exe -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Auto] -- D:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/05/03 16:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/05/03 16:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/06/08 12:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 00:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/20 12:01:27 | 000,025,160 | ---- | M] () [Kernel | Disabled] -- D:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2011/06/03 12:34:12 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 22:53:17 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/12 02:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 02:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/02 10:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 20:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/21 19:22:12 | 000,659,968 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/03/02 13:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- D:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 13:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- D:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2008/12/30 23:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\764DHP101710_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\764DHP101710_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\764DHP101710_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\764DHP101710_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 49 DF 35 3B 6E CB 01 [binary data]
IE - HKU\764DHP101710_ON_D\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\764DHP101710_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Guest_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Guest_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Guest_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 26 C0 BF AE 22 CC 01 [binary data]
IE - HKU\Guest_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: D:\Users\764DHP101710\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: D:\Users\764DHP101710\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\764DHP101710\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\764DHP101710\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/09 01:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 19:31:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/15 20:23:43 | 000,000,000 | ---D | M]

[2010/10/17 16:25:50 | 000,000,000 | ---D | M] (No name found) -- D:\Users\764DHP101710\AppData\Roaming\Mozilla\Extensions
[2011/09/27 10:16:32 | 000,000,000 | ---D | M] (No name found) -- D:\Users\764DHP101710\AppData\Roaming\Mozilla\Firefox\Profiles\7gh2d9z8.default\extensions
[2011/07/31 11:05:44 | 000,000,000 | ---D | M] (Trillian Toolbar) -- D:\Users\764DHP101710\AppData\Roaming\Mozilla\Firefox\Profiles\7gh2d9z8.default\extensions\[email protected]
[2011/06/04 06:34:52 | 000,002,568 | ---- | M] () -- D:\Users\764DHP101710\AppData\Roaming\Mozilla\Firefox\Profiles\7gh2d9z8.default\searchplugins\askcom.xml
[2011/11/10 19:31:16 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/11/10 19:31:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/14 04:27:15 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 19:31:08 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - D:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - D:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\764DHP101710_ON_D\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Guest_ON_D\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] D:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Dell Webcam Central] D:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] D:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartNowToolbarHelper] File not found
O4 - HKU\764DHP101710_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\764DHP101710_ON_D..\Run: [l4ECxkCQuxvUCT] File not found
O4 - HKU\764DHP101710_ON_D..\Run: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\764DHP101710_ON_D..\Run: [Xvid] D:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Guest_ON_D..\RunOnce: [FlashPlayerUpdate] D:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: D:\Users\764DHP101710\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1KG_SU.LNK ()
O4 - Startup: D:\Users\764DHP101710\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - 764DHP101710_ON_D\..Trusted Domains: db.com ([autobahnfo-us] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.103.1.1 128.103.201.100 128.103.200.101
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{561d05ff-892b-11e0-9c71-f04da24ec8ff}\Shell - "" = AutoRun
O33 - MountPoints2\{561d05ff-892b-11e0-9c71-f04da24ec8ff}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{561d06c4-892b-11e0-9c71-f04da24ec8ff}\Shell - "" = AutoRun
O33 - MountPoints2\{561d06c4-892b-11e0-9c71-f04da24ec8ff}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{cf5a06f4-dbfe-11df-9c5f-f04da24ec8ff}\Shell - "" = AutoRun
O33 - MountPoints2\{cf5a06f4-dbfe-11df-9c5f-f04da24ec8ff}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{cf5a0916-dbfe-11df-9c5f-f04da24ec8ff}\Shell - "" = AutoRun
O33 - MountPoints2\{cf5a0916-dbfe-11df-9c5f-f04da24ec8ff}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{df4ec3ce-23e3-11e0-a7f4-f04da24ec8ff}\Shell - "" = AutoRun
O33 - MountPoints2\{df4ec3ce-23e3-11e0-a7f4-f04da24ec8ff}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 12:14:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- D:\Windows\System32\bootdelete.exe
[2011/11/20 12:01:27 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/11/20 12:01:27 | 000,000,000 | ---D | C] -- D:\Program Files\Hitman Pro 3.5
[2011/11/20 12:01:08 | 000,000,000 | ---D | C] -- D:\ProgramData\Hitman Pro
[2011/11/20 12:00:15 | 007,514,432 | ---- | C] (SurfRight B.V.) -- D:\Users\764DHP101710\Desktop\HitmanPro35_x64.exe
[2011/11/19 23:22:47 | 000,000,000 | ---D | C] -- D:\Users\764DHP101710\Desktop\166
[2011/11/16 13:42:54 | 000,000,000 | ---D | C] -- D:\Users\764DHP101710\Desktop\fire cell automa matlab 2
[2011/11/15 17:16:14 | 000,000,000 | ---D | C] -- D:\Users\764DHP101710\Desktop\TEMP
[2011/11/15 12:04:49 | 000,000,000 | ---D | C] -- D:\Windows\System32\Macromed
[2011/11/11 09:32:25 | 000,000,000 | ---D | C] -- D:\Users\764DHP101710\AppData\Roaming\Malwarebytes
[2011/11/11 09:32:12 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 09:32:12 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2011/11/11 09:32:08 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/10 19:56:01 | 000,000,000 | ---D | C] -- D:\Windows\Sun
[2011/11/10 19:32:32 | 000,000,000 | ---D | C] -- D:\Users\764DHP101710\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/10 19:31:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\LP
[2011/11/10 19:24:55 | 000,000,000 | ---D | C] -- D:\Users\764DHP101710\AppData\Roaming\CD486
[2011/11/10 19:24:50 | 000,000,000 | ---D | C] -- D:\Windows\system64
[2011/11/10 19:24:32 | 000,000,000 | ---D | C] -- D:\Users\764DHP101710\AppData\Roaming\E0ECD
[2011/11/09 13:55:30 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/09 13:55:26 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2011/11/09 13:55:26 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/22 19:26:35 | 000,000,000 | ---D | C] -- D:\Users\764DHP101710\AppData\Roaming\Ubisoft
[2011/10/22 19:23:51 | 000,000,000 | ---D | C] -- D:\ProgramData\Ubisoft
[2011/10/22 19:21:01 | 000,411,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_10.dll
[2011/10/22 19:21:01 | 000,267,272 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\xactengine2_10.dll
[2011/10/22 19:20:59 | 002,006,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_36.dll
[2011/10/22 19:20:59 | 001,374,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\D3DCompiler_36.dll
[2011/10/22 19:20:59 | 000,508,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_36.dll
[2011/10/22 19:20:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3dx10_36.dll
[2011/10/22 19:20:54 | 005,081,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_36.dll
[2011/10/22 19:20:54 | 003,734,536 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3dx9_36.dll
[2011/10/22 19:20:53 | 000,411,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_9.dll
[2011/10/22 19:20:53 | 000,267,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\xactengine2_9.dll
[2011/10/22 19:20:51 | 001,985,904 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_35.dll
[2011/10/22 19:20:51 | 001,358,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\D3DCompiler_35.dll
[2011/10/22 19:20:51 | 000,508,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_35.dll
[2011/10/22 19:20:51 | 000,444,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3dx10_35.dll
[2011/10/22 19:20:47 | 005,073,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_35.dll
[2011/10/22 19:20:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3dx9_35.dll
[2011/10/22 19:20:45 | 000,021,000 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\X3DAudio1_2.dll
[2011/10/22 19:20:45 | 000,017,928 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\X3DAudio1_2.dll
[2011/10/22 18:20:47 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/10/22 18:20:46 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Xvid

========== Files - Modified Within 30 Days ==========

[2011/11/20 18:51:26 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011/11/20 12:14:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- D:\Windows\System32\bootdelete.exe
[2011/11/20 12:14:13 | 000,002,602 | ---- | M] () -- D:\Windows\System32\.crusader
[2011/11/20 12:14:03 | 000,000,140 | ---- | M] () -- D:\Windows\System32\bootdelete.lst
[2011/11/20 12:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At27.job
[2011/11/20 12:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At26.job
[2011/11/20 12:01:27 | 000,025,160 | ---- | M] () -- D:\Windows\System32\drivers\hitmanpro35.sys
[2011/11/20 12:01:27 | 000,001,974 | ---- | M] () -- D:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/11/20 12:01:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/11/20 12:00:32 | 007,514,432 | ---- | M] (SurfRight B.V.) -- D:\Users\764DHP101710\Desktop\HitmanPro35_x64.exe
[2011/11/20 11:46:29 | 000,000,936 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3316240147-1334159981-11186353-1001UA.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At25.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At23.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At21.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At19.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At17.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At15.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At24.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At22.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At20.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At18.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At16.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At14.job
[2011/11/20 05:06:01 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At13.job
[2011/11/20 05:06:01 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At12.job
[2011/11/20 04:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At11.job
[2011/11/20 04:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At10.job
[2011/11/20 03:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At9.job
[2011/11/20 03:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At8.job
[2011/11/20 02:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At7.job
[2011/11/20 02:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At6.job
[2011/11/20 01:06:01 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At5.job
[2011/11/20 01:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At4.job
[2011/11/20 00:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At3.job
[2011/11/20 00:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At2.job
[2011/11/19 23:38:14 | 000,007,600 | ---- | M] () -- D:\Users\764DHP101710\AppData\Local\Resmon.ResmonCfg
[2011/11/19 23:06:01 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At49.job
[2011/11/19 23:06:01 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At48.job
[2011/11/19 22:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At47.job
[2011/11/19 22:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At46.job
[2011/11/19 21:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At45.job
[2011/11/19 21:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At44.job
[2011/11/19 20:46:02 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3316240147-1334159981-11186353-1001Core.job
[2011/11/19 20:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At43.job
[2011/11/19 20:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At42.job
[2011/11/19 19:49:52 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At41.job
[2011/11/19 19:49:52 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At39.job
[2011/11/19 19:49:52 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At40.job
[2011/11/19 19:49:52 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At38.job
[2011/11/19 17:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At37.job
[2011/11/19 17:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At36.job
[2011/11/19 16:06:01 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At35.job
[2011/11/19 16:06:01 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At34.job
[2011/11/19 15:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At33.job
[2011/11/19 15:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At32.job
[2011/11/19 14:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At31.job
[2011/11/19 14:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At30.job
[2011/11/19 14:03:59 | 000,019,520 | ---- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 14:03:59 | 000,019,520 | ---- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 13:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\At29.job
[2011/11/19 13:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\tasks\At28.job
[2011/11/18 14:31:19 | 3193,196,544 | -HS- | M] () -- D:\hiberfil.sys
[2011/11/17 16:51:47 | 000,620,312 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2011/11/17 16:51:47 | 000,110,500 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2011/11/17 14:17:46 | 002,538,782 | R--- | M] () -- D:\Users\764DHP101710\Desktop\SSRN-id1115805-1.pdf
[2011/11/15 16:15:35 | 000,000,000 | ---- | M] () -- D:\ProgramData\wQv7SF.dat
[2011/11/15 12:04:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/15 04:15:12 | 002,987,522 | ---- | M] () -- D:\Users\764DHP101710\Desktop\Hans Christian Andersen.pdf
[2011/11/11 15:34:50 | 000,000,456 | ---- | M] () -- D:\ProgramData\9qBT91GksNifbV
[2011/11/11 15:33:45 | 000,000,296 | ---- | M] () -- D:\ProgramData\~9qBT91GksNifbV
[2011/11/11 15:33:45 | 000,000,232 | ---- | M] () -- D:\ProgramData\~9qBT91GksNifbVr
[2011/11/11 14:01:57 | 000,001,109 | ---- | M] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 14:01:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 09:30:50 | 000,000,177 | ---- | M] () -- D:\Users\764DHP101710\Desktop\rk-proxy.reg
[2011/11/10 21:16:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/11/10 19:49:46 | 001,008,092 | ---- | M] () -- D:\Users\764DHP101710\Desktop\rkill.com
[2011/11/10 19:47:20 | 000,000,000 | ---- | M] () -- D:\Users\764DHP101710\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/10 19:32:57 | 000,002,048 | ---- | M] () -- D:\Users\764DHP101710\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/10 19:32:32 | 000,000,681 | ---- | M] () -- D:\Users\764DHP101710\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/10 19:32:01 | 000,000,396 | ---- | M] () -- D:\Windows\tasks\At1.job
[2011/11/10 19:31:53 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung ML-2510 Series
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NJStar Chinese WP
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Card
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/11/10 19:31:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/11/10 19:31:52 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/10 19:31:52 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011/11/10 19:31:52 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/10 19:31:52 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/10 19:31:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2011/11/10 19:31:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/11/10 19:31:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2011/11/10 19:31:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/11/10 19:31:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/11/10 19:31:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChinaNet
[2011/11/10 19:31:51 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/10 19:31:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/11/10 03:25:22 | 000,418,800 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2011/11/09 13:55:30 | 000,001,282 | ---- | M] () -- D:\Users\764DHP101710\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/09 13:55:30 | 000,001,258 | ---- | M] () -- D:\Users\764DHP101710\Desktop\Spybot - Search & Destroy.lnk
[2011/11/07 13:20:07 | 000,000,282 | ---- | M] () -- D:\Users\764DHP101710\Desktop\h2p1.m
[2011/10/30 00:07:33 | 044,943,081 | ---- | M] () -- D:\Users\764DHP101710\Desktop\Cotton_is_king_and_pro_slavery_arguments.pdf
[2011/10/25 13:48:14 | 000,238,545 | ---- | M] () -- D:\Users\764DHP101710\Desktop\115sol.pdf

========== Files Created - No Company Name ==========

[2011/11/20 12:14:13 | 000,002,602 | ---- | C] () -- D:\Windows\System32\.crusader
[2011/11/20 12:14:03 | 000,000,140 | ---- | C] () -- D:\Windows\System32\bootdelete.lst
[2011/11/20 12:01:27 | 000,025,160 | ---- | C] () -- D:\Windows\System32\drivers\hitmanpro35.sys
[2011/11/20 12:01:27 | 000,001,974 | ---- | C] () -- D:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/11/18 19:28:12 | 002,987,522 | ---- | C] () -- D:\Users\764DHP101710\Desktop\Hans Christian Andersen.pdf
[2011/11/17 14:18:11 | 002,538,782 | R--- | C] () -- D:\Users\764DHP101710\Desktop\SSRN-id1115805-1.pdf
[2011/11/15 16:15:35 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At49.job
[2011/11/15 16:15:35 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At47.job
[2011/11/15 16:15:35 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At45.job
[2011/11/15 16:15:35 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At43.job
[2011/11/15 16:15:35 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At41.job
[2011/11/15 16:15:35 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At48.job
[2011/11/15 16:15:35 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At46.job
[2011/11/15 16:15:35 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At44.job
[2011/11/15 16:15:35 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At42.job
[2011/11/15 16:15:35 | 000,000,000 | ---- | C] () -- D:\ProgramData\wQv7SF.dat
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At39.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At37.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At35.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At33.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At31.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At29.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At27.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At25.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At23.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At21.job
[2011/11/15 16:15:34 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At19.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At40.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At38.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At36.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At34.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At32.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At30.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At28.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At26.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At24.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At22.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At20.job
[2011/11/15 16:15:34 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At18.job
[2011/11/15 16:15:33 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At9.job
[2011/11/15 16:15:33 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At7.job
[2011/11/15 16:15:33 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At5.job
[2011/11/15 16:15:33 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At3.job
[2011/11/15 16:15:33 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At17.job
[2011/11/15 16:15:33 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At15.job
[2011/11/15 16:15:33 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At13.job
[2011/11/15 16:15:33 | 000,000,350 | ---- | C] () -- D:\Windows\tasks\At11.job
[2011/11/15 16:15:33 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At8.job
[2011/11/15 16:15:33 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At6.job
[2011/11/15 16:15:33 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At4.job
[2011/11/15 16:15:33 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At16.job
[2011/11/15 16:15:33 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At14.job
[2011/11/15 16:15:33 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At12.job
[2011/11/15 16:15:33 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At10.job
[2011/11/15 16:15:32 | 000,000,348 | ---- | C] () -- D:\Windows\tasks\At2.job
[2011/11/11 15:33:45 | 000,000,296 | ---- | C] () -- D:\ProgramData\~9qBT91GksNifbV
[2011/11/11 15:33:45 | 000,000,232 | ---- | C] () -- D:\ProgramData\~9qBT91GksNifbVr
[2011/11/11 15:33:41 | 000,000,456 | ---- | C] () -- D:\ProgramData\9qBT91GksNifbV
[2011/11/11 14:01:57 | 000,001,109 | ---- | C] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 19:51:46 | 000,000,177 | ---- | C] () -- D:\Users\764DHP101710\Desktop\rk-proxy.reg
[2011/11/10 19:49:45 | 001,008,092 | ---- | C] () -- D:\Users\764DHP101710\Desktop\rkill.com
[2011/11/10 19:47:02 | 000,000,000 | ---- | C] () -- D:\Users\764DHP101710\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/10 19:32:32 | 000,000,681 | ---- | C] () -- D:\Users\764DHP101710\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/10 19:31:11 | 000,000,396 | ---- | C] () -- D:\Windows\tasks\At1.job
[2011/11/09 13:55:30 | 000,001,282 | ---- | C] () -- D:\Users\764DHP101710\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/09 13:55:30 | 000,001,258 | ---- | C] () -- D:\Users\764DHP101710\Desktop\Spybot - Search & Destroy.lnk
[2011/11/07 15:28:21 | 000,000,282 | ---- | C] () -- D:\Users\764DHP101710\Desktop\h2p1.m
[2011/11/02 15:14:57 | 000,610,050 | ---- | C] () -- D:\Users\764DHP101710\Desktop\Angela Carter.pdf
[2011/11/02 15:13:56 | 001,770,115 | ---- | C] () -- D:\Users\764DHP101710\Desktop\Lolita.pdf
[2011/10/30 00:07:33 | 044,943,081 | ---- | C] () -- D:\Users\764DHP101710\Desktop\Cotton_is_king_and_pro_slavery_arguments.pdf
[2011/10/25 13:48:14 | 000,238,545 | ---- | C] () -- D:\Users\764DHP101710\Desktop\115sol.pdf
[2011/10/22 18:20:47 | 000,255,488 | ---- | C] () -- D:\Windows\System32\xvidvfw.dll
[2011/10/22 18:20:46 | 000,696,832 | ---- | C] () -- D:\Windows\System32\xvidcore.dll
[2011/10/22 18:20:46 | 000,645,632 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
[2011/10/22 18:20:46 | 000,240,640 | ---- | C] () -- D:\Windows\SysWow64\xvidvfw.dll
[2011/10/22 18:20:46 | 000,173,568 | ---- | C] () -- D:\Windows\System32\xvid.ax
[2011/10/22 18:20:46 | 000,153,088 | ---- | C] () -- D:\Windows\SysWow64\xvid.ax
[2011/08/24 23:22:33 | 000,000,262 | ---- | C] () -- D:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/05/25 17:41:40 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/21 11:27:02 | 000,007,600 | ---- | C] () -- D:\Users\764DHP101710\AppData\Local\Resmon.ResmonCfg
[2010/10/20 00:06:57 | 000,000,565 | ---- | C] () -- D:\Users\764DHP101710\AppData\Roaming\myMPQ.ini
[2010/10/17 16:03:16 | 000,000,075 | RHS- | C] () -- D:\Windows\CT4CET.bin
[2010/10/17 15:45:24 | 000,002,093 | ---- | C] () -- D:\Windows\SysWow64\cid_store.dat
[2010/10/17 15:45:24 | 000,000,026 | ---- | C] () -- D:\Windows\SysWow64\xlhcc.dat
[2010/10/17 15:45:12 | 000,000,020 | ---- | C] () -- D:\Windows\SysWow64\pub_store.dat
[2010/08/25 14:34:30 | 000,982,240 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2010/08/25 14:34:30 | 000,439,308 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 14:34:30 | 000,092,356 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2008/10/06 20:13:30 | 000,197,912 | ---- | C] () -- D:\Windows\SysWow64\physxcudart_20.dll
[2008/10/06 20:13:22 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/11/20 09:40:15 | 000,000,000 | ---D | M] -- D:\ProgramData\BioWare
[2010/10/19 22:52:35 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2011/11/18 19:47:06 | 000,000,000 | ---D | M] -- D:\ProgramData\DatacardService
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/11/20 12:14:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Hitman Pro
[2011/09/22 12:54:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Drivers HeadQuarters
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2010/10/19 11:07:18 | 000,000,000 | ---D | M] -- D:\ProgramData\Tencent
[2010/10/17 15:45:11 | 000,000,000 | ---D | M] -- D:\ProgramData\Thunder Network
[2011/09/22 12:55:55 | 000,000,000 | ---D | M] -- D:\ProgramData\UAB
[2011/10/22 19:23:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft
[2011/11/10 19:32:01 | 000,000,396 | ---- | M] () -- D:\Windows\Tasks\At1.job
[2011/11/20 04:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At10.job
[2011/11/20 04:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At11.job
[2011/11/20 05:06:01 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At12.job
[2011/11/20 05:06:01 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At13.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At14.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At15.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At16.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At17.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At18.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At19.job
[2011/11/20 00:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At2.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At20.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At21.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At22.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At23.job
[2011/11/20 11:27:34 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At24.job
[2011/11/20 11:27:34 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At25.job
[2011/11/20 12:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At26.job
[2011/11/20 12:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At27.job
[2011/11/19 13:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At28.job
[2011/11/19 13:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At29.job
[2011/11/20 00:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At3.job
[2011/11/19 14:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At30.job
[2011/11/19 14:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At31.job
[2011/11/19 15:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At32.job
[2011/11/19 15:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At33.job
[2011/11/19 16:06:01 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At34.job
[2011/11/19 16:06:01 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At35.job
[2011/11/19 17:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At36.job
[2011/11/19 17:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At37.job
[2011/11/19 19:49:52 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At38.job
[2011/11/19 19:49:52 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At39.job
[2011/11/20 01:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At4.job
[2011/11/19 19:49:52 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At40.job
[2011/11/19 19:49:52 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At41.job
[2011/11/19 20:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At42.job
[2011/11/19 20:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At43.job
[2011/11/19 21:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At44.job
[2011/11/19 21:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At45.job
[2011/11/19 22:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At46.job
[2011/11/19 22:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At47.job
[2011/11/19 23:06:01 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At48.job
[2011/11/19 23:06:01 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At49.job
[2011/11/20 01:06:01 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At5.job
[2011/11/20 02:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At6.job
[2011/11/20 02:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At7.job
[2011/11/20 03:06:00 | 000,000,348 | ---- | M] () -- D:\Windows\Tasks\At8.job
[2011/11/20 03:06:00 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At9.job
[2009/07/14 00:08:49 | 000,024,210 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- D:\Users\764DHP101710\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- D:\Users\764DHP101710\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 20:07:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\Windows\system64\USERINIT.EXE
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- D:\Users\764DHP101710\AppData\Local\Temp\RarSFX5\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- D:\Windows\System32\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- D:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 20:07:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\Windows\system64\WINLOGON.EXE
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- D:\Users\764DHP101710\AppData\Local\Temp\RarSFX5\winlogon.exe

========== Files - Unicode (All) ==========
[2010/11/13 22:30:48 | 000,014,014 | ---- | M] ()(D:\Users\764DHP101710\Desktop\QFII???????-????.docx) -- D:\Users\764DHP101710\Desktop\QFII存在的市场机会-跟踪报告.docx
[2010/11/13 22:30:48 | 000,014,014 | ---- | C] ()(D:\Users\764DHP101710\Desktop\QFII???????-????.docx) -- D:\Users\764DHP101710\Desktop\QFII存在的市场机会-跟踪报告.docx
[2010/11/13 22:30:33 | 000,017,181 | ---- | M] ()(D:\Users\764DHP101710\Desktop\QFII???????-1.docx) -- D:\Users\764DHP101710\Desktop\QFII存在的市场机会-1.docx
[2010/11/13 22:30:30 | 000,017,181 | ---- | C] ()(D:\Users\764DHP101710\Desktop\QFII???????-1.docx) -- D:\Users\764DHP101710\Desktop\QFII存在的市场机会-1.docx
[2010/11/08 10:39:48 | 000,000,000 | ---D | M](D:\Users\764DHP101710\Desktop\??) -- D:\Users\764DHP101710\Desktop\报告
[2010/11/08 10:39:48 | 000,000,000 | ---D | C](D:\Users\764DHP101710\Desktop\??) -- D:\Users\764DHP101710\Desktop\报告
(D:\Users\764DHP101710\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- D:\Users\764DHP101710\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
< End of report >

Attached Files

  • Attached File  OTL.txt   115.31KB   105 downloads

  • 0

Advertisements

#2
Grarg
Posted 21 November 2011 - 02:58 AM

Grarg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I've dug through and found the Hitman Pro log file called quarantine.xml. I think the problem came as a result of the program messing with the master boot record. Here's what the xml said:

- <Quarantine lastId="2">
- <Item type="Malware" malwareName="Trojan" score="105.0" status="None" id="1" title="consrv.dll" subtitle="C:\Windows\system32\" action="Deleted" dt="2011-11-20T12:14:13">
- <Scanners>
<Scanner id="G Data" name="Trojan.Generic.6793636 (Engine A)" />
<Scanner id="DrWeb" name="BackDoor.Maxplus.90" />
<Scanner id="Ikarus" name="Trojan.Win64!IK" />
</Scanners>
<File path="C:\Windows\system32\consrv.dll" hash="6616179477849205EB4075B75A042056D196F45D67F78929DBB3317A35CCBEA9" />
</Item>
- <Item type="Malware" malwareName="Bootkit" score="100.0" status="PendingDelete" id="2" title="Master Boot Record (Sector 0)" subtitle="C:$MBR" action="Deleted" dt="2011-11-20T12:14:13">
- <Scanners>
<Scanner id="Other" name="Win32/Bootkit" />
</Scanners>
<File path="C:$MBR" hash="FE8FA22AFDAAD662686CC863528EE424CF14577E007C760ECF26FD93DAE988A7" />
</Item>
</Quarantine>
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP