Remnants after infection? [Solved]
#31
Posted 29 April 2012 - 05:22 PM
#32
Posted 29 April 2012 - 05:48 PM
OK/noted. We can use the Installtion DVD in another manner if the need...for now follow my ameneded instructions below.Please note that I've also managed to get my hands on a Windows 7 Install Disk, but I would prefer this be a last resort if at all possible
Next:
Disconnect Drive D, you may reconnect again afterwards if the below is successful.
Now place your Windows 7 Start-Up Repair disk in the optical drive, then reboot your machine. During the POST(Power On Self Test) sequence continually depress Function Key 8(F8) to bring up the Advanced Boot Options screen.
Use the arrow keys to scroll down and select Safe Mode and hit the Enter/Return key.
Next:
In Safe Mode carry out the following:-
Right-click on Start(Windows 7 Orb) >> Open Windows Explorer >> Local Disk (C:) >> Windows >> right-click and select New > >> Folder >> name it System64
Navigate back via Windows Explorer to C:\_OTL >> expand the MovedFiles folder that denotes the last custom script ran >> move the appropriate files to the new C:\Windows\System64 Folder.
Then navigate back using Windows Explorer to C:\Windows\ERDNT
Double-click on the folder DD-DD-YYYY <-- denotes date/year etc to expand >> right-click on ERDNT.exe and select Run as Administrator >> follow the prompts.
When your machine starts to reboot actually boot it up from the Windows 7 Start-Up Repair disk this time...
- You will have to answer a few basic questions then select the option Repair your computer
- At the the System Recovery Options screen click Windows 7 to highlight then Next>
- Now click on/select Startup Repair
- If prompted to use System Restore, select Cancel.
- The same if prompted to Send information about this problem (recommended), select Don't send.
- Click Finish when Startup Repair has completed, remove the SRD disc and then click on Restart
Providing your machine is now able to boot into Normal Mode correctly, carry out the following...
- Click on Start(Windows 7 Orb).
- Click on All Programs >> Accessories
- Right click on Command Prompt and select Run as Administrator.
- Click on Continue in the UAC prompt.
- At the Command Prompt C:\Windows\System32> type in the following exactly:
- CD C:\
- Then depress the Enter/Return key, then type in the following exactly:
- sfc /scannow
- Then depress the Enter/Return key.
Next:
Let myself know the outcome of the above when completed(if the need we will merely try something else) and we will go from there, thank you.
#33
Posted 29 April 2012 - 05:54 PM
#34
Posted 29 April 2012 - 06:10 PM
#35
Posted 29 April 2012 - 06:12 PM
#36
Posted 29 April 2012 - 07:57 PM
I booted into ubuntu and recompiled the folder as instructed. Because I could not restore the registry through running erdnt.exe I used the command print in startup repair and executed these commands inside C:/Windows/ERDNT/20-04-2012
ren "ERNDT.CON" erndt.bat
erndt.bat
ren "erndt.bat" ERNDT.CON
From what I read beforehand, this should have restored the registry. I tried startup repair again but nothing was fixed. I am still unable to boot into Windows, either in safe mode or not.
#37
Posted 29 April 2012 - 08:01 PM
#38
Posted 30 April 2012 - 05:10 AM
Aye that is indeed a option we can consider but for now we will try something else...Should I attempt a repair install using that nifty Windows 7 Install Disk? I'll wait for your input before proceeding any further.
Now please no more self fixes what so ever and I should not have to mention this again eh.
I appreciate you wish your machine up and running again but you attempting the aforementioned is actually creating more problems which in turn actually hinders myself to be able to assist you all told. So any more of such and I will withdraw my free support and spend the time I have allocated for this topic assisting someone else...
Enough of that and there should be no need for myself to broach the self fixes subject again and lets proceed as follows shall we.
Next:
You will require either a USB or Flash type drive for the below, preferably formatted before starting as we may need to use the it several times for say some specific fixes. Once we have finished with the drive feel free to re-format it etc.
Now please download the following to either a USB or Flash type drive:-
Farbar Recovery Scan Tool x64
Insert the drive into your machine we are currently working on...then boot it up with either the StartUp repair disk or the Windows 7 Installation DVD to the System Recovery Options.
At the System Recovery Options menu:-
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your usb/flash drive allocation letter and close the notepad.
- In the command window type e:\frst64 and press Enter
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press the Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste that in your next reply.
#39
Posted 30 April 2012 - 06:42 PM
Now please no more self fixes what so ever and I should not have to mention this again eh.
Sorry, it won't happen again I promise. Here is the log you requested.
Scan result of Farbar Recovery Scan Tool Version: 30-04-2012 02
Ran by SYSTEM at 30-04-2012 18:12:57
Running from H:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2306448 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115624 2011-02-03] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKU\Michal\...\Run: [Steam] "D:\Games\Steam\steam.exe" -silent [x]
HKU\Michal\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Michal\...\Run: [RGSC] D:\Games\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe /silent [x]
HKU\Widomski\...\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [3528504 2011-03-23] (Piriform Ltd)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
==================== Services (Whitelisted) ======
3 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
4 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [39408 2010-09-13] ()
2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108456 2011-02-03] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108456 2011-02-03] (Symantec Corporation)
3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [357456 2010-10-28] (Logitech, Inc.)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093944 2011-01-19] (Symantec Corporation)
3 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-09-22] (NVIDIA Corporation)
2 PDAgent; "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" [2610952 2011-03-15] (Raxco Software, Inc.)
3 PDEngine; "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe" [2266376 2011-03-15] (Raxco Software, Inc.)
3 RoxMediaDB13; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1099248 2010-07-16] (Sonic Solutions)
3 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe" [354288 2010-07-16] (Sonic Solutions)
2 SamsungAllShareV2.0; "C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe" [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
3 SimpleSlideShowServer; "C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe" [27584 2012-03-02] (Samsung Electronics Co., Ltd.)
2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3250416 2011-03-07] (Symantec Corporation)
4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [428960 2011-02-18] (Symantec Corporation)
2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1839888 2011-03-10] (Symantec Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe .exe /V [x]
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [x]
========================== Drivers (Whitelisted) =============
1 c2scsi64; C:\Windows\System32\Drivers\c2scsi64.sys [167920 2010-07-16] (Sonic Solutions)
2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [138256 2010-04-07] (Raxco Software, Inc.)
3 dmvsc; C:\Windows\System32\Drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [63568 2010-08-24] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [57936 2010-08-24] (Logitech, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97040 2011-01-01] (MotioninJoy)
1 nm3; C:\Windows\System32\Drivers\nm3.sys [46392 2010-06-09] (Microsoft Corporation)
0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [27120 2009-06-01] (Sonic Solutions)
0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [19952 2009-06-01] (Sonic Solutions)
1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27632 2009-06-01] (Sonic Solutions)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2011-03-08] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2011-03-08] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2011-03-08] (Symantec Corporation)
3 sscebus; C:\Windows\System32\Drivers\sscebus.sys [127488 2010-10-26] (MCCI Corporation)
3 sscemdfl; C:\Windows\System32\Drivers\sscemdfl.sys [18944 2010-10-26] (MCCI Corporation)
3 sscemdm; C:\Windows\System32\Drivers\sscemdm.sys [161280 2010-10-26] (MCCI Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-03-31] (Symantec Corporation)
3 Synth3dVsc; C:\Windows\System32\Drivers\Synth3dVsc.sys [88960 2010-11-20] (Microsoft Corporation)
3 taphss; C:\Windows\System32\Drivers\taphss.sys [37888 2012-01-04] (AnchorFree Inc)
3 teamviewervpn; C:\Windows\System32\Drivers\teamviewervpn.sys [35112 2011-03-30] (TeamViewer GmbH)
3 Teefer2; C:\Windows\System32\Drivers\Teefer2.sys [64152 2010-12-10] (Symantec Corporation)
3 terminpt; C:\Windows\System32\Drivers\terminpt.sys [34816 2010-11-20] (Microsoft Corporation)
3 TFsExDisk; C:\Windows\System32\Drivers\TFsExDisk.sys [16448 2010-10-04] (Teruten Inc)
3 TFsExDisk; C:\Windows\SysWow64\Drivers\TFsExDisk.sys [16448 2010-10-04] (Teruten Inc)
3 TIEHDUSB; C:\Windows\System32\Drivers\TIEHDUSB.sys [128512 2009-09-03] (Texas Instruments)
3 tsusbhub; C:\Windows\System32\Drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation)
1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [54392 2011-03-07] (Symantec Corporation)
3 WpsHelper; C:\Windows\System32\Drivers\WpsHelper.sys [225328 2011-07-15] (Symantec Corporation)
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfoX64.sys [x]
3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120419.019\ENG64.SYS [x]
3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120419.019\EX64.SYS [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========
NETSVC: Cam5603D
============ One Month Created Files and Folders ==============
2012-04-29 19:47 - 2012-04-29 20:06 - 77332480 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-29 19:47 - 2012-04-29 20:06 - 27525120 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-29 19:47 - 2012-04-20 13:53 - 0786432 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-29 19:47 - 2012-04-20 13:53 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-29 19:47 - 2012-04-20 13:53 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-29 17:19 - 2012-04-28 22:20 - 0000000 ___AD C:\Windows\System64
2012-04-28 23:01 - 2011-06-14 16:46 - 0000000 ___AD C:\.Trash-999
2012-04-28 22:20 - 2009-07-13 12:23 - 0000000 __SHD C:\Windows\System32\Restore
2012-04-28 07:35 - 2009-07-13 20:54 - 0027514 ____A C:\Windows\WindowsUpdate.log
2012-04-27 10:23 - 2009-08-14 07:52 - 0131040 ____A C:\Users\Widomski\Documents\SWIDNICA.docx
2012-04-26 19:40 - 2012-04-20 13:52 - 0000254 ____A C:\Users\Michal\Desktop\ESET.txt
2012-04-26 16:34 - 2012-04-20 13:50 - 2322184 ____A (ESET) C:\Users\Michal\Downloads\esetsmartinstaller_enu.exe
2012-04-26 16:13 - 2012-01-15 19:01 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-26 16:12 - 2012-02-16 22:03 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Michal\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-26 15:33 - 2010-12-19 22:03 - 0015454 ____A C:\Users\Widomski\Documents\The Road to El Dorado.docx
2012-04-25 18:10 - 2012-04-25 18:10 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 18:10 - 2012-03-14 11:00 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-25 18:10 - 2012-03-14 11:00 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-24 19:31 - 2012-04-12 16:32 - 1056187 ____A C:\Users\Michal\Downloads\iComic-v4.3.1.ipa
2012-04-24 18:59 - 2012-04-29 17:19 - 0000000 ____D C:\_OTL
2012-04-24 15:17 - 2011-03-07 05:45 - 0151685 ____A C:\Users\Widomski\Documents\Seven years war.docx
2012-04-23 21:04 - 2011-11-19 20:50 - 4053471 ____A C:\Users\Michal\Desktop\Valve_Handbook_LowRes.pdf
2012-04-23 15:39 - 2011-07-13 10:07 - 0000000 ____D C:\MGADiagToolOutput
2012-04-23 15:38 - 2011-05-19 22:21 - 0000000 ____D C:\Users\All Users\Office Genuine Advantage
2012-04-23 15:38 - 2011-05-19 22:21 - 0000000 ____D C:\ProgramData\Office Genuine Advantage
2012-04-22 14:27 - 2012-02-25 22:52 - 0068096 ____A C:\Users\Michal\Downloads\U2(mcrev)pure30(1).doc
2012-04-21 18:40 - 2012-02-16 15:07 - 0001262 ____A C:\Users\Michal\Desktop\LaunchGTAIV.exe - Shortcut.lnk
2012-04-21 14:38 - 2012-04-21 14:38 - 0085370 ____A C:\Users\Michal\Downloads\xliveless-0.999b7.rar
2012-04-21 14:38 - 2012-02-27 16:16 - 0000000 ____D C:\Users\Michal\Downloads\xliveless-0.999b7
2012-04-21 12:40 - 2011-10-29 14:45 - 0593920 ____A (OldTimer Tools) C:\Users\Michal\Desktop\OTL.exe
2012-04-21 10:01 - 2012-04-29 01:20 - 0137288 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_12.01.14_log.txt
2012-04-21 09:59 - 2011-11-28 17:28 - 0000512 ____A C:\Users\Michal\Desktop\MBR.dat
2012-04-20 13:53 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\ERDNT
2012-04-20 13:52 - 2012-03-14 17:00 - 0000909 ____A C:\Users\Michal\Desktop\ERUNT.lnk
2012-04-20 13:52 - 2012-02-17 12:02 - 0000928 ____A C:\Users\Michal\Desktop\NTREGOPT.lnk
2012-04-20 13:52 - 2012-01-31 19:36 - 0000928 ____A C:\Users\Widomski\Desktop\NTREGOPT.lnk
2012-04-20 13:52 - 2011-08-14 12:06 - 0000928 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2012-04-20 13:52 - 2011-08-14 11:58 - 0000000 ____D C:\Program Files (x86)\ERUNT
2012-04-20 13:52 - 2011-04-18 19:11 - 0000909 ____A C:\Users\Widomski\Desktop\ERUNT.lnk
2012-04-20 13:52 - - 0000909 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2012-04-20 13:52 - - 0000174 ___SH C:\Users\Michal\Start Menu\Programs\Startup\desktop.ini
2012-04-20 13:52 - - 0000174 ___SH C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-20 13:50 - 2011-08-12 22:25 - 0791393 ____A (Lars Hederer ) C:\Users\Michal\Downloads\erunt-setup.exe
2012-04-20 11:14 - 2011-03-31 12:10 - 0025909 ____A C:\Users\Widomski\Documents\OBOZ KONCENTRACYJNY W MAJDANKU.docx
2012-04-19 22:14 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-19 22:14 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-19 20:35 - 2012-04-21 12:40 - 0089434 ____A C:\Users\Michal\Desktop\OTL.Txt
2012-04-19 20:35 - 2012-03-29 14:16 - 0052192 ____A C:\Users\Michal\Desktop\Extras.Txt
2012-04-19 15:52 - 2011-11-10 16:30 - 0000000 ____D C:\Users\Michal\AppData\Local\SniperV2 Demo
2012-04-18 18:24 - 2012-01-29 20:23 - 0000000 ____D C:\Users\Michal\Downloads\GTA 4 Fix
2012-04-18 18:11 - 2011-07-13 15:30 - 0000000 ____D C:\Users\Michal\AppData\Local\Rockstar Games
2012-04-18 06:01 - 2011-08-01 11:56 - 0026112 ____A C:\Users\Michal\Downloads\Pure 30 Midterm Outline.doc
2012-04-17 21:33 - 2011-03-31 09:49 - 0000600 ____A C:\Users\Michal\AppData\Roaming\winscp.rnd
2012-04-17 21:27 - 2011-05-25 19:57 - 0001853 ____A C:\Users\Michal\Desktop\WinSCP.lnk
2012-04-17 21:27 - 2010-11-20 23:06 - 0000000 ____D C:\Program Files (x86)\WinSCP
2012-04-17 21:00 - 2011-12-19 15:36 - 0065397 ____A C:\Users\Michal\Desktop\RutherfordScholarship.pdf
2012-04-17 19:23 - 2012-04-21 14:38 - 0005466 ____A C:\Users\Michal\Downloads\[Demonoid.me]-PureMath30Explained_Printer_Friendly(Full_Course).torrent
2012-04-17 15:38 - 2012-03-22 10:01 - 0061685 ____A C:\Users\Michal\Downloads\bluescreenview.zip
2012-04-16 16:34 - 2012-03-04 16:23 - 38947386 ____A C:\Users\Michal\Downloads\cinema-2.0.exe
2012-04-16 15:41 - 2012-02-16 21:00 - 0000724 ____A C:\Users\Public\Desktop\Max Payne 2.lnk
2012-04-16 14:57 - - 8190311 ____A C:\Users\Michal\Downloads\01 Burn It Down.m4a
2012-04-15 13:36 - 2011-09-19 17:17 - 2868161 ____A C:\Users\Widomski\Desktop\S08293.pdf
2012-04-15 12:45 - 2012-04-21 12:47 - 0003829 ____A C:\Users\Michal\Desktop\photo-360817.jpg
2012-04-15 08:08 - 2011-09-14 17:46 - 2006184 ____A C:\Users\Widomski\Desktop\md200codes.pdf
2012-04-14 16:42 - - 0525568 ____A C:\Users\Widomski\Desktop\2010-04-13_003255_diagram.pdf
2012-04-14 16:28 - 2012-03-01 09:18 - 0534930 ____A C:\Users\Widomski\Desktop\C_10_ C_12_ 3406E_C_15, and C_16 On_highway Engine Electrical System .pdf
2012-04-13 09:12 - 2011-09-21 14:37 - 0000000 ____D C:\Users\Michal\Downloads\kungfu_30
2012-04-12 20:07 - 2012-02-08 17:36 - 0000000 ____D C:\Users\Michal\AppData\Local\CAPCOM
2012-04-12 16:35 - - 0000000 ____D C:\Users\Michal\.shsh
2012-04-12 16:34 - 2011-07-10 10:26 - 2295296 ____A () C:\Users\Michal\Downloads\tinyumbrella-5.10.14.exe
2012-04-12 16:32 - 2012-04-05 12:35 - 0015447 ____A C:\Users\Michal\Downloads\hs_err_pid6384.log
2012-04-12 15:29 - 2012-04-12 15:29 - 0698465 ____A C:\s6fc.5
2012-04-12 15:29 - 2012-04-04 15:49 - 1291289 ____A C:\s6fc.4
2012-04-12 15:28 - 2012-02-25 16:25 - 0000000 ____D C:\Users\Michal\Downloads\absinthe-win-0.4
2012-04-12 15:27 - 2012-02-01 19:43 - 9123792 ____A C:\Users\Michal\Downloads\absinthe-win-0.4.zip
2012-04-12 14:51 - 2012-03-22 12:35 - 3276874 ____A C:\Users\Widomski\HatzInstruction.pdf
2012-04-12 10:39 - 2012-04-21 09:59 - 0000086 ____A C:\Users\Michal\Desktop\melee.txt
2012-04-12 10:30 - 2011-08-12 09:40 - 0000625 ____A C:\Users\Michal\Desktop\cydia downloads.txt
2012-04-12 09:59 - 2011-08-14 12:06 - 0032331 ____A C:\Users\Michal\Desktop\hitman_blood_money.jpg
2012-04-10 17:49 - 2011-06-14 16:56 - 6660935 ____A C:\Users\Widomski\Carver Owners Manual - 1977.pdf
2012-04-10 10:53 - 2012-04-26 16:13 - 0000174 ___SH C:\Users\Public\desktop.ini
2012-04-09 09:07 - 2012-02-01 18:42 - 0001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-05 12:35 - 2012-04-21 14:41 - 0643284 ____A C:\Users\Michal\Downloads\hosts
2012-04-05 11:36 - 2011-07-21 10:08 - 0039991 ____A C:\Users\Michal\Downloads\umbrella.log
2012-04-05 11:36 - 2011-03-31 07:53 - 0038668 ____A C:\Users\Michal\umbrella0.log
2012-04-04 18:04 - 2011-06-14 16:57 - 0000000 ____D C:\Users\Widomski\Documents\camera pictures
2012-04-04 18:01 - 2011-11-17 16:18 - 0002146 ____A C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2012-04-04 18:00 - 2011-04-28 19:05 - 0127488 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscebus.sys
2012-04-04 18:00 - 2011-02-10 05:00 - 0025960 ____A (Teruten Inc) C:\Windows\SysWOW64\FsExService64.Exe
2012-04-04 18:00 - 2010-10-26 18:01 - 0161280 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscemdm.sys
2012-04-04 18:00 - 2010-10-26 18:01 - 0018944 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscemdfl.sys
2012-04-04 18:00 - 2010-10-26 18:01 - 0015872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscewhnt.sys
2012-04-04 18:00 - 2010-10-26 18:01 - 0015872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscewh.sys
2012-04-04 18:00 - 2010-10-26 18:01 - 0015360 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscecmnt.sys
2012-04-04 18:00 - 2010-10-26 18:01 - 0015360 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscecm.sys
2012-04-04 18:00 - 2007-10-25 15:26 - 0016448 ____A (Teruten Inc) C:\Windows\SysWOW64\Drivers\TFsExDisk.Sys
2012-04-04 17:59 - 2012-04-26 16:13 - 0000000 ____D C:\Program Files (x86)\MarkAny
2012-04-04 17:33 - 2012-01-03 10:25 - 0000000 ____D C:\Users\Michal\Desktop\registry font backups
2012-04-04 16:18 - 2011-08-22 18:36 - 103391634 ____A C:\Users\Michal\Downloads\Mirrors Edge-v1.4.73-NyM.ipa
2012-04-04 15:49 - 2012-04-04 15:49 - 0698258 ____A C:\s3pc.4
2012-04-04 15:48 - 2012-01-14 20:10 - 1290899 ____A C:\s3pc.3
2012-04-04 15:43 - 2012-04-28 22:20 - 0000000 ____D C:\Users\Michal\AppData\Local\libimobiledevice
2012-04-03 20:00 - 2012-02-12 22:57 - 849922173 ____A C:\Users\Michal\Downloads\iPhone4,1_5.0.1_9A406_Restore.ipsw
2012-04-02 17:08 - 2011-06-04 19:55 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-04-02 16:56 - 2011-07-30 11:37 - 0009987 ____A C:\Users\Michal\Downloads\328526.zip
2012-04-02 14:55 - 2012-03-26 13:37 - 0000779 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2012-04-02 08:02 - 2011-07-31 08:47 - 0000000 ____D C:\Users\Widomski\AppData\Local\shaw
2012-04-01 21:18 - 2011-12-05 15:32 - 0000000 ____D C:\Users\Michal\AppData\Local\shaw
2012-04-01 21:18 - 2011-04-01 11:18 - 0000000 ____D C:\Users\All Users\shaw
2012-04-01 21:18 - 2011-04-01 11:18 - 0000000 ____D C:\ProgramData\shaw
2012-04-01 21:17 - 2011-03-31 12:19 - 0000000 ____D C:\Program Files\Shaw
2012-04-01 21:17 - 2010-11-20 19:24 - 0072192 ____A C:\Windows\SysWOW64\zlib.dll
2012-04-01 18:57 - 2012-04-19 16:43 - 0000000 ____D C:\Users\Michal\AppData\Local\ElevatedDiagnostics
2012-04-01 18:40 - 2012-04-20 13:52 - 0011433 ____A C:\Users\Michal\Desktop\On Golden Pond Assignment.docx
2012-04-01 17:43 - 2012-02-08 21:06 - 0000000 ____D C:\Users\Widomski\AppData\Local\Conduit
2012-03-31 22:23 - 2003-12-07 07:59 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 22:23 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-31 10:50 - 2011-05-14 15:05 - 0000711 ____A C:\Users\Public\Desktop\Alan Wake.lnk
============ 3 Months Modified Files and Folders =============
2012-04-30 18:13 - 2012-04-30 18:12 - 0000000 ____D C:\FRST
2012-04-29 17:21 - 2012-04-29 17:19 - 0000000 ___AD C:\Windows\System64
2012-04-29 17:10 - 2012-04-29 19:47 - 77332480 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-29 17:10 - 2012-04-29 19:47 - 27525120 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-28 23:01 - 2012-04-28 23:01 - 0000000 ___AD C:\.Trash-999
2012-04-28 22:21 - 2012-04-29 19:47 - 0786432 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-28 22:21 - 2012-04-29 19:47 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-28 22:21 - 2012-04-29 19:47 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-28 22:20 - 2012-04-28 22:20 - 0000000 __SHD C:\Windows\System32\Restore
2012-04-28 22:20 - 2012-04-28 07:35 - 0027514 ____A C:\Windows\WindowsUpdate.log
2012-04-28 22:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-28 22:19 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\winevt
2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-28 21:38 - 2012-03-31 22:23 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-28 16:43 - 2011-07-26 16:41 - 0000000 ____D C:\Users\Michal\AppData\Roaming\foobar2000
2012-04-28 16:43 - 2011-03-31 14:06 - 0000000 ____D C:\Users\Michal\AppData\Roaming\vlc
2012-04-28 16:39 - 2011-06-30 15:29 - 0000000 ____D C:\Users\Michal\AppData\Roaming\AccurateRip
2012-04-28 16:19 - 2011-03-31 10:50 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Skype
2012-04-28 16:11 - 2009-07-13 21:13 - 0783270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-28 16:09 - 2012-03-21 17:18 - 0000000 ____D C:\Users\Widomski\Desktop\Ania
2012-04-28 07:40 - 2009-07-13 20:45 - 0027968 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-28 07:40 - 2009-07-13 20:45 - 0027968 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-28 07:35 - 2011-05-19 22:23 - 0000000 ____D C:\users\UpdatusUser
2012-04-28 07:33 - 2012-03-16 20:07 - 0000000 ____D C:\Windows\Minidump
2012-04-28 07:32 - 2011-05-19 22:22 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-28 07:32 - 2011-05-19 22:22 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-28 07:32 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-28 07:31 - 2011-03-31 05:46 - 529932288 __ASH C:\hiberfil.sys
2012-04-27 10:23 - 2012-04-27 10:23 - 0131040 ____A C:\Users\Widomski\Documents\SWIDNICA.docx
2012-04-26 19:40 - 2012-04-26 19:40 - 0000254 ____A C:\Users\Michal\Desktop\ESET.txt
2012-04-26 17:37 - 2012-04-26 15:33 - 0015454 ____A C:\Users\Widomski\Documents\The Road to El Dorado.docx
2012-04-26 16:35 - 2012-04-26 16:34 - 2322184 ____A (ESET) C:\Users\Michal\Downloads\esetsmartinstaller_enu.exe
2012-04-26 16:13 - 2012-04-26 16:13 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-26 16:13 - 2011-03-31 10:34 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-26 16:12 - 2012-04-26 16:12 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Michal\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-25 18:59 - 2011-04-16 13:30 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Audacity
2012-04-25 18:10 - 2012-04-25 18:10 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-25 18:10 - 2012-04-25 18:10 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-25 18:10 - 2012-04-25 18:10 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 18:10 - 2011-03-31 09:17 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-25 17:11 - 2011-03-31 13:26 - 0101376 ____A C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-25 17:03 - 2011-03-31 14:03 - 0000000 ____D C:\Users\Michal\AppData\Roaming\uTorrent
2012-04-24 19:39 - 2011-08-09 15:49 - 0000000 ____D C:\Users\Michal\Downloads\Everything-1.2.1.371
2012-04-24 19:31 - 2012-04-24 19:31 - 1056187 ____A C:\Users\Michal\Downloads\iComic-v4.3.1.ipa
2012-04-24 18:59 - 2012-04-24 18:59 - 0000000 ____D C:\_OTL
2012-04-24 15:17 - 2012-04-24 15:17 - 0151685 ____A C:\Users\Widomski\Documents\Seven years war.docx
2012-04-23 21:04 - 2012-04-23 21:04 - 4053471 ____A C:\Users\Michal\Desktop\Valve_Handbook_LowRes.pdf
2012-04-23 15:39 - 2012-04-23 15:39 - 0000000 ____D C:\MGADiagToolOutput
2012-04-23 15:38 - 2012-04-23 15:38 - 0000000 ____D C:\Users\All Users\Office Genuine Advantage
2012-04-23 15:38 - 2012-04-23 15:38 - 0000000 ____D C:\ProgramData\Office Genuine Advantage
2012-04-22 14:59 - 2012-02-05 20:54 - 0000000 ____D C:\Users\Michal\Downloads\14aren
2012-04-22 14:51 - 2012-02-15 21:35 - 0000000 ____D C:\Users\Michal\Downloads\Mission Impossible Ghost Protocol OST iTunes-SUMOTorrent
2012-04-22 14:27 - 2012-04-22 14:27 - 0068096 ____A C:\Users\Michal\Downloads\U2(mcrev)pure30(1).doc
2012-04-22 14:06 - 2012-04-18 18:11 - 0000000 ____D C:\Users\Michal\AppData\Local\Rockstar Games
2012-04-21 18:40 - 2012-04-21 18:40 - 0001262 ____A C:\Users\Michal\Desktop\LaunchGTAIV.exe - Shortcut.lnk
2012-04-21 18:23 - 2011-03-31 08:21 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-21 14:41 - 2012-04-18 18:24 - 0000000 ____D C:\Users\Michal\Downloads\GTA 4 Fix
2012-04-21 14:38 - 2012-04-21 14:38 - 0085370 ____A C:\Users\Michal\Downloads\xliveless-0.999b7.rar
2012-04-21 14:38 - 2012-04-21 14:38 - 0000000 ____D C:\Users\Michal\Downloads\xliveless-0.999b7
2012-04-21 12:47 - 2012-04-19 20:35 - 0089434 ____A C:\Users\Michal\Desktop\OTL.Txt
2012-04-21 12:40 - 2012-04-21 12:40 - 0593920 ____A (OldTimer Tools) C:\Users\Michal\Desktop\OTL.exe
2012-04-21 10:02 - 2012-04-21 10:01 - 0137288 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_12.01.14_log.txt
2012-04-21 09:59 - 2012-04-21 09:59 - 0000512 ____A C:\Users\Michal\Desktop\MBR.dat
2012-04-20 13:59 - 2012-04-01 17:43 - 0000000 ____D C:\Users\Widomski\AppData\Local\Conduit
2012-04-20 13:59 - 2011-03-31 07:53 - 0000000 ____D C:\Users\Michal\AppData\LocalLow
2012-04-20 13:53 - 2012-04-20 13:53 - 0000000 ____D C:\Windows\ERDNT
2012-04-20 13:52 - 2012-04-20 13:52 - 0000928 ____A C:\Users\Widomski\Desktop\NTREGOPT.lnk
2012-04-20 13:52 - 2012-04-20 13:52 - 0000928 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2012-04-20 13:52 - 2012-04-20 13:52 - 0000928 ____A C:\Users\Michal\Desktop\NTREGOPT.lnk
2012-04-20 13:52 - 2012-04-20 13:52 - 0000909 ____A C:\Users\Widomski\Desktop\ERUNT.lnk
2012-04-20 13:52 - 2012-04-20 13:52 - 0000909 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2012-04-20 13:52 - 2012-04-20 13:52 - 0000909 ____A C:\Users\Michal\Desktop\ERUNT.lnk
2012-04-20 13:52 - 2012-04-20 13:52 - 0000174 ___SH C:\Users\Michal\Start Menu\Programs\Startup\desktop.ini
2012-04-20 13:52 - 2012-04-20 13:52 - 0000174 ___SH C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-20 13:52 - 2012-04-20 13:52 - 0000000 ____D C:\Program Files (x86)\ERUNT
2012-04-20 13:50 - 2012-04-20 13:50 - 0791393 ____A (Lars Hederer ) C:\Users\Michal\Downloads\erunt-setup.exe
2012-04-20 11:14 - 2012-04-20 11:14 - 0025909 ____A C:\Users\Widomski\Documents\OBOZ KONCENTRACYJNY W MAJDANKU.docx
2012-04-19 22:14 - 2012-04-19 22:14 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-19 22:14 - 2012-04-19 22:14 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-19 20:35 - 2012-04-19 20:35 - 0052192 ____A C:\Users\Michal\Desktop\Extras.Txt
2012-04-19 16:43 - 2011-06-06 16:28 - 0000000 ____D C:\Users\Michal\AppData\Local\dxhr
2012-04-19 15:53 - 2012-04-19 15:52 - 0000000 ____D C:\Users\Michal\AppData\Local\SniperV2 Demo
2012-04-18 17:48 - 2009-07-13 18:34 - 0000530 ____A C:\Windows\win.ini
2012-04-18 11:46 - 2011-03-31 12:10 - 0000000 ____D C:\Users\Widomski\Documents\WR CANAM
2012-04-18 06:01 - 2012-04-18 06:01 - 0026112 ____A C:\Users\Michal\Downloads\Pure 30 Midterm Outline.doc
2012-04-18 06:00 - 2011-07-21 12:12 - 0000000 ____D C:\Users\Michal\AppData\Local\Downloaded Installations
2012-04-17 21:33 - 2012-04-17 21:33 - 0000600 ____A C:\Users\Michal\AppData\Roaming\winscp.rnd
2012-04-17 21:27 - 2012-04-17 21:27 - 0001853 ____A C:\Users\Michal\Desktop\WinSCP.lnk
2012-04-17 21:27 - 2012-04-17 21:27 - 0000000 ____D C:\Program Files (x86)\WinSCP
2012-04-17 21:00 - 2012-04-17 21:00 - 0065397 ____A C:\Users\Michal\Desktop\RutherfordScholarship.pdf
2012-04-17 19:32 - 2011-03-31 10:39 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Apple Computer
2012-04-17 19:23 - 2012-04-17 19:23 - 0005466 ____A C:\Users\Michal\Downloads\[Demonoid.me]-PureMath30Explained_Printer_Friendly(Full_Course).torrent
2012-04-17 15:38 - 2012-04-17 15:38 - 0061685 ____A C:\Users\Michal\Downloads\bluescreenview.zip
2012-04-16 18:47 - 2012-01-21 19:24 - 0000000 ____D C:\Users\All Users\Media Center Programs
2012-04-16 18:47 - 2012-01-21 19:24 - 0000000 ____D C:\ProgramData\Media Center Programs
2012-04-16 16:34 - 2012-04-16 16:34 - 38947386 ____A C:\Users\Michal\Downloads\cinema-2.0.exe
2012-04-16 15:43 - 2012-02-16 19:24 - 0000000 ____D C:\Users\Michal\Downloads\Max Payne 1 & 2
2012-04-16 15:41 - 2012-04-16 15:41 - 0000724 ____A C:\Users\Public\Desktop\Max Payne 2.lnk
2012-04-16 15:24 - 2012-03-06 17:25 - 0000000 ____D C:\Users\Michal\Desktop\Malware
2012-04-16 15:03 - 2012-03-31 22:23 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-16 15:03 - 2011-05-31 14:06 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-16 14:58 - 2012-04-16 14:57 - 8190311 ____A C:\Users\Michal\Downloads\01 Burn It Down.m4a
2012-04-15 13:36 - 2012-04-15 13:36 - 2868161 ____A C:\Users\Widomski\Desktop\S08293.pdf
2012-04-15 12:45 - 2012-04-15 12:45 - 0003829 ____A C:\Users\Michal\Desktop\photo-360817.jpg
2012-04-15 08:08 - 2012-04-15 08:08 - 2006184 ____A C:\Users\Widomski\Desktop\md200codes.pdf
2012-04-15 07:53 - 2011-06-14 16:30 - 0000000 ____D C:\Users\Widomski\AppData\LocalLow
2012-04-14 16:42 - 2012-04-14 16:42 - 0525568 ____A C:\Users\Widomski\Desktop\2010-04-13_003255_diagram.pdf
2012-04-14 16:28 - 2012-04-14 16:28 - 0534930 ____A C:\Users\Widomski\Desktop\C_10_ C_12_ 3406E_C_15, and C_16 On_highway Engine Electrical System .pdf
2012-04-13 09:12 - 2012-04-13 09:12 - 0000000 ____D C:\Users\Michal\Downloads\kungfu_30
2012-04-12 20:28 - 2012-04-12 10:39 - 0000086 ____A C:\Users\Michal\Desktop\melee.txt
2012-04-12 20:14 - 2011-06-13 18:30 - 0000000 ____D C:\Program Files (x86)\Icarus Studios, Inc
2012-04-12 20:07 - 2012-04-12 20:07 - 0000000 ____D C:\Users\Michal\AppData\Local\CAPCOM
2012-04-12 16:46 - 2012-04-05 11:36 - 0039991 ____A C:\Users\Michal\Downloads\umbrella.log
2012-04-12 16:46 - 2012-04-05 11:36 - 0038668 ____A C:\Users\Michal\umbrella0.log
2012-04-12 16:46 - 2011-03-31 07:53 - 0000000 ____D C:\users\Michal
2012-04-12 16:36 - 2012-04-12 16:35 - 0000000 ____D C:\Users\Michal\.shsh
2012-04-12 16:35 - 2012-04-12 16:34 - 2295296 ____A () C:\Users\Michal\Downloads\tinyumbrella-5.10.14.exe
2012-04-12 16:32 - 2012-04-12 16:32 - 0015447 ____A C:\Users\Michal\Downloads\hs_err_pid6384.log
2012-04-12 15:29 - 2012-04-12 15:29 - 1291289 ____A C:\s6fc.4
2012-04-12 15:29 - 2012-04-12 15:29 - 0698465 ____A C:\s6fc.5
2012-04-12 15:28 - 2012-04-04 15:43 - 0000000 ____D C:\Users\Michal\AppData\Local\libimobiledevice
2012-04-12 15:27 - 2012-04-12 15:27 - 9123792 ____A C:\Users\Michal\Downloads\absinthe-win-0.4.zip
2012-04-12 14:51 - 2012-04-12 14:51 - 3276874 ____A C:\Users\Widomski\HatzInstruction.pdf
2012-04-12 14:51 - 2011-03-31 10:59 - 0000000 ____D C:\users\Widomski
2012-04-12 10:39 - 2012-04-12 10:30 - 0000625 ____A C:\Users\Michal\Desktop\cydia downloads.txt
2012-04-12 09:59 - 2012-04-12 09:59 - 0032331 ____A C:\Users\Michal\Desktop\hitman_blood_money.jpg
2012-04-10 17:49 - 2012-04-10 17:49 - 6660935 ____A C:\Users\Widomski\Carver Owners Manual - 1977.pdf
2012-04-10 10:53 - 2012-04-10 10:53 - 0000174 ___SH C:\Users\Public\desktop.ini
2012-04-10 10:53 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-09 12:53 - 2011-06-14 16:33 - 0108360 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-04-09 09:07 - 2012-04-09 09:07 - 0001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-09 08:59 - 2011-03-31 14:06 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-09 08:24 - 2011-07-14 10:56 - 0000000 ____D C:\Users\Michal\AppData\Local\Windows Live
2012-04-07 19:28 - 2011-06-15 10:42 - 0108360 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-04-05 13:02 - 2011-05-28 13:10 - 0000000 ____D C:\Users\Michal\Calibre Library
2012-04-05 12:35 - 2012-04-05 12:35 - 0643284 ____A C:\Users\Michal\Downloads\hosts
2012-04-05 11:04 - 2009-07-13 20:45 - 0418280 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-04 18:16 - 2012-04-04 18:04 - 0000000 ____D C:\Users\Widomski\Documents\camera pictures
2012-04-04 18:01 - 2012-04-04 18:01 - 0002146 ____A C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2012-04-04 17:59 - 2012-04-04 17:59 - 0000000 ____D C:\Program Files (x86)\MarkAny
2012-04-04 17:59 - 2011-09-27 19:09 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Samsung
2012-04-04 17:58 - 2011-09-27 15:32 - 0000000 ____D C:\Users\All Users\Samsung
2012-04-04 17:58 - 2011-09-27 15:32 - 0000000 ____D C:\ProgramData\Samsung
2012-04-04 17:34 - 2012-04-04 17:33 - 0000000 ____D C:\Users\Michal\Desktop\registry font backups
2012-04-04 17:33 - 2011-03-31 07:59 - 0108360 ____A C:\Users\Michal\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-04 16:28 - 2012-04-04 16:18 - 103391634 ____A C:\Users\Michal\Downloads\Mirrors Edge-v1.4.73-NyM.ipa
2012-04-04 15:49 - 2012-04-04 15:49 - 0698258 ____A C:\s3pc.4
2012-04-04 15:49 - 2012-04-04 15:48 - 1290899 ____A C:\s3pc.3
2012-04-04 13:56 - 2011-03-31 10:34 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 20:16 - 2012-04-03 20:00 - 849922173 ____A C:\Users\Michal\Downloads\iPhone4,1_5.0.1_9A406_Restore.ipsw
2012-04-03 12:44 - 2012-04-01 21:18 - 0000000 ____D C:\Users\Michal\AppData\Local\shaw
2012-04-03 12:44 - 2012-04-01 21:18 - 0000000 ____D C:\Users\All Users\shaw
2012-04-03 12:44 - 2012-04-01 21:18 - 0000000 ____D C:\ProgramData\shaw
2012-04-02 18:46 - 2011-06-04 13:54 - 0000000 ____D C:\Users\All Users\EA Logs
2012-04-02 18:46 - 2011-06-04 13:54 - 0000000 ____D C:\ProgramData\EA Logs
2012-04-02 17:08 - 2012-04-02 17:08 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-04-02 16:56 - 2012-04-02 16:56 - 0009987 ____A C:\Users\Michal\Downloads\328526.zip
2012-04-02 14:55 - 2012-04-02 14:55 - 0000779 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2012-04-02 14:24 - 2011-07-30 17:18 - 0000000 ____D C:\Program Files (x86)\Origin
2012-04-02 14:13 - 2012-03-07 18:35 - 0000000 ____D C:\Windows\pss
2012-04-02 08:02 - 2012-04-02 08:02 - 0000000 ____D C:\Users\Widomski\AppData\Local\shaw
2012-04-01 22:26 - 2012-04-01 18:40 - 0011433 ____A C:\Users\Michal\Desktop\On Golden Pond Assignment.docx
2012-04-01 21:17 - 2012-04-01 21:17 - 0000000 ____D C:\Program Files\Shaw
2012-04-01 18:57 - 2012-04-01 18:57 - 0000000 ____D C:\Users\Michal\AppData\Local\ElevatedDiagnostics
2012-03-31 22:38 - 2011-03-31 15:07 - 0000000 ____D C:\Program Files (x86)\JDownloader
2012-03-31 13:31 - 2011-05-10 20:50 - 0000000 ____D C:\Users\Michal\AppData\Local\SKIDROW
2012-03-31 10:50 - 2012-03-31 10:50 - 0000711 ____A C:\Users\Public\Desktop\Alan Wake.lnk
2012-03-29 14:16 - 2012-03-29 14:16 - 0083139 ____A C:\Users\Michal\Desktop\Exp .pdf
2012-03-26 19:28 - 2012-03-26 19:28 - 0210936 ____A C:\Users\Widomski\Desktop\PAINTING.docx
2012-03-26 19:28 - 2012-03-26 19:28 - 0000162 ___AH C:\Users\Widomski\Desktop\~$INTING.docx
2012-03-26 18:52 - 2012-03-14 18:51 - 0210932 ____A C:\Users\Widomski\Documents\PAINTING.docx
2012-03-26 13:37 - 2012-03-26 13:37 - 0000905 ____A C:\Users\Public\Desktop\Batman Arkham City.lnk
2012-03-26 10:54 - 2011-03-31 12:10 - 0029184 ____A C:\Users\Widomski\Documents\WR TRUCKING PIAST INVOICE .doc
2012-03-25 21:07 - 2012-03-25 21:07 - 0001002 ____A C:\Users\Public\Desktop\Blueline.lnk
2012-03-25 21:07 - 2012-03-25 21:07 - 0000000 ____D C:\Program Files (x86)\AzTools
2012-03-25 20:39 - 2012-03-25 20:39 - 0027426 ____A C:\Users\Michal\Downloads\P30 Calendar S12.docx
2012-03-22 19:08 - 2012-03-22 19:08 - 2621393 ____A C:\Users\Widomski\Desktop\Pianista.wmv
2012-03-22 10:01 - 2012-03-22 10:01 - 0014615 ___AH C:\Users\Michal\Downloads\Blood and Chrome trailer.MP4.mta
2012-03-21 17:27 - 2012-03-21 17:23 - 50882553 ____A C:\Users\Michal\Downloads\Blood and Chrome trailer.mp4
2012-03-20 20:29 - 2012-03-20 20:29 - 0022528 ____A C:\Users\Michal\Downloads\Unit 3 HWD2L.doc
2012-03-20 17:21 - 2012-03-17 11:19 - 0356313 ____A C:\Users\Widomski\Documents\10 commandments.docx
2012-03-20 17:15 - 2012-03-20 16:38 - 0151861 ____A C:\Users\Widomski\Documents\booklet.docx
2012-03-20 09:56 - 2012-03-20 09:56 - 0013310 ____A C:\Users\Widomski\Documents\SPRINGBANK AIRPORT# INVOICE.#58.docx
2012-03-18 21:54 - 2012-03-18 21:54 - 0000000 ____D C:\Users\Michal\AppData\Local\IceChat Networks
2012-03-18 21:54 - 2012-03-18 21:51 - 0000000 ____D C:\Users\Michal\AppData\Roaming\mIRC
2012-03-18 21:13 - 2012-03-18 21:12 - 0000000 ____D C:\Users\Michal\AppData\Local\{A4613EAB-CA0F-46A6-A461-CE9E363471E7}
2012-03-18 21:12 - 2012-03-18 21:11 - 0000000 ____D C:\Users\Michal\AppData\Local\{FEBAD3BA-5EA2-4CCC-ABB4-0FD9F83C713D}
2012-03-18 21:11 - 2012-03-18 21:11 - 0000000 ____D C:\Users\Michal\AppData\Local\{253B9D6D-1781-47AF-A8A9-5D5E9B0FE186}
2012-03-17 19:27 - 2012-03-17 19:27 - 0190394 ____A C:\Users\Widomski\Documents\american eagle coupon.docx
2012-03-14 18:51 - 2012-03-14 18:51 - 0171046 ____H C:\Users\Widomski\Documents\~WRL0004.tmp
2012-03-14 17:31 - 2012-03-14 17:31 - 0068096 ____A C:\Users\Michal\Downloads\U2(mcrev)pure30.doc
2012-03-14 17:00 - 2011-06-30 21:30 - 0000000 ____D C:\Users\Michal\Desktop\EAC
2012-03-14 11:00 - 2011-03-31 11:19 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 11:00 - 2011-03-31 11:19 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-14 11:00 - 2011-03-31 08:36 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 09:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-12 21:18 - 2012-03-12 20:56 - 0000000 ____D C:\Users\Michal\Downloads\1 - A Game of Thrones
2012-03-12 15:42 - 2011-03-31 11:37 - 0768738 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-11 12:55 - 2012-03-11 12:55 - 0000000 ____D C:\Users\Michal\Downloads\AdenoCoalescedME3v1
2012-03-10 10:54 - 2012-03-09 12:36 - 0000000 ____D C:\Users\Michal\Downloads\Alcatraz.S01E10.720p.WEB-DL.DD5.1.H.264-KiNGS
2012-03-10 10:54 - 2012-03-09 12:36 - 0000000 ____D C:\Users\Michal\Downloads\Alcatraz.S01E09.720p.WEB-DL.DD5.1.H.264-KiNGS
2012-03-10 10:52 - 2011-03-31 11:00 - 0000174 ___SH C:\Users\Widomski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-10 10:51 - 2011-03-31 09:21 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-10 00:42 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-10 00:02 - 2012-03-10 00:02 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-03-07 21:36 - 2012-03-07 15:48 - 0000000 ____D C:\Users\Michal\Downloads\ME3Soundtrack
2012-03-07 19:49 - 2011-10-15 22:46 - 0000000 ____D C:\Users\Michal\AppData\Local\PMB Files
2012-03-07 19:21 - 2012-03-05 19:42 - 0000000 ____D C:\Users\Michal\Desktop\Ania
2012-03-07 15:54 - 2012-03-07 15:54 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-07 15:45 - 2012-03-07 15:45 - 0000000 ____D C:\Users\Michal\AppData\Roaming\8C973
2012-03-07 15:45 - 2012-03-07 15:45 - 0000000 ____A C:\Users\Michal\AppData\Roaming\OefKq.txt
2012-03-07 15:45 - 2012-03-07 15:45 - 0000000 ____A C:\Users\Michal\AppData\Roaming\dZwwc.txt
2012-03-06 17:11 - 2012-03-06 17:11 - 0001077 ____A C:\Users\Widomski\Desktop\Fass.lnk
2012-03-06 17:11 - 2012-03-06 17:11 - 0001077 ____A C:\Users\UpdatusUser\Desktop\Fass.lnk
2012-03-06 17:11 - 2012-03-06 17:11 - 0001077 ____A C:\Users\Michal\Desktop\Fass.lnk
2012-03-06 17:11 - 2012-03-06 17:11 - 0000000 ____D C:\Program Files (x86)\Pawsoft
2012-03-06 06:15 - 2012-03-06 06:12 - 22352492 ____A C:\Users\Michal\Downloads\rld-me3dlc.rar
2012-03-05 22:18 - 2011-06-14 16:30 - 0000000 ____D C:\Users\Widomski\AppData\Roaming\Apple Computer
2012-03-05 21:58 - 2012-03-05 21:58 - 0114864 ____A C:\Users\Michal\Desktop\3149969_700b.jpg
2012-03-04 16:23 - 2012-03-04 16:23 - 0076398 ____A C:\Users\Michal\Downloads\bws-0487.rar
2012-03-04 15:06 - 2012-03-04 15:06 - 0164352 ___SH C:\Windows\SysWOW64\SCS.dll
2012-03-04 10:45 - 2012-03-04 10:45 - 0000000 ____A C:\Users\Michal\AppData\Roaming\fyXSW.txt
2012-03-04 10:44 - 2012-03-04 10:44 - 0000697 ____A C:\Users\Michal\Desktop\Deep Black Reloaded.lnk
2012-03-03 22:52 - 2012-03-03 20:24 - 0000000 ____D C:\Users\Michal\Downloads\Alcatraz.S01E08.720p.WEB-DL.DD5.1.H.264-KiNGS
2012-03-03 12:06 - 2012-03-03 12:06 - 0099384 ____A C:\Users\Michal\AppData\Roaming\inst.exe
2012-03-03 12:06 - 2012-03-03 12:06 - 0082816 ____A (VSO Software) C:\Users\Michal\AppData\Roaming\pcouffin.sys
2012-03-03 12:06 - 2012-03-03 12:06 - 0007859 ____A C:\Users\Michal\AppData\Roaming\pcouffin.cat
2012-03-03 12:06 - 2012-03-03 12:06 - 0001167 ____A C:\Users\Michal\AppData\Roaming\pcouffin.inf
2012-03-03 12:06 - 2012-03-03 12:06 - 0000055 ____A C:\Users\Michal\AppData\Roaming\pcouffin.log
2012-03-03 12:06 - 2011-08-10 09:58 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Vso
2012-03-03 12:05 - 2011-08-10 09:58 - 0001057 ____A C:\Users\Michal\AppData\Roaming\vso_ts_preview.xml
2012-03-03 12:03 - 2012-03-03 12:03 - 0010843 ____A C:\Users\Widomski\Documents\Be yourself.docx
2012-03-02 15:23 - 2012-02-25 22:24 - 0000533 ____A C:\Windows\Tcsofla.INI
2012-03-02 14:32 - 2012-02-26 18:49 - 0000000 ____D C:\Users\Michal\Downloads\TrueCrimeTrainerPLUS5
2012-03-02 14:30 - 2012-03-02 14:30 - 0000720 ____A C:\Users\Michal\Desktop\Play True Crime® New York City.lnk
2012-03-02 14:24 - 2012-03-02 14:24 - 0022267 ____A C:\Users\Michal\Downloads\pdtny15t.rar
2012-03-01 16:02 - 2012-03-01 15:35 - 245577073 ____A C:\Users\Michal\Desktop\169_ask_gamespot_max_payne_3_030112_2800.mp4
2012-03-01 09:18 - 2011-05-07 15:08 - 0000000 ____D C:\Users\Widomski\Desktop\Company Bnder WR Trucking
2012-02-29 22:33 - 2012-02-29 20:32 - 0000009 ____A C:\Users\Michal\Desktop\temporary104.txt
2012-02-29 22:22 - 2012-02-29 16:44 - 39001210 ____A C:\Users\Michal\Downloads\Radical Thinkers.pptx
2012-02-29 22:16 - 2011-06-30 22:26 - 0000000 ____D C:\Users\Michal\Downloads\FLAC_frontend
2012-02-29 17:07 - 2012-01-29 21:21 - 0000000 ____D C:\Users\Michal\Downloads\UNDERWORLD 1-2-3 HD 720p BRRip 5.1AAC x264-ILPruny
2012-02-29 16:57 - 2012-02-29 16:57 - 0105762 ____A C:\Users\Michal\Desktop\11-12-calendar-traditional.pdf
2012-02-29 11:25 - 2011-04-15 06:29 - 0000000 ____D C:\Users\Widomski\Desktop\Company Binder WR Paving
2012-02-28 19:38 - 2012-02-28 19:38 - 0015274 ____A C:\Users\Widomski\Documents\l.a powerpont.docx
2012-02-28 11:09 - 2012-02-28 11:09 - 0001115 ____A C:\Users\UpdatusUser\Desktop\XMLwriter.lnk
2012-02-28 10:58 - 2012-02-28 10:58 - 0018646 ____A C:\Users\Widomski\Desktop\Application.rar
2012-02-27 17:30 - 2012-02-27 17:30 - 0012366 ____A C:\Users\Michal\Desktop\Social CE 1-2.docx
2012-02-27 16:26 - 2012-02-27 16:26 - 22837227 ____A C:\Users\Michal\Downloads\kungfu_30.zip
2012-02-27 16:16 - 2011-09-24 19:40 - 0000000 ____D C:\Users\Michal\Downloads\XIII The Series Season 1
2012-02-27 16:14 - 2012-02-11 17:40 - 0000000 ____D C:\Users\Michal\Downloads\Resident.Evil.Apocalypse.2004.x264.DTS.2AUDIO-WAF
2012-02-27 16:14 - 2012-02-07 09:55 - 0018672 ___AH C:\Users\Michal\Downloads\Super Size Me.MP4.mta
2012-02-27 16:14 - 2012-02-06 10:14 - 0013144 ___AH C:\Users\Michal\Downloads\Spartacus.S02E02.720p.HDTV.X264-DIMENSION.MKV.mta
2012-02-27 16:14 - 2012-01-26 15:23 - 0000000 ____D C:\Users\Michal\Downloads\CovertAffairsS02
2012-02-27 16:14 - 2011-12-10 13:04 - 0014028 ___AH C:\Users\Michal\Downloads\On.Deadly.Ground.[1994].DVDRip.XviD-BLiTZKRiEG.AVI.mta
2012-02-27 16:08 - 2011-09-27 15:32 - 0000000 ____D C:\Program Files (x86)\Samsung
2012-02-27 14:20 - 2011-11-20 22:36 - 0000000 ____D C:\Program Files (x86)\Windows Grep
2012-02-26 22:25 - 2012-02-26 22:23 - 0000000 ____D C:\Users\Michal\Downloads\Margaret Peterson Haddix - Shadow Children Series Complete - 7 Books (pdf,epub,mobi,lit,opf,rtf,lrf,html,txt)
2012-02-26 21:57 - 2012-02-25 00:44 - 0000000 ____D C:\Users\Michal\Downloads\The Cranberries - Roses (2012) [FLAC] politux
2012-02-26 16:04 - 2011-03-31 14:04 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-25 22:52 - 2012-02-25 22:52 - 0937650 ____A C:\Users\Michal\Downloads\True_Crime_-_Streets_of_LA_-_Manual_-_PC.pdf
2012-02-25 22:23 - 2011-03-31 14:25 - 0000000 ____D C:\Users\Michal\Downloads\Games
2012-02-25 20:38 - 2012-02-25 20:36 - 0000000 ____D C:\Users\Michal\Downloads\PgcEdit.v9.3.Regged-WaLMaRT
2012-02-25 20:38 - 2011-12-20 16:57 - 0000000 ____D C:\Users\Michal\AppData\Roaming\PgcEdit
2012-02-25 20:35 - 2012-02-25 20:35 - 4892564 ____A C:\Users\Michal\Downloads\PgcEdit.v9.3.Regged-WaLMaRT.rar
2012-02-25 20:27 - 2011-04-16 13:13 - 0000000 ____D C:\Users\Michal\AppData\Roaming\dvdcss
2012-02-25 16:29 - 2012-02-25 16:21 - 167027415 ____A C:\Users\Michal\Downloads\7th_Serpent_Crossfire.zip
2012-02-25 16:25 - 2012-02-25 16:13 - 265196014 ____A C:\Users\Michal\Downloads\7th_Serpent_Genesis.zip
2012-02-25 16:20 - 2012-02-25 16:10 - 232484174 ____A C:\Users\Michal\Downloads\MPChronicles.zip
2012-02-25 00:11 - 2012-01-03 18:32 - 0000000 ____D C:\Users\Michal\Desktop\Dex612-cardman
2012-02-24 22:05 - 2012-02-16 16:13 - 0931920 ____A C:\Users\Widomski\Documents\bracletes.docx
2012-02-24 18:45 - 2009-07-13 21:08 - 0032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-21 14:06 - 2011-08-12 09:33 - 0000000 ____D C:\Users\Michal\AppData\Local\Deployment
2012-02-21 14:04 - 2012-02-21 14:04 - 0001392 ____A C:\Users\Michal\Downloads\e327505cd18693ffb7c221199eb6cef8.dlc
2012-02-20 21:27 - 2012-02-17 23:19 - 0013540 ____A C:\Users\Michal\Desktop\Psych 30 Assignment 1.docx
2012-02-17 18:32 - 2012-02-17 18:32 - 1198080 ____A C:\Users\Michal\Downloads\Radical thinkers and beliefs.ppt
2012-02-17 12:02 - 2012-02-17 12:02 - 648828928 ____A C:\Users\Michal\Desktop\NOLF2.iso
2012-02-17 12:01 - 2012-02-17 12:01 - 0000000 ____D C:\Users\Michal\Downloads\daa2iso
2012-02-17 12:00 - 2012-02-17 12:00 - 0049862 ____A C:\Users\Michal\Downloads\daa2iso.zip
2012-02-17 11:35 - 2012-02-17 11:35 - 0003276 ____A C:\Users\Michal\Downloads\linklist.nl
2012-02-16 22:38 - 2012-03-14 11:00 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-02-16 22:38 - 2012-03-14 11:00 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 22:03 - 2012-02-16 22:03 - 0405714 ____A C:\Users\Michal\Downloads\MaxPayneSoundPatchv1.12.rar
2012-02-16 21:34 - 2012-03-14 11:00 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 21:00 - 2012-02-16 21:00 - 0001606 ____A C:\Users\Public\Desktop\Manhunt.lnk
2012-02-16 20:58 - 2012-03-14 11:00 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 11:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 19:36 - 2012-02-16 19:36 - 0000000 ____D C:\Users\Michal\Downloads\Manhunt
2012-02-16 15:07 - 2011-08-12 09:44 - 0000000 ____D C:\Users\Michal\Desktop\jdownloader
2012-02-16 14:51 - 2012-02-16 14:51 - 0000000 ____D C:\Users\Michal\AppData\Local\Cranium_Consulting_and_Cu
2012-02-16 14:51 - 2012-02-16 14:51 - 0000000 ____D C:\Program Files (x86)\iPhoneBrowser
2012-02-16 13:28 - 2012-02-10 22:13 - 0000000 ____D C:\Users\Michal\AppData\Roaming\DarknessII
2012-02-15 23:23 - 2012-02-15 23:20 - 37628165 ____A C:\Users\Michal\Downloads\11 - Who Says You Cant Go Home.flac
2012-02-15 21:57 - 2012-02-15 21:57 - 1871990 ____A C:\Users\Michal\Downloads\PlaylistCreator3.zip
2012-02-15 21:57 - 2012-02-15 21:57 - 0000000 ____D C:\Users\Michal\Downloads\PlaylistCreator3
2012-02-15 21:12 - 2012-02-15 20:47 - 0000000 ____D C:\Users\Public\Documents\Jagged Alliance - Back in Action Demo
2012-02-15 18:01 - 2012-02-15 18:01 - 0036515 ____A C:\Users\Widomski\Documents\ybraclet.docx
2012-02-12 22:57 - 2012-02-12 22:57 - 1755648 ____A C:\Users\Michal\Downloads\IntroductiontoIdeologies.ppt
2012-02-12 22:56 - 2012-02-12 22:56 - 4822414 ____A C:\Users\Michal\Downloads\social song.wma
2012-02-12 18:24 - 2012-02-12 16:47 - 0013511 ____A C:\Users\Widomski\Documents\Dear St.docx
2012-02-12 17:16 - 2012-02-12 17:16 - 0666766 ____A C:\Users\Widomski\Documents\ST FAUTINA.docx
2012-02-12 17:16 - 2012-02-11 19:19 - 0016330 ____A C:\Users\Widomski\Documents\Biographical Facts.docx
2012-02-12 17:07 - 2012-02-12 17:07 - 0750282 ____A C:\Users\Widomski\Documents\pics.xps
2012-02-11 21:41 - 2012-02-11 21:41 - 0957952 ____A C:\Users\Widomski\Documents\health art.docx
2012-02-10 12:14 - 2012-02-10 12:14 - 0000839 ____A C:\Users\Michal\Downloads\sr-tdsii.txt
2012-02-09 22:36 - 2012-03-14 11:00 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 11:00 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 21:06 - 2012-02-08 21:06 - 0000000 ____D C:\Users\Widomski\AppData\Local\Apps\2.0
2012-02-08 19:29 - 2011-10-15 22:46 - 0000000 ____D C:\Users\All Users\PMB Files
2012-02-08 19:29 - 2011-10-15 22:46 - 0000000 ____D C:\ProgramData\PMB Files
2012-02-08 18:44 - 2012-02-08 18:44 - 0000000 ____D C:\Users\Michal\riotsGamesLogs
2012-02-08 18:43 - 2012-02-08 18:43 - 0000000 ____D C:\Users\Michal\AppData\Roaming\LolClient
2012-02-08 17:36 - 2012-02-08 17:36 - 0000000 ____D C:\Users\Michal\AppData\Local\BigHugeEngine
2012-02-06 21:10 - 2012-02-03 14:57 - 0022873 ____A C:\Users\Widomski\Documents\You can handle this Sarah.docx
2012-02-06 16:07 - 2012-02-06 15:31 - 733233247 ____A C:\Users\Michal\Downloads\Super Size Me.mp4
2012-02-05 21:44 - 2012-01-31 19:18 - 0000000 ____D C:\Users\Michal\Desktop\dad music
2012-02-04 16:22 - 2012-02-04 14:49 - 1433164791 ____A C:\Users\Michal\Downloads\Spartacus.S02E02.720p.HDTV.X264-DIMENSION.mkv
2012-02-04 10:46 - 2012-02-04 10:46 - 0000162 ___AH C:\Users\Widomski\Documents\~$u can handle this Sarah.docx
2012-02-03 14:57 - 2012-02-03 14:57 - 0013888 ____H C:\Users\Widomski\Documents\~WRL0003.tmp
2012-02-02 20:34 - 2012-03-14 11:00 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 17:07 - 2012-02-02 17:06 - 0000000 ____D C:\Program Files (x86)\ReNamer
2012-02-01 19:43 - 2012-04-12 15:28 - 0000000 ____D C:\Users\Michal\Downloads\absinthe-win-0.4
2012-02-01 18:42 - 2012-02-01 18:42 - 0001381 ____A C:\Users\Public\Desktop\TI Connect.lnk
2012-02-01 18:42 - 2012-02-01 18:42 - 0000000 ____D C:\Program Files\DIFX
2012-02-01 18:42 - 2012-02-01 18:42 - 0000000 ____D C:\Program Files (x86)\TI Education
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 6135.18 MB
Available physical RAM: 5393.12 MB
Total Pagefile: 6133.38 MB
Available Pagefile: 5376.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (Main) (Fixed) (Total:465.77 GB) (Free:110.05 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (Data) (Fixed) (Total:465.74 GB) (Free:96.03 GB) NTFS
4 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
6 Drive h: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1928 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB
Partition 0 Extended 465 GB 465 GB
Partition 2 Logical 465 GB 465 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Main NTFS Partition 465 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Data NTFS Partition 465 GB Healthy
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1927 MB 1024 KB
======================================================================================================
Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 1927 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-04-18 22:43
======================= End Of Log ==========================
#40
Posted 01 May 2012 - 06:24 PM
OK.Sorry, it won't happen again I promise.
Now the current Non Booting issue with your machine after running my last Custom OTL Script is actually my fault it transpires via myself incorrectly taking into account how your particular machine is set up...
I apologise most profusely about this and sincerely hope you will accept! If not and you wish for another helper to take over assisting you...I will understand as to why and arrange such. In this situation which is a first for me being honest I could have chosen to hide this salient fact from you but being the individual I am and my own conscience etc I could never do such.
If you wish my continued assistance carry out the below and or let myself know if you want another helper to take over. Either is absolutely fine by myself.
Next:
Boot your machine to the System Recovery Options and run FRST64 again as oulined here again.
Once FRST64 is launched:-
Type the following in the edit box after "Search:".
msiexec.exe;ntoskrnl.exe;rdvgkmd.sys;WatAdminSvc.exe
Note: The file names should be separated by a semicolon (;)
It then should look like:
Search: msiexec.exe;ntoskrnl.exe;rdvgkmd.sys;WatAdminSvc.exe
Click on the Search button and post the log (Search.txt that will have been saved to your USB/Flash drive) for my review and we will go from there, thank you.
#41
Posted 03 May 2012 - 11:31 PM
Now the current Non Booting issue with your machine after running my last Custom OTL Script is actually my fault it transpires via myself incorrectly taking into account how your particular machine is set up...
I apologise most profusely about this and sincerely hope you will accept! If not and you wish for another helper to take over assisting you...I will understand as to why and arrange such. In this situation which is a first for me being honest I could have chosen to hide this salient fact from you but being the individual I am and my own conscience etc I could never do such.
It's ok - everyone makes mistakes occasionally. Otherwise, we have nothing to learn from. I will probably have made quite a few of my own before I get to your level in terms of malware removal.
That said, I really did not account for the possibility of dealing with an inoperable machine - especially now with such a heavy workload. As a result, expediency has become a much more important factor than it was earlier. With that in mind, I have decided that it would be easier for me to just backup my important data, nuke the hard drive and start from scratch with a clean install. As I have already done the former, and as I type this I have a friend helping me with the latter. So, thanks for all your thus far, and that you were willing to own up to your mistake. If there is anything you can recommend regarding safety and prevention once I'm back up and running I'd love to hear it. Otherwise, thanks again for all your help.
#42
Posted 04 May 2012 - 05:32 AM
Thank you...and aye very true plus no one is infallible least of all myself and as you mentioned we do learn from mistakes made.It's ok - everyone makes mistakes occasionally. Otherwise, we have nothing to learn from. I will probably have made quite a few of my own before I get to your level in terms of malware removal.
Malware Removal is not easy especially via the medium we use but can be very rewarding non the less. As with anything with regards too Malware Removal as a whole such has progressively gotten that much harder over the years and will very probably continue to do so and even now at my stage of online support still learning all the time. Anyway good luck with your Anti-Malware training here with GeekU!
Unfortunately it is best to be prepared for the unexpected, as in have backups at hand/create such on a regular basis. Something to bare in mind if not aware is a feature with Windows 7 called System Image:-That said, I really did not account for the possibility of dealing with an inoperable machine - especially now with such a heavy workload. As a result, expediency has become a much more important factor than it was earlier. With that in mind, I have decided that it would be easier for me to just backup my important data, nuke the hard drive and start from scratch with a clean install.
Back up your programs, system settings, and files
Most useful and negates the fact from actually having to use say a machines vendor software and or a third party for example. Which will put your machine back to the point created without a loss of say critical updates, software and documents etc.
OK and fair play and you are most welcome! As for my mistake, aye hands up as they say and as mentioned in a prior post about such I could not in good conscience hide the fact end off!As I have already done the former, and as I type this I have a friend helping me with the latter. So, thanks for all your thus far, and that you were willing to own up to your mistake. If there is anything you can recommend regarding safety and prevention once I'm back up and running I'd love to hear it. Otherwise, thanks again for all your help.
Giving the main infection your machine was compromised with such a course of action is actually prudent. For example if my machine was infected thus I would try to eradicate it and learn how it gained a foothold/what exactly had done...but ultimately carry out either a System Image reinitialisation or a reformat and reinstallation of the Windows Operating System for example.
By all means I will provide some advice about online safety etc...
Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.
Help! My computer is slow!
Also so is this:
What to do if your Computer is running slowly
Malwarebyte's Anti-Malware:
This is a excellent application and I advise you re-download/install from here. Check for updates and run a scan once a week.
Other installed security software:
If you opted to re-install, Symantec Endpoint Protection, it automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.
I advise you also run a complete scan with this also once per week.
Note: If you have not opted to re-install Symantec Endpoint Protection regardless how long left on the subscription, either of the following freeware Anti-Virus software are a excellent alternative:-
Erunt:
Emergency Recovery Utility NT, I advice you re-download/install from here. As a means to keep a complete backup of your registry and restore it when needed.
Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!
Keep your system updated:
Microsoft releases patches for Windows and other products regularly:
- Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
- In the navigation pane, click Check for updates.
- After Windows Update has finished checking for updates, click View available updates.
- Click to select the check box for any found, then click Install.
- When completed Reboot(restart) your computer if not prompted to do so.
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.
Stop malicious scripts:
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.
Avoid Peer to Peer software:
P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.
Hosts File:
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
Only use one of the above!
Install WinPatrol:
WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.
Download it from here.
You can find information about how WinPatrol works here.
Check your third party software is upto date:
Via the Secunia Online Software Inspector
Next:
This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center
Any questions? Feel free to ask, if not stay safe!
#43
Posted 08 May 2012 - 04:50 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users