Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Remnants after infection? [Solved]


  • This topic is locked This topic is locked

#31
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Please note that I've also managed to get my hands on a Windows 7 Install Disk, but I would prefer this be a last resort if at all possible :)
  • 0

Advertisements


#32
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Please note that I've also managed to get my hands on a Windows 7 Install Disk, but I would prefer this be a last resort if at all possible

OK/noted. We can use the Installtion DVD in another manner if the need...for now follow my ameneded instructions below.

Next:

Disconnect Drive D, you may reconnect again afterwards if the below is successful.

Now place your Windows 7 Start-Up Repair disk in the optical drive, then reboot your machine. During the POST(Power On Self Test) sequence continually depress Function Key 8(F8) to bring up the Advanced Boot Options screen.

Use the arrow keys to scroll down and select Safe Mode and hit the Enter/Return key.

Next:

In Safe Mode carry out the following:-

Right-click on Start(Windows 7 Orb) >> Open Windows Explorer >> Local Disk (C:) >> Windows >> right-click and select New > >> Folder >> name it System64

Navigate back via Windows Explorer to C:\_OTL >> expand the MovedFiles folder that denotes the last custom script ran >> move the appropriate files to the new C:\Windows\System64 Folder.

Then navigate back using Windows Explorer to C:\Windows\ERDNT

Double-click on the folder DD-DD-YYYY <-- denotes date/year etc to expand >> right-click on ERDNT.exe and select Run as Administrator >> follow the prompts.

When your machine starts to reboot actually boot it up from the Windows 7 Start-Up Repair disk this time...

  • You will have to answer a few basic questions then select the option Repair your computer
  • At the the System Recovery Options screen click Windows 7 to highlight then Next>
  • Now click on/select Startup Repair
  • If prompted to use System Restore, select Cancel.
  • The same if prompted to Send information about this problem (recommended), select Don't send.
  • Click Finish when Startup Repair has completed, remove the SRD disc and then click on Restart
Next:

Providing your machine is now able to boot into Normal Mode correctly, carry out the following...

  • Click on Start(Windows 7 Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue in the UAC prompt.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:
  • CD C:\
  • Then depress the Enter/Return key, then type in the following exactly:
  • sfc /scannow
  • Then depress the Enter/Return key.
Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Next:

Let myself know the outcome of the above when completed(if the need we will merely try something else) and we will go from there, thank you.
  • 0

#33
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Drive D: is logical, not physical. How do I disconnect?
  • 0

#34
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
No need then since a actual partition on the main drive, so you can ignore my advice about that. :)
  • 0

#35
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
When I boot to safe mode with the repair disk inside, the repair menu still launches, but in safe mode. When I do it without the disk, windows loads drivers for a split second but then launches into startup repair again. Am I doing something wrong?
  • 0

#36
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Okay, here is what I did:

I booted into ubuntu and recompiled the folder as instructed. Because I could not restore the registry through running erdnt.exe I used the command print in startup repair and executed these commands inside C:/Windows/ERDNT/20-04-2012

ren "ERNDT.CON" erndt.bat

erndt.bat

ren "erndt.bat" ERNDT.CON


From what I read beforehand, this should have restored the registry. I tried startup repair again but nothing was fixed. I am still unable to boot into Windows, either in safe mode or not.
  • 0

#37
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Should I attempt a repair install using that nifty Windows 7 Install Disk? I'll wait for your input before proceeding any further.
  • 0

#38
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Should I attempt a repair install using that nifty Windows 7 Install Disk? I'll wait for your input before proceeding any further.

Aye that is indeed a option we can consider but for now we will try something else...

Now please no more self fixes what so ever and I should not have to mention this again eh. ;)

I appreciate you wish your machine up and running again but you attempting the aforementioned is actually creating more problems which in turn actually hinders myself to be able to assist you all told. So any more of such and I will withdraw my free support and spend the time I have allocated for this topic assisting someone else...

Enough of that and there should be no need for myself to broach the self fixes subject again and lets proceed as follows shall we.

Next:

You will require either a USB or Flash type drive for the below, preferably formatted before starting as we may need to use the it several times for say some specific fixes. Once we have finished with the drive feel free to re-format it etc.

Now please download the following to either a USB or Flash type drive:-

Farbar Recovery Scan Tool x64

Insert the drive into your machine we are currently working on...then boot it up with either the StartUp repair disk or the Windows 7 Installation DVD to the System Recovery Options.

At the System Recovery Options menu:-

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your usb/flash drive allocation letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your usb/flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste that in your next reply.

  • 0

#39
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts

Now please no more self fixes what so ever and I should not have to mention this again eh. ;)


Sorry, it won't happen again I promise. Here is the log you requested.



Scan result of Farbar Recovery Scan Tool Version: 30-04-2012 02

Ran by SYSTEM at 30-04-2012 18:12:57

Running from H:\

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet002



========================== Registry (Whitelisted) =============



HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11780712 2011-02-24] (Realtek Semiconductor)

HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2306448 2010-07-21] (Microsoft Corporation)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115624 2011-02-03] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NPSStartup] [x]

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)

HKLM-x32\...\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)

HKU\Michal\...\Run: [Steam] "D:\Games\Steam\steam.exe" -silent [x]

HKU\Michal\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)

HKU\Michal\...\Run: [RGSC] D:\Games\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe /silent [x]

HKU\Widomski\...\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [3528504 2011-03-23] (Piriform Ltd)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1



==================== Services (Whitelisted) ======



3 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()

4 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [39408 2010-09-13] ()

2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108456 2011-02-03] (Symantec Corporation)

2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108456 2011-02-03] (Symantec Corporation)

3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [357456 2010-10-28] (Logitech, Inc.)

3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093944 2011-01-19] (Symantec Corporation)

3 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)

3 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)

2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-09-22] (NVIDIA Corporation)

2 PDAgent; "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" [2610952 2011-03-15] (Raxco Software, Inc.)

3 PDEngine; "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe" [2266376 2011-03-15] (Raxco Software, Inc.)

3 RoxMediaDB13; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1099248 2010-07-16] (Sonic Solutions)

3 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe" [354288 2010-07-16] (Sonic Solutions)

2 SamsungAllShareV2.0; "C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe" [25504 2012-01-19] (Samsung Electronics Co., Ltd.)

3 SimpleSlideShowServer; "C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe" [27584 2012-03-02] (Samsung Electronics Co., Ltd.)

2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3250416 2011-03-07] (Symantec Corporation)

4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [428960 2011-02-18] (Symantec Corporation)

2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1839888 2011-03-10] (Symantec Corporation)

3 msiserver; C:\Windows\System32\msiexec.exe .exe /V [x]

3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [x]



========================== Drivers (Whitelisted) =============



1 c2scsi64; C:\Windows\System32\Drivers\c2scsi64.sys [167920 2010-07-16] (Sonic Solutions)

2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [138256 2010-04-07] (Raxco Software, Inc.)

3 dmvsc; C:\Windows\System32\Drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)

3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [63568 2010-08-24] (Logitech, Inc.)

3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [57936 2010-08-24] (Logitech, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)

3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97040 2011-01-01] (MotioninJoy)

1 nm3; C:\Windows\System32\Drivers\nm3.sys [46392 2010-06-09] (Microsoft Corporation)

0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [27120 2009-06-01] (Sonic Solutions)

0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [19952 2009-06-01] (Sonic Solutions)

1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27632 2009-06-01] (Sonic Solutions)

1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2011-03-08] (Symantec Corporation)

3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2011-03-08] (Symantec Corporation)

1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2011-03-08] (Symantec Corporation)

3 sscebus; C:\Windows\System32\Drivers\sscebus.sys [127488 2010-10-26] (MCCI Corporation)

3 sscemdfl; C:\Windows\System32\Drivers\sscemdfl.sys [18944 2010-10-26] (MCCI Corporation)

3 sscemdm; C:\Windows\System32\Drivers\sscemdm.sys [161280 2010-10-26] (MCCI Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-03-31] (Symantec Corporation)

3 Synth3dVsc; C:\Windows\System32\Drivers\Synth3dVsc.sys [88960 2010-11-20] (Microsoft Corporation)

3 taphss; C:\Windows\System32\Drivers\taphss.sys [37888 2012-01-04] (AnchorFree Inc)

3 teamviewervpn; C:\Windows\System32\Drivers\teamviewervpn.sys [35112 2011-03-30] (TeamViewer GmbH)

3 Teefer2; C:\Windows\System32\Drivers\Teefer2.sys [64152 2010-12-10] (Symantec Corporation)

3 terminpt; C:\Windows\System32\Drivers\terminpt.sys [34816 2010-11-20] (Microsoft Corporation)

3 TFsExDisk; C:\Windows\System32\Drivers\TFsExDisk.sys [16448 2010-10-04] (Teruten Inc)

3 TFsExDisk; C:\Windows\SysWow64\Drivers\TFsExDisk.sys [16448 2010-10-04] (Teruten Inc)

3 TIEHDUSB; C:\Windows\System32\Drivers\TIEHDUSB.sys [128512 2009-09-03] (Texas Instruments)

3 tsusbhub; C:\Windows\System32\Drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation)

1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [54392 2011-03-07] (Symantec Corporation)

3 WpsHelper; C:\Windows\System32\Drivers\WpsHelper.sys [225328 2011-07-15] (Symantec Corporation)

3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfoX64.sys [x]

3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120419.019\ENG64.SYS [x]

3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120419.019\EX64.SYS [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]



========================== NetSvcs (Whitelisted) ===========

NETSVC: Cam5603D



============ One Month Created Files and Folders ==============



2012-04-29 19:47 - 2012-04-29 20:06 - 77332480 ____A C:\Windows\System32\config\SOFTWARE.bak

2012-04-29 19:47 - 2012-04-29 20:06 - 27525120 ____A C:\Windows\System32\config\SYSTEM.bak

2012-04-29 19:47 - 2012-04-20 13:53 - 0786432 ____A C:\Windows\System32\config\DEFAULT.bak

2012-04-29 19:47 - 2012-04-20 13:53 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak

2012-04-29 19:47 - 2012-04-20 13:53 - 0262144 ____A C:\Windows\System32\config\SAM.bak

2012-04-29 17:19 - 2012-04-28 22:20 - 0000000 ___AD C:\Windows\System64

2012-04-28 23:01 - 2011-06-14 16:46 - 0000000 ___AD C:\.Trash-999

2012-04-28 22:20 - 2009-07-13 12:23 - 0000000 __SHD C:\Windows\System32\Restore

2012-04-28 07:35 - 2009-07-13 20:54 - 0027514 ____A C:\Windows\WindowsUpdate.log

2012-04-27 10:23 - 2009-08-14 07:52 - 0131040 ____A C:\Users\Widomski\Documents\SWIDNICA.docx

2012-04-26 19:40 - 2012-04-20 13:52 - 0000254 ____A C:\Users\Michal\Desktop\ESET.txt

2012-04-26 16:34 - 2012-04-20 13:50 - 2322184 ____A (ESET) C:\Users\Michal\Downloads\esetsmartinstaller_enu.exe

2012-04-26 16:13 - 2012-01-15 19:01 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-04-26 16:12 - 2012-02-16 22:03 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Michal\Downloads\mbam-setup-1.61.0.1400.exe

2012-04-26 15:33 - 2010-12-19 22:03 - 0015454 ____A C:\Users\Widomski\Documents\The Road to El Dorado.docx

2012-04-25 18:10 - 2012-04-25 18:10 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-25 18:10 - 2012-03-14 11:00 - 0000000 ____D C:\Users\All Users\Mozilla

2012-04-25 18:10 - 2012-03-14 11:00 - 0000000 ____D C:\ProgramData\Mozilla

2012-04-24 19:31 - 2012-04-12 16:32 - 1056187 ____A C:\Users\Michal\Downloads\iComic-v4.3.1.ipa

2012-04-24 18:59 - 2012-04-29 17:19 - 0000000 ____D C:\_OTL

2012-04-24 15:17 - 2011-03-07 05:45 - 0151685 ____A C:\Users\Widomski\Documents\Seven years war.docx

2012-04-23 21:04 - 2011-11-19 20:50 - 4053471 ____A C:\Users\Michal\Desktop\Valve_Handbook_LowRes.pdf

2012-04-23 15:39 - 2011-07-13 10:07 - 0000000 ____D C:\MGADiagToolOutput

2012-04-23 15:38 - 2011-05-19 22:21 - 0000000 ____D C:\Users\All Users\Office Genuine Advantage

2012-04-23 15:38 - 2011-05-19 22:21 - 0000000 ____D C:\ProgramData\Office Genuine Advantage

2012-04-22 14:27 - 2012-02-25 22:52 - 0068096 ____A C:\Users\Michal\Downloads\U2(mcrev)pure30(1).doc

2012-04-21 18:40 - 2012-02-16 15:07 - 0001262 ____A C:\Users\Michal\Desktop\LaunchGTAIV.exe - Shortcut.lnk

2012-04-21 14:38 - 2012-04-21 14:38 - 0085370 ____A C:\Users\Michal\Downloads\xliveless-0.999b7.rar

2012-04-21 14:38 - 2012-02-27 16:16 - 0000000 ____D C:\Users\Michal\Downloads\xliveless-0.999b7

2012-04-21 12:40 - 2011-10-29 14:45 - 0593920 ____A (OldTimer Tools) C:\Users\Michal\Desktop\OTL.exe

2012-04-21 10:01 - 2012-04-29 01:20 - 0137288 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_12.01.14_log.txt

2012-04-21 09:59 - 2011-11-28 17:28 - 0000512 ____A C:\Users\Michal\Desktop\MBR.dat

2012-04-20 13:53 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\ERDNT

2012-04-20 13:52 - 2012-03-14 17:00 - 0000909 ____A C:\Users\Michal\Desktop\ERUNT.lnk

2012-04-20 13:52 - 2012-02-17 12:02 - 0000928 ____A C:\Users\Michal\Desktop\NTREGOPT.lnk

2012-04-20 13:52 - 2012-01-31 19:36 - 0000928 ____A C:\Users\Widomski\Desktop\NTREGOPT.lnk

2012-04-20 13:52 - 2011-08-14 12:06 - 0000928 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk

2012-04-20 13:52 - 2011-08-14 11:58 - 0000000 ____D C:\Program Files (x86)\ERUNT

2012-04-20 13:52 - 2011-04-18 19:11 - 0000909 ____A C:\Users\Widomski\Desktop\ERUNT.lnk

2012-04-20 13:52 - - 0000909 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk

2012-04-20 13:52 - - 0000174 ___SH C:\Users\Michal\Start Menu\Programs\Startup\desktop.ini

2012-04-20 13:52 - - 0000174 ___SH C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

2012-04-20 13:50 - 2011-08-12 22:25 - 0791393 ____A (Lars Hederer ) C:\Users\Michal\Downloads\erunt-setup.exe

2012-04-20 11:14 - 2011-03-31 12:10 - 0025909 ____A C:\Users\Widomski\Documents\OBOZ KONCENTRACYJNY W MAJDANKU.docx

2012-04-19 22:14 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\Battle.net

2012-04-19 22:14 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\Battle.net

2012-04-19 20:35 - 2012-04-21 12:40 - 0089434 ____A C:\Users\Michal\Desktop\OTL.Txt

2012-04-19 20:35 - 2012-03-29 14:16 - 0052192 ____A C:\Users\Michal\Desktop\Extras.Txt

2012-04-19 15:52 - 2011-11-10 16:30 - 0000000 ____D C:\Users\Michal\AppData\Local\SniperV2 Demo

2012-04-18 18:24 - 2012-01-29 20:23 - 0000000 ____D C:\Users\Michal\Downloads\GTA 4 Fix

2012-04-18 18:11 - 2011-07-13 15:30 - 0000000 ____D C:\Users\Michal\AppData\Local\Rockstar Games

2012-04-18 06:01 - 2011-08-01 11:56 - 0026112 ____A C:\Users\Michal\Downloads\Pure 30 Midterm Outline.doc

2012-04-17 21:33 - 2011-03-31 09:49 - 0000600 ____A C:\Users\Michal\AppData\Roaming\winscp.rnd

2012-04-17 21:27 - 2011-05-25 19:57 - 0001853 ____A C:\Users\Michal\Desktop\WinSCP.lnk

2012-04-17 21:27 - 2010-11-20 23:06 - 0000000 ____D C:\Program Files (x86)\WinSCP

2012-04-17 21:00 - 2011-12-19 15:36 - 0065397 ____A C:\Users\Michal\Desktop\RutherfordScholarship.pdf

2012-04-17 19:23 - 2012-04-21 14:38 - 0005466 ____A C:\Users\Michal\Downloads\[Demonoid.me]-PureMath30Explained_Printer_Friendly(Full_Course).torrent

2012-04-17 15:38 - 2012-03-22 10:01 - 0061685 ____A C:\Users\Michal\Downloads\bluescreenview.zip

2012-04-16 16:34 - 2012-03-04 16:23 - 38947386 ____A C:\Users\Michal\Downloads\cinema-2.0.exe

2012-04-16 15:41 - 2012-02-16 21:00 - 0000724 ____A C:\Users\Public\Desktop\Max Payne 2.lnk

2012-04-16 14:57 - - 8190311 ____A C:\Users\Michal\Downloads\01 Burn It Down.m4a

2012-04-15 13:36 - 2011-09-19 17:17 - 2868161 ____A C:\Users\Widomski\Desktop\S08293.pdf

2012-04-15 12:45 - 2012-04-21 12:47 - 0003829 ____A C:\Users\Michal\Desktop\photo-360817.jpg

2012-04-15 08:08 - 2011-09-14 17:46 - 2006184 ____A C:\Users\Widomski\Desktop\md200codes.pdf

2012-04-14 16:42 - - 0525568 ____A C:\Users\Widomski\Desktop\2010-04-13_003255_diagram.pdf

2012-04-14 16:28 - 2012-03-01 09:18 - 0534930 ____A C:\Users\Widomski\Desktop\C_10_ C_12_ 3406E_C_15, and C_16 On_highway Engine Electrical System .pdf

2012-04-13 09:12 - 2011-09-21 14:37 - 0000000 ____D C:\Users\Michal\Downloads\kungfu_30

2012-04-12 20:07 - 2012-02-08 17:36 - 0000000 ____D C:\Users\Michal\AppData\Local\CAPCOM

2012-04-12 16:35 - - 0000000 ____D C:\Users\Michal\.shsh

2012-04-12 16:34 - 2011-07-10 10:26 - 2295296 ____A () C:\Users\Michal\Downloads\tinyumbrella-5.10.14.exe

2012-04-12 16:32 - 2012-04-05 12:35 - 0015447 ____A C:\Users\Michal\Downloads\hs_err_pid6384.log

2012-04-12 15:29 - 2012-04-12 15:29 - 0698465 ____A C:\s6fc.5

2012-04-12 15:29 - 2012-04-04 15:49 - 1291289 ____A C:\s6fc.4

2012-04-12 15:28 - 2012-02-25 16:25 - 0000000 ____D C:\Users\Michal\Downloads\absinthe-win-0.4

2012-04-12 15:27 - 2012-02-01 19:43 - 9123792 ____A C:\Users\Michal\Downloads\absinthe-win-0.4.zip

2012-04-12 14:51 - 2012-03-22 12:35 - 3276874 ____A C:\Users\Widomski\HatzInstruction.pdf

2012-04-12 10:39 - 2012-04-21 09:59 - 0000086 ____A C:\Users\Michal\Desktop\melee.txt

2012-04-12 10:30 - 2011-08-12 09:40 - 0000625 ____A C:\Users\Michal\Desktop\cydia downloads.txt

2012-04-12 09:59 - 2011-08-14 12:06 - 0032331 ____A C:\Users\Michal\Desktop\hitman_blood_money.jpg

2012-04-10 17:49 - 2011-06-14 16:56 - 6660935 ____A C:\Users\Widomski\Carver Owners Manual - 1977.pdf

2012-04-10 10:53 - 2012-04-26 16:13 - 0000174 ___SH C:\Users\Public\desktop.ini

2012-04-09 09:07 - 2012-02-01 18:42 - 0001070 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-04-05 12:35 - 2012-04-21 14:41 - 0643284 ____A C:\Users\Michal\Downloads\hosts

2012-04-05 11:36 - 2011-07-21 10:08 - 0039991 ____A C:\Users\Michal\Downloads\umbrella.log

2012-04-05 11:36 - 2011-03-31 07:53 - 0038668 ____A C:\Users\Michal\umbrella0.log

2012-04-04 18:04 - 2011-06-14 16:57 - 0000000 ____D C:\Users\Widomski\Documents\camera pictures

2012-04-04 18:01 - 2011-11-17 16:18 - 0002146 ____A C:\Users\Public\Desktop\Samsung New PC Studio.lnk

2012-04-04 18:00 - 2011-04-28 19:05 - 0127488 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscebus.sys

2012-04-04 18:00 - 2011-02-10 05:00 - 0025960 ____A (Teruten Inc) C:\Windows\SysWOW64\FsExService64.Exe

2012-04-04 18:00 - 2010-10-26 18:01 - 0161280 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscemdm.sys

2012-04-04 18:00 - 2010-10-26 18:01 - 0018944 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscemdfl.sys

2012-04-04 18:00 - 2010-10-26 18:01 - 0015872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscewhnt.sys

2012-04-04 18:00 - 2010-10-26 18:01 - 0015872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscewh.sys

2012-04-04 18:00 - 2010-10-26 18:01 - 0015360 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscecmnt.sys

2012-04-04 18:00 - 2010-10-26 18:01 - 0015360 ____A (MCCI Corporation) C:\Windows\System32\Drivers\sscecm.sys

2012-04-04 18:00 - 2007-10-25 15:26 - 0016448 ____A (Teruten Inc) C:\Windows\SysWOW64\Drivers\TFsExDisk.Sys

2012-04-04 17:59 - 2012-04-26 16:13 - 0000000 ____D C:\Program Files (x86)\MarkAny

2012-04-04 17:33 - 2012-01-03 10:25 - 0000000 ____D C:\Users\Michal\Desktop\registry font backups

2012-04-04 16:18 - 2011-08-22 18:36 - 103391634 ____A C:\Users\Michal\Downloads\Mirrors Edge-v1.4.73-NyM.ipa

2012-04-04 15:49 - 2012-04-04 15:49 - 0698258 ____A C:\s3pc.4

2012-04-04 15:48 - 2012-01-14 20:10 - 1290899 ____A C:\s3pc.3

2012-04-04 15:43 - 2012-04-28 22:20 - 0000000 ____D C:\Users\Michal\AppData\Local\libimobiledevice

2012-04-03 20:00 - 2012-02-12 22:57 - 849922173 ____A C:\Users\Michal\Downloads\iPhone4,1_5.0.1_9A406_Restore.ipsw

2012-04-02 17:08 - 2011-06-04 19:55 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2012-04-02 16:56 - 2011-07-30 11:37 - 0009987 ____A C:\Users\Michal\Downloads\328526.zip

2012-04-02 14:55 - 2012-03-26 13:37 - 0000779 ____A C:\Users\Public\Desktop\Battlefield 3.lnk

2012-04-02 08:02 - 2011-07-31 08:47 - 0000000 ____D C:\Users\Widomski\AppData\Local\shaw

2012-04-01 21:18 - 2011-12-05 15:32 - 0000000 ____D C:\Users\Michal\AppData\Local\shaw

2012-04-01 21:18 - 2011-04-01 11:18 - 0000000 ____D C:\Users\All Users\shaw

2012-04-01 21:18 - 2011-04-01 11:18 - 0000000 ____D C:\ProgramData\shaw

2012-04-01 21:17 - 2011-03-31 12:19 - 0000000 ____D C:\Program Files\Shaw

2012-04-01 21:17 - 2010-11-20 19:24 - 0072192 ____A C:\Windows\SysWOW64\zlib.dll

2012-04-01 18:57 - 2012-04-19 16:43 - 0000000 ____D C:\Users\Michal\AppData\Local\ElevatedDiagnostics

2012-04-01 18:40 - 2012-04-20 13:52 - 0011433 ____A C:\Users\Michal\Desktop\On Golden Pond Assignment.docx

2012-04-01 17:43 - 2012-02-08 21:06 - 0000000 ____D C:\Users\Widomski\AppData\Local\Conduit

2012-03-31 22:23 - 2003-12-07 07:59 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-03-31 22:23 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-03-31 10:50 - 2011-05-14 15:05 - 0000711 ____A C:\Users\Public\Desktop\Alan Wake.lnk





============ 3 Months Modified Files and Folders =============



2012-04-30 18:13 - 2012-04-30 18:12 - 0000000 ____D C:\FRST

2012-04-29 17:21 - 2012-04-29 17:19 - 0000000 ___AD C:\Windows\System64

2012-04-29 17:10 - 2012-04-29 19:47 - 77332480 ____A C:\Windows\System32\config\SOFTWARE.bak

2012-04-29 17:10 - 2012-04-29 19:47 - 27525120 ____A C:\Windows\System32\config\SYSTEM.bak

2012-04-28 23:01 - 2012-04-28 23:01 - 0000000 ___AD C:\.Trash-999

2012-04-28 22:21 - 2012-04-29 19:47 - 0786432 ____A C:\Windows\System32\config\DEFAULT.bak

2012-04-28 22:21 - 2012-04-29 19:47 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak

2012-04-28 22:21 - 2012-04-29 19:47 - 0262144 ____A C:\Windows\System32\config\SAM.bak

2012-04-28 22:20 - 2012-04-28 22:20 - 0000000 __SHD C:\Windows\System32\Restore

2012-04-28 22:20 - 2012-04-28 07:35 - 0027514 ____A C:\Windows\WindowsUpdate.log

2012-04-28 22:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com

2012-04-28 22:19 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns

2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\winevt

2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep

2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool

2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech

2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup

2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe

2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz

2012-04-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism

2012-04-28 21:38 - 2012-03-31 22:23 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-04-28 16:43 - 2011-07-26 16:41 - 0000000 ____D C:\Users\Michal\AppData\Roaming\foobar2000

2012-04-28 16:43 - 2011-03-31 14:06 - 0000000 ____D C:\Users\Michal\AppData\Roaming\vlc

2012-04-28 16:39 - 2011-06-30 15:29 - 0000000 ____D C:\Users\Michal\AppData\Roaming\AccurateRip

2012-04-28 16:19 - 2011-03-31 10:50 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Skype

2012-04-28 16:11 - 2009-07-13 21:13 - 0783270 ____A C:\Windows\System32\PerfStringBackup.INI

2012-04-28 16:09 - 2012-03-21 17:18 - 0000000 ____D C:\Users\Widomski\Desktop\Ania

2012-04-28 07:40 - 2009-07-13 20:45 - 0027968 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-04-28 07:40 - 2009-07-13 20:45 - 0027968 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-04-28 07:35 - 2011-05-19 22:23 - 0000000 ____D C:\users\UpdatusUser

2012-04-28 07:33 - 2012-03-16 20:07 - 0000000 ____D C:\Windows\Minidump

2012-04-28 07:32 - 2011-05-19 22:22 - 0000000 ____D C:\Users\All Users\NVIDIA

2012-04-28 07:32 - 2011-05-19 22:22 - 0000000 ____D C:\ProgramData\NVIDIA

2012-04-28 07:32 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2012-04-28 07:31 - 2011-03-31 05:46 - 529932288 __ASH C:\hiberfil.sys

2012-04-27 10:23 - 2012-04-27 10:23 - 0131040 ____A C:\Users\Widomski\Documents\SWIDNICA.docx

2012-04-26 19:40 - 2012-04-26 19:40 - 0000254 ____A C:\Users\Michal\Desktop\ESET.txt

2012-04-26 17:37 - 2012-04-26 15:33 - 0015454 ____A C:\Users\Widomski\Documents\The Road to El Dorado.docx

2012-04-26 16:35 - 2012-04-26 16:34 - 2322184 ____A (ESET) C:\Users\Michal\Downloads\esetsmartinstaller_enu.exe

2012-04-26 16:13 - 2012-04-26 16:13 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-04-26 16:13 - 2011-03-31 10:34 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-26 16:12 - 2012-04-26 16:12 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Michal\Downloads\mbam-setup-1.61.0.1400.exe

2012-04-25 18:59 - 2011-04-16 13:30 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Audacity

2012-04-25 18:10 - 2012-04-25 18:10 - 0000000 ____D C:\Users\All Users\Mozilla

2012-04-25 18:10 - 2012-04-25 18:10 - 0000000 ____D C:\ProgramData\Mozilla

2012-04-25 18:10 - 2012-04-25 18:10 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-25 18:10 - 2011-03-31 09:17 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-04-25 17:11 - 2011-03-31 13:26 - 0101376 ____A C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-04-25 17:03 - 2011-03-31 14:03 - 0000000 ____D C:\Users\Michal\AppData\Roaming\uTorrent

2012-04-24 19:39 - 2011-08-09 15:49 - 0000000 ____D C:\Users\Michal\Downloads\Everything-1.2.1.371

2012-04-24 19:31 - 2012-04-24 19:31 - 1056187 ____A C:\Users\Michal\Downloads\iComic-v4.3.1.ipa

2012-04-24 18:59 - 2012-04-24 18:59 - 0000000 ____D C:\_OTL

2012-04-24 15:17 - 2012-04-24 15:17 - 0151685 ____A C:\Users\Widomski\Documents\Seven years war.docx

2012-04-23 21:04 - 2012-04-23 21:04 - 4053471 ____A C:\Users\Michal\Desktop\Valve_Handbook_LowRes.pdf

2012-04-23 15:39 - 2012-04-23 15:39 - 0000000 ____D C:\MGADiagToolOutput

2012-04-23 15:38 - 2012-04-23 15:38 - 0000000 ____D C:\Users\All Users\Office Genuine Advantage

2012-04-23 15:38 - 2012-04-23 15:38 - 0000000 ____D C:\ProgramData\Office Genuine Advantage

2012-04-22 14:59 - 2012-02-05 20:54 - 0000000 ____D C:\Users\Michal\Downloads\14aren

2012-04-22 14:51 - 2012-02-15 21:35 - 0000000 ____D C:\Users\Michal\Downloads\Mission Impossible Ghost Protocol OST iTunes-SUMOTorrent

2012-04-22 14:27 - 2012-04-22 14:27 - 0068096 ____A C:\Users\Michal\Downloads\U2(mcrev)pure30(1).doc

2012-04-22 14:06 - 2012-04-18 18:11 - 0000000 ____D C:\Users\Michal\AppData\Local\Rockstar Games

2012-04-21 18:40 - 2012-04-21 18:40 - 0001262 ____A C:\Users\Michal\Desktop\LaunchGTAIV.exe - Shortcut.lnk

2012-04-21 18:23 - 2011-03-31 08:21 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2012-04-21 14:41 - 2012-04-18 18:24 - 0000000 ____D C:\Users\Michal\Downloads\GTA 4 Fix

2012-04-21 14:38 - 2012-04-21 14:38 - 0085370 ____A C:\Users\Michal\Downloads\xliveless-0.999b7.rar

2012-04-21 14:38 - 2012-04-21 14:38 - 0000000 ____D C:\Users\Michal\Downloads\xliveless-0.999b7

2012-04-21 12:47 - 2012-04-19 20:35 - 0089434 ____A C:\Users\Michal\Desktop\OTL.Txt

2012-04-21 12:40 - 2012-04-21 12:40 - 0593920 ____A (OldTimer Tools) C:\Users\Michal\Desktop\OTL.exe

2012-04-21 10:02 - 2012-04-21 10:01 - 0137288 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_12.01.14_log.txt

2012-04-21 09:59 - 2012-04-21 09:59 - 0000512 ____A C:\Users\Michal\Desktop\MBR.dat

2012-04-20 13:59 - 2012-04-01 17:43 - 0000000 ____D C:\Users\Widomski\AppData\Local\Conduit

2012-04-20 13:59 - 2011-03-31 07:53 - 0000000 ____D C:\Users\Michal\AppData\LocalLow

2012-04-20 13:53 - 2012-04-20 13:53 - 0000000 ____D C:\Windows\ERDNT

2012-04-20 13:52 - 2012-04-20 13:52 - 0000928 ____A C:\Users\Widomski\Desktop\NTREGOPT.lnk

2012-04-20 13:52 - 2012-04-20 13:52 - 0000928 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk

2012-04-20 13:52 - 2012-04-20 13:52 - 0000928 ____A C:\Users\Michal\Desktop\NTREGOPT.lnk

2012-04-20 13:52 - 2012-04-20 13:52 - 0000909 ____A C:\Users\Widomski\Desktop\ERUNT.lnk

2012-04-20 13:52 - 2012-04-20 13:52 - 0000909 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk

2012-04-20 13:52 - 2012-04-20 13:52 - 0000909 ____A C:\Users\Michal\Desktop\ERUNT.lnk

2012-04-20 13:52 - 2012-04-20 13:52 - 0000174 ___SH C:\Users\Michal\Start Menu\Programs\Startup\desktop.ini

2012-04-20 13:52 - 2012-04-20 13:52 - 0000174 ___SH C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

2012-04-20 13:52 - 2012-04-20 13:52 - 0000000 ____D C:\Program Files (x86)\ERUNT

2012-04-20 13:50 - 2012-04-20 13:50 - 0791393 ____A (Lars Hederer ) C:\Users\Michal\Downloads\erunt-setup.exe

2012-04-20 11:14 - 2012-04-20 11:14 - 0025909 ____A C:\Users\Widomski\Documents\OBOZ KONCENTRACYJNY W MAJDANKU.docx

2012-04-19 22:14 - 2012-04-19 22:14 - 0000000 ____D C:\Users\All Users\Battle.net

2012-04-19 22:14 - 2012-04-19 22:14 - 0000000 ____D C:\ProgramData\Battle.net

2012-04-19 20:35 - 2012-04-19 20:35 - 0052192 ____A C:\Users\Michal\Desktop\Extras.Txt

2012-04-19 16:43 - 2011-06-06 16:28 - 0000000 ____D C:\Users\Michal\AppData\Local\dxhr

2012-04-19 15:53 - 2012-04-19 15:52 - 0000000 ____D C:\Users\Michal\AppData\Local\SniperV2 Demo

2012-04-18 17:48 - 2009-07-13 18:34 - 0000530 ____A C:\Windows\win.ini

2012-04-18 11:46 - 2011-03-31 12:10 - 0000000 ____D C:\Users\Widomski\Documents\WR CANAM

2012-04-18 06:01 - 2012-04-18 06:01 - 0026112 ____A C:\Users\Michal\Downloads\Pure 30 Midterm Outline.doc

2012-04-18 06:00 - 2011-07-21 12:12 - 0000000 ____D C:\Users\Michal\AppData\Local\Downloaded Installations

2012-04-17 21:33 - 2012-04-17 21:33 - 0000600 ____A C:\Users\Michal\AppData\Roaming\winscp.rnd

2012-04-17 21:27 - 2012-04-17 21:27 - 0001853 ____A C:\Users\Michal\Desktop\WinSCP.lnk

2012-04-17 21:27 - 2012-04-17 21:27 - 0000000 ____D C:\Program Files (x86)\WinSCP

2012-04-17 21:00 - 2012-04-17 21:00 - 0065397 ____A C:\Users\Michal\Desktop\RutherfordScholarship.pdf

2012-04-17 19:32 - 2011-03-31 10:39 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Apple Computer

2012-04-17 19:23 - 2012-04-17 19:23 - 0005466 ____A C:\Users\Michal\Downloads\[Demonoid.me]-PureMath30Explained_Printer_Friendly(Full_Course).torrent

2012-04-17 15:38 - 2012-04-17 15:38 - 0061685 ____A C:\Users\Michal\Downloads\bluescreenview.zip

2012-04-16 18:47 - 2012-01-21 19:24 - 0000000 ____D C:\Users\All Users\Media Center Programs

2012-04-16 18:47 - 2012-01-21 19:24 - 0000000 ____D C:\ProgramData\Media Center Programs

2012-04-16 16:34 - 2012-04-16 16:34 - 38947386 ____A C:\Users\Michal\Downloads\cinema-2.0.exe

2012-04-16 15:43 - 2012-02-16 19:24 - 0000000 ____D C:\Users\Michal\Downloads\Max Payne 1 & 2

2012-04-16 15:41 - 2012-04-16 15:41 - 0000724 ____A C:\Users\Public\Desktop\Max Payne 2.lnk

2012-04-16 15:24 - 2012-03-06 17:25 - 0000000 ____D C:\Users\Michal\Desktop\Malware

2012-04-16 15:03 - 2012-03-31 22:23 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-04-16 15:03 - 2011-05-31 14:06 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-04-16 14:58 - 2012-04-16 14:57 - 8190311 ____A C:\Users\Michal\Downloads\01 Burn It Down.m4a

2012-04-15 13:36 - 2012-04-15 13:36 - 2868161 ____A C:\Users\Widomski\Desktop\S08293.pdf

2012-04-15 12:45 - 2012-04-15 12:45 - 0003829 ____A C:\Users\Michal\Desktop\photo-360817.jpg

2012-04-15 08:08 - 2012-04-15 08:08 - 2006184 ____A C:\Users\Widomski\Desktop\md200codes.pdf

2012-04-15 07:53 - 2011-06-14 16:30 - 0000000 ____D C:\Users\Widomski\AppData\LocalLow

2012-04-14 16:42 - 2012-04-14 16:42 - 0525568 ____A C:\Users\Widomski\Desktop\2010-04-13_003255_diagram.pdf

2012-04-14 16:28 - 2012-04-14 16:28 - 0534930 ____A C:\Users\Widomski\Desktop\C_10_ C_12_ 3406E_C_15, and C_16 On_highway Engine Electrical System .pdf

2012-04-13 09:12 - 2012-04-13 09:12 - 0000000 ____D C:\Users\Michal\Downloads\kungfu_30

2012-04-12 20:28 - 2012-04-12 10:39 - 0000086 ____A C:\Users\Michal\Desktop\melee.txt

2012-04-12 20:14 - 2011-06-13 18:30 - 0000000 ____D C:\Program Files (x86)\Icarus Studios, Inc

2012-04-12 20:07 - 2012-04-12 20:07 - 0000000 ____D C:\Users\Michal\AppData\Local\CAPCOM

2012-04-12 16:46 - 2012-04-05 11:36 - 0039991 ____A C:\Users\Michal\Downloads\umbrella.log

2012-04-12 16:46 - 2012-04-05 11:36 - 0038668 ____A C:\Users\Michal\umbrella0.log

2012-04-12 16:46 - 2011-03-31 07:53 - 0000000 ____D C:\users\Michal

2012-04-12 16:36 - 2012-04-12 16:35 - 0000000 ____D C:\Users\Michal\.shsh

2012-04-12 16:35 - 2012-04-12 16:34 - 2295296 ____A () C:\Users\Michal\Downloads\tinyumbrella-5.10.14.exe

2012-04-12 16:32 - 2012-04-12 16:32 - 0015447 ____A C:\Users\Michal\Downloads\hs_err_pid6384.log

2012-04-12 15:29 - 2012-04-12 15:29 - 1291289 ____A C:\s6fc.4

2012-04-12 15:29 - 2012-04-12 15:29 - 0698465 ____A C:\s6fc.5

2012-04-12 15:28 - 2012-04-04 15:43 - 0000000 ____D C:\Users\Michal\AppData\Local\libimobiledevice

2012-04-12 15:27 - 2012-04-12 15:27 - 9123792 ____A C:\Users\Michal\Downloads\absinthe-win-0.4.zip

2012-04-12 14:51 - 2012-04-12 14:51 - 3276874 ____A C:\Users\Widomski\HatzInstruction.pdf

2012-04-12 14:51 - 2011-03-31 10:59 - 0000000 ____D C:\users\Widomski

2012-04-12 10:39 - 2012-04-12 10:30 - 0000625 ____A C:\Users\Michal\Desktop\cydia downloads.txt

2012-04-12 09:59 - 2012-04-12 09:59 - 0032331 ____A C:\Users\Michal\Desktop\hitman_blood_money.jpg

2012-04-10 17:49 - 2012-04-10 17:49 - 6660935 ____A C:\Users\Widomski\Carver Owners Manual - 1977.pdf

2012-04-10 10:53 - 2012-04-10 10:53 - 0000174 ___SH C:\Users\Public\desktop.ini

2012-04-10 10:53 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public

2012-04-09 12:53 - 2011-06-14 16:33 - 0108360 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT

2012-04-09 09:07 - 2012-04-09 09:07 - 0001070 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-04-09 08:59 - 2011-03-31 14:06 - 0000000 ____D C:\Program Files (x86)\VideoLAN

2012-04-09 08:24 - 2011-07-14 10:56 - 0000000 ____D C:\Users\Michal\AppData\Local\Windows Live

2012-04-07 19:28 - 2011-06-15 10:42 - 0108360 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT

2012-04-05 13:02 - 2011-05-28 13:10 - 0000000 ____D C:\Users\Michal\Calibre Library

2012-04-05 12:35 - 2012-04-05 12:35 - 0643284 ____A C:\Users\Michal\Downloads\hosts

2012-04-05 11:04 - 2009-07-13 20:45 - 0418280 ____A C:\Windows\System32\FNTCACHE.DAT

2012-04-04 18:16 - 2012-04-04 18:04 - 0000000 ____D C:\Users\Widomski\Documents\camera pictures

2012-04-04 18:01 - 2012-04-04 18:01 - 0002146 ____A C:\Users\Public\Desktop\Samsung New PC Studio.lnk

2012-04-04 17:59 - 2012-04-04 17:59 - 0000000 ____D C:\Program Files (x86)\MarkAny

2012-04-04 17:59 - 2011-09-27 19:09 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Samsung

2012-04-04 17:58 - 2011-09-27 15:32 - 0000000 ____D C:\Users\All Users\Samsung

2012-04-04 17:58 - 2011-09-27 15:32 - 0000000 ____D C:\ProgramData\Samsung

2012-04-04 17:34 - 2012-04-04 17:33 - 0000000 ____D C:\Users\Michal\Desktop\registry font backups

2012-04-04 17:33 - 2011-03-31 07:59 - 0108360 ____A C:\Users\Michal\AppData\Local\GDIPFONTCACHEV1.DAT

2012-04-04 16:28 - 2012-04-04 16:18 - 103391634 ____A C:\Users\Michal\Downloads\Mirrors Edge-v1.4.73-NyM.ipa

2012-04-04 15:49 - 2012-04-04 15:49 - 0698258 ____A C:\s3pc.4

2012-04-04 15:49 - 2012-04-04 15:48 - 1290899 ____A C:\s3pc.3

2012-04-04 13:56 - 2011-03-31 10:34 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-04-03 20:16 - 2012-04-03 20:00 - 849922173 ____A C:\Users\Michal\Downloads\iPhone4,1_5.0.1_9A406_Restore.ipsw

2012-04-03 12:44 - 2012-04-01 21:18 - 0000000 ____D C:\Users\Michal\AppData\Local\shaw

2012-04-03 12:44 - 2012-04-01 21:18 - 0000000 ____D C:\Users\All Users\shaw

2012-04-03 12:44 - 2012-04-01 21:18 - 0000000 ____D C:\ProgramData\shaw

2012-04-02 18:46 - 2011-06-04 13:54 - 0000000 ____D C:\Users\All Users\EA Logs

2012-04-02 18:46 - 2011-06-04 13:54 - 0000000 ____D C:\ProgramData\EA Logs

2012-04-02 17:08 - 2012-04-02 17:08 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2012-04-02 16:56 - 2012-04-02 16:56 - 0009987 ____A C:\Users\Michal\Downloads\328526.zip

2012-04-02 14:55 - 2012-04-02 14:55 - 0000779 ____A C:\Users\Public\Desktop\Battlefield 3.lnk

2012-04-02 14:24 - 2011-07-30 17:18 - 0000000 ____D C:\Program Files (x86)\Origin

2012-04-02 14:13 - 2012-03-07 18:35 - 0000000 ____D C:\Windows\pss

2012-04-02 08:02 - 2012-04-02 08:02 - 0000000 ____D C:\Users\Widomski\AppData\Local\shaw

2012-04-01 22:26 - 2012-04-01 18:40 - 0011433 ____A C:\Users\Michal\Desktop\On Golden Pond Assignment.docx

2012-04-01 21:17 - 2012-04-01 21:17 - 0000000 ____D C:\Program Files\Shaw

2012-04-01 18:57 - 2012-04-01 18:57 - 0000000 ____D C:\Users\Michal\AppData\Local\ElevatedDiagnostics

2012-03-31 22:38 - 2011-03-31 15:07 - 0000000 ____D C:\Program Files (x86)\JDownloader

2012-03-31 13:31 - 2011-05-10 20:50 - 0000000 ____D C:\Users\Michal\AppData\Local\SKIDROW

2012-03-31 10:50 - 2012-03-31 10:50 - 0000711 ____A C:\Users\Public\Desktop\Alan Wake.lnk

2012-03-29 14:16 - 2012-03-29 14:16 - 0083139 ____A C:\Users\Michal\Desktop\Exp .pdf

2012-03-26 19:28 - 2012-03-26 19:28 - 0210936 ____A C:\Users\Widomski\Desktop\PAINTING.docx

2012-03-26 19:28 - 2012-03-26 19:28 - 0000162 ___AH C:\Users\Widomski\Desktop\~$INTING.docx

2012-03-26 18:52 - 2012-03-14 18:51 - 0210932 ____A C:\Users\Widomski\Documents\PAINTING.docx

2012-03-26 13:37 - 2012-03-26 13:37 - 0000905 ____A C:\Users\Public\Desktop\Batman Arkham City.lnk

2012-03-26 10:54 - 2011-03-31 12:10 - 0029184 ____A C:\Users\Widomski\Documents\WR TRUCKING PIAST INVOICE .doc

2012-03-25 21:07 - 2012-03-25 21:07 - 0001002 ____A C:\Users\Public\Desktop\Blueline.lnk

2012-03-25 21:07 - 2012-03-25 21:07 - 0000000 ____D C:\Program Files (x86)\AzTools

2012-03-25 20:39 - 2012-03-25 20:39 - 0027426 ____A C:\Users\Michal\Downloads\P30 Calendar S12.docx

2012-03-22 19:08 - 2012-03-22 19:08 - 2621393 ____A C:\Users\Widomski\Desktop\Pianista.wmv

2012-03-22 10:01 - 2012-03-22 10:01 - 0014615 ___AH C:\Users\Michal\Downloads\Blood and Chrome trailer.MP4.mta

2012-03-21 17:27 - 2012-03-21 17:23 - 50882553 ____A C:\Users\Michal\Downloads\Blood and Chrome trailer.mp4

2012-03-20 20:29 - 2012-03-20 20:29 - 0022528 ____A C:\Users\Michal\Downloads\Unit 3 HWD2L.doc

2012-03-20 17:21 - 2012-03-17 11:19 - 0356313 ____A C:\Users\Widomski\Documents\10 commandments.docx

2012-03-20 17:15 - 2012-03-20 16:38 - 0151861 ____A C:\Users\Widomski\Documents\booklet.docx

2012-03-20 09:56 - 2012-03-20 09:56 - 0013310 ____A C:\Users\Widomski\Documents\SPRINGBANK AIRPORT# INVOICE.#58.docx

2012-03-18 21:54 - 2012-03-18 21:54 - 0000000 ____D C:\Users\Michal\AppData\Local\IceChat Networks

2012-03-18 21:54 - 2012-03-18 21:51 - 0000000 ____D C:\Users\Michal\AppData\Roaming\mIRC

2012-03-18 21:13 - 2012-03-18 21:12 - 0000000 ____D C:\Users\Michal\AppData\Local\{A4613EAB-CA0F-46A6-A461-CE9E363471E7}

2012-03-18 21:12 - 2012-03-18 21:11 - 0000000 ____D C:\Users\Michal\AppData\Local\{FEBAD3BA-5EA2-4CCC-ABB4-0FD9F83C713D}

2012-03-18 21:11 - 2012-03-18 21:11 - 0000000 ____D C:\Users\Michal\AppData\Local\{253B9D6D-1781-47AF-A8A9-5D5E9B0FE186}

2012-03-17 19:27 - 2012-03-17 19:27 - 0190394 ____A C:\Users\Widomski\Documents\american eagle coupon.docx

2012-03-14 18:51 - 2012-03-14 18:51 - 0171046 ____H C:\Users\Widomski\Documents\~WRL0004.tmp

2012-03-14 17:31 - 2012-03-14 17:31 - 0068096 ____A C:\Users\Michal\Downloads\U2(mcrev)pure30.doc

2012-03-14 17:00 - 2011-06-30 21:30 - 0000000 ____D C:\Users\Michal\Desktop\EAC

2012-03-14 11:00 - 2011-03-31 11:19 - 0000000 ____D C:\Users\All Users\Microsoft Help

2012-03-14 11:00 - 2011-03-31 11:19 - 0000000 ____D C:\ProgramData\Microsoft Help

2012-03-14 11:00 - 2011-03-31 08:36 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-03-13 09:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache

2012-03-12 21:18 - 2012-03-12 20:56 - 0000000 ____D C:\Users\Michal\Downloads\1 - A Game of Thrones

2012-03-12 15:42 - 2011-03-31 11:37 - 0768738 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-03-11 12:55 - 2012-03-11 12:55 - 0000000 ____D C:\Users\Michal\Downloads\AdenoCoalescedME3v1

2012-03-10 10:54 - 2012-03-09 12:36 - 0000000 ____D C:\Users\Michal\Downloads\Alcatraz.S01E10.720p.WEB-DL.DD5.1.H.264-KiNGS

2012-03-10 10:54 - 2012-03-09 12:36 - 0000000 ____D C:\Users\Michal\Downloads\Alcatraz.S01E09.720p.WEB-DL.DD5.1.H.264-KiNGS

2012-03-10 10:52 - 2011-03-31 11:00 - 0000174 ___SH C:\Users\Widomski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

2012-03-10 10:51 - 2011-03-31 09:21 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-03-10 00:42 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System

2012-03-10 00:02 - 2012-03-10 00:02 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0

2012-03-07 21:36 - 2012-03-07 15:48 - 0000000 ____D C:\Users\Michal\Downloads\ME3Soundtrack

2012-03-07 19:49 - 2011-10-15 22:46 - 0000000 ____D C:\Users\Michal\AppData\Local\PMB Files

2012-03-07 19:21 - 2012-03-05 19:42 - 0000000 ____D C:\Users\Michal\Desktop\Ania

2012-03-07 15:54 - 2012-03-07 15:54 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd

2012-03-07 15:45 - 2012-03-07 15:45 - 0000000 ____D C:\Users\Michal\AppData\Roaming\8C973

2012-03-07 15:45 - 2012-03-07 15:45 - 0000000 ____A C:\Users\Michal\AppData\Roaming\OefKq.txt

2012-03-07 15:45 - 2012-03-07 15:45 - 0000000 ____A C:\Users\Michal\AppData\Roaming\dZwwc.txt

2012-03-06 17:11 - 2012-03-06 17:11 - 0001077 ____A C:\Users\Widomski\Desktop\Fass.lnk

2012-03-06 17:11 - 2012-03-06 17:11 - 0001077 ____A C:\Users\UpdatusUser\Desktop\Fass.lnk

2012-03-06 17:11 - 2012-03-06 17:11 - 0001077 ____A C:\Users\Michal\Desktop\Fass.lnk

2012-03-06 17:11 - 2012-03-06 17:11 - 0000000 ____D C:\Program Files (x86)\Pawsoft

2012-03-06 06:15 - 2012-03-06 06:12 - 22352492 ____A C:\Users\Michal\Downloads\rld-me3dlc.rar

2012-03-05 22:18 - 2011-06-14 16:30 - 0000000 ____D C:\Users\Widomski\AppData\Roaming\Apple Computer

2012-03-05 21:58 - 2012-03-05 21:58 - 0114864 ____A C:\Users\Michal\Desktop\3149969_700b.jpg

2012-03-04 16:23 - 2012-03-04 16:23 - 0076398 ____A C:\Users\Michal\Downloads\bws-0487.rar

2012-03-04 15:06 - 2012-03-04 15:06 - 0164352 ___SH C:\Windows\SysWOW64\SCS.dll

2012-03-04 10:45 - 2012-03-04 10:45 - 0000000 ____A C:\Users\Michal\AppData\Roaming\fyXSW.txt

2012-03-04 10:44 - 2012-03-04 10:44 - 0000697 ____A C:\Users\Michal\Desktop\Deep Black Reloaded.lnk

2012-03-03 22:52 - 2012-03-03 20:24 - 0000000 ____D C:\Users\Michal\Downloads\Alcatraz.S01E08.720p.WEB-DL.DD5.1.H.264-KiNGS

2012-03-03 12:06 - 2012-03-03 12:06 - 0099384 ____A C:\Users\Michal\AppData\Roaming\inst.exe

2012-03-03 12:06 - 2012-03-03 12:06 - 0082816 ____A (VSO Software) C:\Users\Michal\AppData\Roaming\pcouffin.sys

2012-03-03 12:06 - 2012-03-03 12:06 - 0007859 ____A C:\Users\Michal\AppData\Roaming\pcouffin.cat

2012-03-03 12:06 - 2012-03-03 12:06 - 0001167 ____A C:\Users\Michal\AppData\Roaming\pcouffin.inf

2012-03-03 12:06 - 2012-03-03 12:06 - 0000055 ____A C:\Users\Michal\AppData\Roaming\pcouffin.log

2012-03-03 12:06 - 2011-08-10 09:58 - 0000000 ____D C:\Users\Michal\AppData\Roaming\Vso

2012-03-03 12:05 - 2011-08-10 09:58 - 0001057 ____A C:\Users\Michal\AppData\Roaming\vso_ts_preview.xml

2012-03-03 12:03 - 2012-03-03 12:03 - 0010843 ____A C:\Users\Widomski\Documents\Be yourself.docx

2012-03-02 15:23 - 2012-02-25 22:24 - 0000533 ____A C:\Windows\Tcsofla.INI

2012-03-02 14:32 - 2012-02-26 18:49 - 0000000 ____D C:\Users\Michal\Downloads\TrueCrimeTrainerPLUS5

2012-03-02 14:30 - 2012-03-02 14:30 - 0000720 ____A C:\Users\Michal\Desktop\Play True Crime® New York City.lnk

2012-03-02 14:24 - 2012-03-02 14:24 - 0022267 ____A C:\Users\Michal\Downloads\pdtny15t.rar

2012-03-01 16:02 - 2012-03-01 15:35 - 245577073 ____A C:\Users\Michal\Desktop\169_ask_gamespot_max_payne_3_030112_2800.mp4

2012-03-01 09:18 - 2011-05-07 15:08 - 0000000 ____D C:\Users\Widomski\Desktop\Company Bnder WR Trucking

2012-02-29 22:33 - 2012-02-29 20:32 - 0000009 ____A C:\Users\Michal\Desktop\temporary104.txt

2012-02-29 22:22 - 2012-02-29 16:44 - 39001210 ____A C:\Users\Michal\Downloads\Radical Thinkers.pptx

2012-02-29 22:16 - 2011-06-30 22:26 - 0000000 ____D C:\Users\Michal\Downloads\FLAC_frontend

2012-02-29 17:07 - 2012-01-29 21:21 - 0000000 ____D C:\Users\Michal\Downloads\UNDERWORLD 1-2-3 HD 720p BRRip 5.1AAC x264-ILPruny

2012-02-29 16:57 - 2012-02-29 16:57 - 0105762 ____A C:\Users\Michal\Desktop\11-12-calendar-traditional.pdf

2012-02-29 11:25 - 2011-04-15 06:29 - 0000000 ____D C:\Users\Widomski\Desktop\Company Binder WR Paving

2012-02-28 19:38 - 2012-02-28 19:38 - 0015274 ____A C:\Users\Widomski\Documents\l.a powerpont.docx

2012-02-28 11:09 - 2012-02-28 11:09 - 0001115 ____A C:\Users\UpdatusUser\Desktop\XMLwriter.lnk

2012-02-28 10:58 - 2012-02-28 10:58 - 0018646 ____A C:\Users\Widomski\Desktop\Application.rar

2012-02-27 17:30 - 2012-02-27 17:30 - 0012366 ____A C:\Users\Michal\Desktop\Social CE 1-2.docx

2012-02-27 16:26 - 2012-02-27 16:26 - 22837227 ____A C:\Users\Michal\Downloads\kungfu_30.zip

2012-02-27 16:16 - 2011-09-24 19:40 - 0000000 ____D C:\Users\Michal\Downloads\XIII The Series Season 1

2012-02-27 16:14 - 2012-02-11 17:40 - 0000000 ____D C:\Users\Michal\Downloads\Resident.Evil.Apocalypse.2004.x264.DTS.2AUDIO-WAF

2012-02-27 16:14 - 2012-02-07 09:55 - 0018672 ___AH C:\Users\Michal\Downloads\Super Size Me.MP4.mta

2012-02-27 16:14 - 2012-02-06 10:14 - 0013144 ___AH C:\Users\Michal\Downloads\Spartacus.S02E02.720p.HDTV.X264-DIMENSION.MKV.mta

2012-02-27 16:14 - 2012-01-26 15:23 - 0000000 ____D C:\Users\Michal\Downloads\CovertAffairsS02

2012-02-27 16:14 - 2011-12-10 13:04 - 0014028 ___AH C:\Users\Michal\Downloads\On.Deadly.Ground.[1994].DVDRip.XviD-BLiTZKRiEG.AVI.mta

2012-02-27 16:08 - 2011-09-27 15:32 - 0000000 ____D C:\Program Files (x86)\Samsung

2012-02-27 14:20 - 2011-11-20 22:36 - 0000000 ____D C:\Program Files (x86)\Windows Grep

2012-02-26 22:25 - 2012-02-26 22:23 - 0000000 ____D C:\Users\Michal\Downloads\Margaret Peterson Haddix - Shadow Children Series Complete - 7 Books (pdf,epub,mobi,lit,opf,rtf,lrf,html,txt)

2012-02-26 21:57 - 2012-02-25 00:44 - 0000000 ____D C:\Users\Michal\Downloads\The Cranberries - Roses (2012) [FLAC] politux

2012-02-26 16:04 - 2011-03-31 14:04 - 0000000 ____D C:\Program Files (x86)\uTorrent

2012-02-25 22:52 - 2012-02-25 22:52 - 0937650 ____A C:\Users\Michal\Downloads\True_Crime_-_Streets_of_LA_-_Manual_-_PC.pdf

2012-02-25 22:23 - 2011-03-31 14:25 - 0000000 ____D C:\Users\Michal\Downloads\Games

2012-02-25 20:38 - 2012-02-25 20:36 - 0000000 ____D C:\Users\Michal\Downloads\PgcEdit.v9.3.Regged-WaLMaRT

2012-02-25 20:38 - 2011-12-20 16:57 - 0000000 ____D C:\Users\Michal\AppData\Roaming\PgcEdit

2012-02-25 20:35 - 2012-02-25 20:35 - 4892564 ____A C:\Users\Michal\Downloads\PgcEdit.v9.3.Regged-WaLMaRT.rar

2012-02-25 20:27 - 2011-04-16 13:13 - 0000000 ____D C:\Users\Michal\AppData\Roaming\dvdcss

2012-02-25 16:29 - 2012-02-25 16:21 - 167027415 ____A C:\Users\Michal\Downloads\7th_Serpent_Crossfire.zip

2012-02-25 16:25 - 2012-02-25 16:13 - 265196014 ____A C:\Users\Michal\Downloads\7th_Serpent_Genesis.zip

2012-02-25 16:20 - 2012-02-25 16:10 - 232484174 ____A C:\Users\Michal\Downloads\MPChronicles.zip

2012-02-25 00:11 - 2012-01-03 18:32 - 0000000 ____D C:\Users\Michal\Desktop\Dex612-cardman

2012-02-24 22:05 - 2012-02-16 16:13 - 0931920 ____A C:\Users\Widomski\Documents\bracletes.docx

2012-02-24 18:45 - 2009-07-13 21:08 - 0032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-02-21 14:06 - 2011-08-12 09:33 - 0000000 ____D C:\Users\Michal\AppData\Local\Deployment

2012-02-21 14:04 - 2012-02-21 14:04 - 0001392 ____A C:\Users\Michal\Downloads\e327505cd18693ffb7c221199eb6cef8.dlc

2012-02-20 21:27 - 2012-02-17 23:19 - 0013540 ____A C:\Users\Michal\Desktop\Psych 30 Assignment 1.docx

2012-02-17 18:32 - 2012-02-17 18:32 - 1198080 ____A C:\Users\Michal\Downloads\Radical thinkers and beliefs.ppt

2012-02-17 12:02 - 2012-02-17 12:02 - 648828928 ____A C:\Users\Michal\Desktop\NOLF2.iso

2012-02-17 12:01 - 2012-02-17 12:01 - 0000000 ____D C:\Users\Michal\Downloads\daa2iso

2012-02-17 12:00 - 2012-02-17 12:00 - 0049862 ____A C:\Users\Michal\Downloads\daa2iso.zip

2012-02-17 11:35 - 2012-02-17 11:35 - 0003276 ____A C:\Users\Michal\Downloads\linklist.nl

2012-02-16 22:38 - 2012-03-14 11:00 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2012-02-16 22:38 - 2012-03-14 11:00 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2012-02-16 22:03 - 2012-02-16 22:03 - 0405714 ____A C:\Users\Michal\Downloads\MaxPayneSoundPatchv1.12.rar

2012-02-16 21:34 - 2012-03-14 11:00 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2012-02-16 21:00 - 2012-02-16 21:00 - 0001606 ____A C:\Users\Public\Desktop\Manhunt.lnk

2012-02-16 20:58 - 2012-03-14 11:00 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-02-16 20:57 - 2012-03-14 11:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

2012-02-16 19:36 - 2012-02-16 19:36 - 0000000 ____D C:\Users\Michal\Downloads\Manhunt

2012-02-16 15:07 - 2011-08-12 09:44 - 0000000 ____D C:\Users\Michal\Desktop\jdownloader

2012-02-16 14:51 - 2012-02-16 14:51 - 0000000 ____D C:\Users\Michal\AppData\Local\Cranium_Consulting_and_Cu

2012-02-16 14:51 - 2012-02-16 14:51 - 0000000 ____D C:\Program Files (x86)\iPhoneBrowser

2012-02-16 13:28 - 2012-02-10 22:13 - 0000000 ____D C:\Users\Michal\AppData\Roaming\DarknessII

2012-02-15 23:23 - 2012-02-15 23:20 - 37628165 ____A C:\Users\Michal\Downloads\11 - Who Says You Cant Go Home.flac

2012-02-15 21:57 - 2012-02-15 21:57 - 1871990 ____A C:\Users\Michal\Downloads\PlaylistCreator3.zip

2012-02-15 21:57 - 2012-02-15 21:57 - 0000000 ____D C:\Users\Michal\Downloads\PlaylistCreator3

2012-02-15 21:12 - 2012-02-15 20:47 - 0000000 ____D C:\Users\Public\Documents\Jagged Alliance - Back in Action Demo

2012-02-15 18:01 - 2012-02-15 18:01 - 0036515 ____A C:\Users\Widomski\Documents\ybraclet.docx

2012-02-12 22:57 - 2012-02-12 22:57 - 1755648 ____A C:\Users\Michal\Downloads\IntroductiontoIdeologies.ppt

2012-02-12 22:56 - 2012-02-12 22:56 - 4822414 ____A C:\Users\Michal\Downloads\social song.wma

2012-02-12 18:24 - 2012-02-12 16:47 - 0013511 ____A C:\Users\Widomski\Documents\Dear St.docx

2012-02-12 17:16 - 2012-02-12 17:16 - 0666766 ____A C:\Users\Widomski\Documents\ST FAUTINA.docx

2012-02-12 17:16 - 2012-02-11 19:19 - 0016330 ____A C:\Users\Widomski\Documents\Biographical Facts.docx

2012-02-12 17:07 - 2012-02-12 17:07 - 0750282 ____A C:\Users\Widomski\Documents\pics.xps

2012-02-11 21:41 - 2012-02-11 21:41 - 0957952 ____A C:\Users\Widomski\Documents\health art.docx

2012-02-10 12:14 - 2012-02-10 12:14 - 0000839 ____A C:\Users\Michal\Downloads\sr-tdsii.txt

2012-02-09 22:36 - 2012-03-14 11:00 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-02-09 21:38 - 2012-03-14 11:00 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-02-08 21:06 - 2012-02-08 21:06 - 0000000 ____D C:\Users\Widomski\AppData\Local\Apps\2.0

2012-02-08 19:29 - 2011-10-15 22:46 - 0000000 ____D C:\Users\All Users\PMB Files

2012-02-08 19:29 - 2011-10-15 22:46 - 0000000 ____D C:\ProgramData\PMB Files

2012-02-08 18:44 - 2012-02-08 18:44 - 0000000 ____D C:\Users\Michal\riotsGamesLogs

2012-02-08 18:43 - 2012-02-08 18:43 - 0000000 ____D C:\Users\Michal\AppData\Roaming\LolClient

2012-02-08 17:36 - 2012-02-08 17:36 - 0000000 ____D C:\Users\Michal\AppData\Local\BigHugeEngine

2012-02-06 21:10 - 2012-02-03 14:57 - 0022873 ____A C:\Users\Widomski\Documents\You can handle this Sarah.docx

2012-02-06 16:07 - 2012-02-06 15:31 - 733233247 ____A C:\Users\Michal\Downloads\Super Size Me.mp4

2012-02-05 21:44 - 2012-01-31 19:18 - 0000000 ____D C:\Users\Michal\Desktop\dad music

2012-02-04 16:22 - 2012-02-04 14:49 - 1433164791 ____A C:\Users\Michal\Downloads\Spartacus.S02E02.720p.HDTV.X264-DIMENSION.mkv

2012-02-04 10:46 - 2012-02-04 10:46 - 0000162 ___AH C:\Users\Widomski\Documents\~$u can handle this Sarah.docx

2012-02-03 14:57 - 2012-02-03 14:57 - 0013888 ____H C:\Users\Widomski\Documents\~WRL0003.tmp

2012-02-02 20:34 - 2012-03-14 11:00 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-02-02 17:07 - 2012-02-02 17:06 - 0000000 ____D C:\Program Files (x86)\ReNamer

2012-02-01 19:43 - 2012-04-12 15:28 - 0000000 ____D C:\Users\Michal\Downloads\absinthe-win-0.4

2012-02-01 18:42 - 2012-02-01 18:42 - 0001381 ____A C:\Users\Public\Desktop\TI Connect.lnk

2012-02-01 18:42 - 2012-02-01 18:42 - 0000000 ____D C:\Program Files\DIFX

2012-02-01 18:42 - 2012-02-01 18:42 - 0000000 ____D C:\Program Files (x86)\TI Education



========================= Known DLLs (Whitelisted) ============





========================= Bamital & volsnap Check ============



C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



========================= Memory info ======================



Percentage of memory in use: 12%

Total physical RAM: 6135.18 MB

Available physical RAM: 5393.12 MB

Total Pagefile: 6133.38 MB

Available Pagefile: 5376.78 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB



======================= Partitions =========================



1 Drive c: (Main) (Fixed) (Total:465.77 GB) (Free:110.05 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]

2 Drive d: (Data) (Fixed) (Total:465.74 GB) (Free:96.03 GB) NTFS

4 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

6 Drive h: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT32

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS



Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 1928 MB 0 B



Partitions of Disk 0:

===============



Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 31 KB

Partition 0 Extended 465 GB 465 GB

Partition 2 Logical 465 GB 465 GB



======================================================================================================



Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Main NTFS Partition 465 GB Healthy



======================================================================================================



Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D Data NTFS Partition 465 GB Healthy



======================================================================================================



Partitions of Disk 2:

===============



Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1927 MB 1024 KB



======================================================================================================



Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: No



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H FAT32 Removable 1927 MB Healthy



======================================================================================================



==========================================================



Last Boot: 2012-04-18 22:43



======================= End Of Log ==========================
  • 0

#40
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Sorry, it won't happen again I promise.

OK.

Now the current Non Booting issue with your machine after running my last Custom OTL Script is actually my fault it transpires via myself incorrectly taking into account how your particular machine is set up...

I apologise most profusely about this and sincerely hope you will accept! If not and you wish for another helper to take over assisting you...I will understand as to why and arrange such. In this situation which is a first for me being honest I could have chosen to hide this salient fact from you but being the individual I am and my own conscience etc I could never do such.

If you wish my continued assistance carry out the below and or let myself know if you want another helper to take over. Either is absolutely fine by myself.

Next:

Boot your machine to the System Recovery Options and run FRST64 again as oulined here again.

Once FRST64 is launched:-

Type the following in the edit box after "Search:".

msiexec.exe;ntoskrnl.exe;rdvgkmd.sys;WatAdminSvc.exe

Note: The file names should be separated by a semicolon (;)

It then should look like:

Search: msiexec.exe;ntoskrnl.exe;rdvgkmd.sys;WatAdminSvc.exe

Click on the Search button and post the log (Search.txt that will have been saved to your USB/Flash drive) for my review and we will go from there, thank you.
  • 0

Advertisements


#41
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts

Now the current Non Booting issue with your machine after running my last Custom OTL Script is actually my fault it transpires via myself incorrectly taking into account how your particular machine is set up...

I apologise most profusely about this and sincerely hope you will accept! If not and you wish for another helper to take over assisting you...I will understand as to why and arrange such. In this situation which is a first for me being honest I could have chosen to hide this salient fact from you but being the individual I am and my own conscience etc I could never do such.


It's ok - everyone makes mistakes occasionally. Otherwise, we have nothing to learn from. I will probably have made quite a few of my own before I get to your level in terms of malware removal.

That said, I really did not account for the possibility of dealing with an inoperable machine - especially now with such a heavy workload. As a result, expediency has become a much more important factor than it was earlier. With that in mind, I have decided that it would be easier for me to just backup my important data, nuke the hard drive and start from scratch with a clean install. As I have already done the former, and as I type this I have a friend helping me with the latter. So, thanks for all your thus far, and that you were willing to own up to your mistake. If there is anything you can recommend regarding safety and prevention once I'm back up and running I'd love to hear it. Otherwise, thanks again for all your help.
  • 0

#42
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

It's ok - everyone makes mistakes occasionally. Otherwise, we have nothing to learn from. I will probably have made quite a few of my own before I get to your level in terms of malware removal.

Thank you...and aye very true plus no one is infallible least of all myself and as you mentioned we do learn from mistakes made. ;)

Malware Removal is not easy especially via the medium we use but can be very rewarding non the less. As with anything with regards too Malware Removal as a whole such has progressively gotten that much harder over the years and will very probably continue to do so and even now at my stage of online support still learning all the time. Anyway good luck with your Anti-Malware training here with GeekU!

That said, I really did not account for the possibility of dealing with an inoperable machine - especially now with such a heavy workload. As a result, expediency has become a much more important factor than it was earlier. With that in mind, I have decided that it would be easier for me to just backup my important data, nuke the hard drive and start from scratch with a clean install.

Unfortunately it is best to be prepared for the unexpected, as in have backups at hand/create such on a regular basis. Something to bare in mind if not aware is a feature with Windows 7 called System Image:-

Back up your programs, system settings, and files

Most useful and negates the fact from actually having to use say a machines vendor software and or a third party for example. Which will put your machine back to the point created without a loss of say critical updates, software and documents etc.

As I have already done the former, and as I type this I have a friend helping me with the latter. So, thanks for all your thus far, and that you were willing to own up to your mistake. If there is anything you can recommend regarding safety and prevention once I'm back up and running I'd love to hear it. Otherwise, thanks again for all your help.

OK and fair play and you are most welcome! As for my mistake, aye hands up as they say and as mentioned in a prior post about such I could not in good conscience hide the fact end off!

Giving the main infection your machine was compromised with such a course of action is actually prudent. For example if my machine was infected thus I would try to eradicate it and learn how it gained a foothold/what exactly had done...but ultimately carry out either a System Image reinitialisation or a reformat and reinstallation of the Windows Operating System for example.

By all means I will provide some advice about online safety etc...

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you re-download/install from here. Check for updates and run a scan once a week.

Other installed security software:

If you opted to re-install, Symantec Endpoint Protection, it automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Note: If you have not opted to re-install Symantec Endpoint Protection regardless how long left on the subscription, either of the following freeware Anti-Virus software are a excellent alternative:-

Erunt:

Emergency Recovery Utility NT, I advice you re-download/install from here. As a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is upto date:

Via the Secunia Online Software Inspector

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#43
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP