I extracted the files to the OTLPE folder on my desktop as instructed by step #3. I do not see a "Start" from step #4, no disclaimers came up to finish that step.
This is what is in the new folder. What do I need to click on before doing step #5?
Invalid Partition Table after running TDSS Killer
Started by
Skiminims
, Aug 03 2012 03:31 PM
#16
Posted 05 August 2012 - 12:14 PM
Skiminims
- Topic Starter
-
- Member
-
- 63 posts
Member
I extracted the files to the OTLPE folder on my desktop as instructed by step #3. I do not see a "Start" from step #4, no disclaimers came up to finish that step.
This is what is in the new folder. What do I need to click on before doing step #5?
#17
Posted 05 August 2012 - 04:19 PM
Amlak
-
- Member
-
- 1,470 posts
Member 1K
I apologize for the incomplete instructions. Please remove the GParted disc and insert a new blank DVD. Then proceed with the instructions as below:
- Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.
- Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
- Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
- Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:
- Click on Start, accept the disclaimers and wait for the program to finish.
Your bootable CD/DVD should now be ready!
- Download Farbar Recovery Scan Tool and save it to a flash drive.
- Connect the flash drive containing FRST.exe to the computer with the boot issue.
- Set the infected computer to boot from CD/DVD then let it boot into Reatogo.
- Locate the flash drive with FRST and double click it.
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.
#18
Posted 05 August 2012 - 04:27 PM
Amlak
-
- Member
-
- 1,470 posts
Member 1K
Please ignore my above post and do the following. This one is the complete one I have. Once again, really sorry.
- Download Farbar Recovery Scan Tool and save it to a flash drive.
- Download OTLPEStd.exe to your desktop.
- Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe. The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
- Once the CD is burned, boot the Non working computer using the boot CD you just created. For more information, click here
- Don't forget to connect the flash drive to the computer before you boot from the CD.
- Your system should now display a REATOGO-X-PE desktop.
- Locate the flash drive with FRST and double click it.
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.
#19
Posted 05 August 2012 - 05:19 PM
Skiminims
- Topic Starter
-
- Member
-
- 63 posts
Member
thank you for the new instructions! Much easier to follow! Here is the log:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 05-08-2012 19:14:42
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE [x]
HKLM\...\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe" [139264 2005-12-09] (Alcor Micro, Corp.)
HKLM\...\Run: [CHotkey] zHotkey.exe [x]
HKLM\...\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup [7311360 2005-11-30] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] "nwiz.exe" /install [x]
HKLM\...\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2005-11-30] (NVIDIA Corporation)
HKLM\...\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe [331776 2006-03-20] ()
HKLM\...\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2006-01-13] (HP)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [36352 2008-08-03] ()
HKLM\...\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA [77891 2001-08-17] (U.S. Robotics Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2221352 2008-06-08] (Nero AG)
HKLM\...\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2011-09-30] (Sun Microsystems, Inc.)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKU\Administrator\...\Run: [Power2GoExpress] NA [x]
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\Run: [Power2GoExpress] NA [x]
HKU\Owner.Lindsay\...\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [196608 2005-06-08] (Logitech Inc.)
HKU\Owner.Lindsay\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-02] (DT Soft Ltd)
HKU\Owner.Lindsay\...\Run: [Starfield Updater] "C:\Program Files\Workspace\WorkspaceUpdate.exe" [34496 2011-09-02] ()
HKU\Owner.Lindsay\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Owner.Lindsay\...\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Owner.Lindsay\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\WRNotifier: WRLogonNTF.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
HKLM\...\InprocServer32: [Default-wbem] \\.\globalroot\systemroot\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\n. ATTENTION! ====> ZeroAccess
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
================================ Services (Whitelisted) ==================
3 Adobe LM Service; "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2008-07-01] ()
2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-07-31] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1174824 2012-07-18] (Starfield Technologies)
3 Macromedia Licensing Service; "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" [68096 2008-06-30] ()
2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-13] (Skype Technologies)
2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 PCTAVSvc; "C:\Antivirus\PC Tools AntiVirus\PCTAVSvc.exe" [x]
========================== Drivers (Whitelisted) =============
3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-07-03] (AVAST Software)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices)
3 aracpi; C:\Windows\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)
3 arhidfltr; C:\Windows\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)
3 arkbcfltr; C:\Windows\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)
3 armoucfltr; C:\Windows\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)
3 ARPolicy; C:\Windows\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35928 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [3266560 2008-08-01] (ATI Technologies Inc.)
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2007-10-07] ()
2 AVFilter; C:\Windows\System32\drivers\AVFilter.sys [15872 2007-08-07] (PC Tools Research Pty Ltd)
3 AVHook; C:\Windows\System32\drivers\AVHook.sys [22528 2007-06-18] (PC Tools Research Pty Ltd.)
3 AVRec; C:\Windows\System32\drivers\AVRec.sys [15872 2007-06-18] (PC Tools Research Pty Ltd )
3 basic2; C:\Windows\System32\DRIVERS\HSF_BSC2.sys [67167 2001-08-17] (Conexant)
2 Ca533av; C:\Windows\System32\Drivers\Ca533av.sys [515803 2002-10-21] (Digital Camera)
2 Ca536av; C:\Windows\System32\Drivers\Ca536av.sys [514859 2003-09-05] (Digital Camera)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9336 2007-03-07] (Sonic Solutions)
1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9464 2007-03-07] (Sonic Solutions)
3 cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-12-26] (DT Soft Ltd)
3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
4 Evf_umpapsa; C:\WINDOWS\system32\drivers\acpiec.sys [11648 2004-08-10] (Microsoft Corporation)
2 Fallback; C:\Windows\System32\DRIVERS\HSF_FALL.sys [289887 2001-08-17] (Conexant)
2 Fsks; C:\Windows\System32\DRIVERS\HSF_FSKS.sys [115807 2001-08-17] (Conexant)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1035008 2008-10-24] (Conexant Systems, Inc.)
3 hsf_msft; C:\Windows\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
2 K56; C:\Windows\System32\DRIVERS\HSF_K56K.sys [391199 2001-08-17] (Conexant)
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2007-10-07] ()
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-05-27] (Logitech Inc.)
3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 ndiscm; C:\Windows\System32\DRIVERS\NetMotCM.sys [15360 2004-09-29] (Motorola Inc.)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 NeroCd2k; C:\Windows\System32\drivers\NeroCd2k.sys [44227 2008-07-17] (ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: [email protected])
3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34048 2005-07-28] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-07-28] (NVIDIA Corporation)
3 PID_08A0; C:\Windows\System32\DRIVERS\LV302AV.SYS [913280 2005-05-27] (Logitech Inc.)
4 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2006-11-25] (New Boundary Technologies, Inc.)
3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
3 Rksample; C:\Windows\System32\DRIVERS\HSF_SAMP.sys [57471 2001-08-17] (Conexant)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMI.sys [3682240 2008-07-17] (Realtek Semiconductor Corp.)
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [108800 2008-06-30] (Realtek Semiconductor Corporation )
3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2008-07-03] (MCCI Corporation)
3 s616mdfl; C:\Windows\System32\DRIVERS\s616mdfl.sys [15112 2007-04-03] (MCCI Corporation)
3 s616mdm; C:\Windows\System32\DRIVERS\s616mdm.sys [108680 2007-04-03] (MCCI Corporation)
3 s616mgmt; C:\Windows\System32\DRIVERS\s616mgmt.sys [100360 2007-04-03] (MCCI Corporation)
3 s616nd5; C:\Windows\System32\DRIVERS\s616nd5.sys [23176 2007-04-03] (MCCI Corporation)
3 s616obex; C:\Windows\System32\DRIVERS\s616obex.sys [98568 2007-04-03] (MCCI Corporation)
3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [99080 2007-04-03] (MCCI Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
2 SoftFax; C:\Windows\System32\DRIVERS\HSF_FAXX.sys [199711 2001-08-17] (Conexant)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tapvpn; C:\Windows\System32\DRIVERS\tapvpn.sys [27136 2009-05-14] (The OpenVPN Project)
2 Tones; C:\Windows\System32\DRIVERS\HSF_TONE.sys [50751 2001-08-17] (Conexant)
3 USBCamera; C:\Windows\System32\Drivers\Bulk533.sys [10986 2002-07-25] (USB BULK)
3 USRpdA; C:\Windows\System32\DRIVERS\USRpdA.sys [113762 2001-08-17] (U.S. Robotics Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
3 .dtsoftbus01; \* [x]
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
3 FXDrv32; \??\E:\FXDrv32.sys [x]
1 lbrtfdc; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 Simbad; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
============ One Month Created Files and Folders ==============
2012-08-05 19:14 - 2012-08-05 19:14 - 00000000 ____D C:\FRST
2012-08-03 16:45 - 2012-08-03 16:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-03 16:36 - 2012-08-03 16:36 - 02136664 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2012-08-03 14:13 - 2012-08-03 14:13 - 00000000 ____D C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\Skyrim
2012-08-03 13:58 - 2010-02-04 11:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-08-03 13:58 - 2010-02-04 11:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-08-03 13:58 - 2010-02-04 11:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-08-03 13:58 - 2010-02-04 11:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-08-03 13:58 - 2009-09-04 18:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-08-03 13:58 - 2009-09-04 18:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-08-03 13:58 - 2009-09-04 18:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-08-03 13:58 - 2009-09-04 18:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-08-03 13:58 - 2009-03-16 15:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-08-03 13:58 - 2009-03-16 15:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-08-03 13:58 - 2009-03-16 15:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-08-03 13:58 - 2009-03-09 16:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-08-03 13:58 - 2009-03-09 16:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-08-03 13:58 - 2009-03-09 16:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-08-03 13:58 - 2008-10-27 11:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-08-03 13:58 - 2008-10-27 11:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-08-03 13:58 - 2008-10-27 11:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-08-03 13:58 - 2008-10-15 07:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-08-03 13:58 - 2008-10-15 07:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-08-03 13:58 - 2008-10-15 07:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-08-03 13:57 - 2008-10-27 11:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-08-03 13:56 - 2012-08-03 13:58 - 00000000 ____D C:\Windows\LastGood
2012-08-03 13:48 - 2012-08-03 13:48 - 00000638 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\Shortcut to Steam.lnk
2012-08-03 13:37 - 2012-08-03 14:21 - 00000000 ____D C:\Program Files\Steam
2012-08-03 12:46 - 2012-08-03 12:46 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-08-02 14:40 - 2012-08-02 14:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\offsync
2012-08-01 10:37 - 2012-08-01 13:44 - 00000000 ___RD C:\Program Files\Skype
2012-08-01 10:37 - 2012-08-01 10:37 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-07-30 00:13 - 2012-07-30 00:31 - 00016384 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Morgaine.wps
2012-07-28 18:15 - 2012-08-03 13:03 - 00000000 ____D C:\Documents and Settings\Owner.Lindsay\Application Data\vlc
2012-07-28 18:14 - 2012-07-28 18:14 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2012-07-28 18:13 - 2012-07-28 18:13 - 00000000 ____D C:\Program Files\VideoLAN
2012-07-25 10:39 - 2012-07-25 10:39 - 00000046 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Notes.txt
2012-07-25 10:22 - 2012-07-25 10:22 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-07-25 10:22 - 2012-07-25 10:22 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-07-23 15:22 - 2012-07-23 15:03 - 248808301 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\GlowPeep.wmv
2012-07-19 13:59 - 2012-07-19 14:48 - 00000278 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Car Repair.txt
2012-07-18 00:27 - 2012-07-18 00:27 - 00094208 ____A C:\Windows\Minidump\Mini071712-01.dmp
2012-07-14 00:34 - 2012-07-13 23:16 - 157831257 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\bow giveaway.wmv
2012-07-13 12:37 - 2012-07-11 13:20 - 259010143 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\BowTuningVideoPeepSight3mbps.wmv
2012-07-09 13:20 - 2012-07-09 13:20 - 00094208 ____A C:\Windows\Minidump\Mini070912-01.dmp
============ 3 Months Modified Files ========================
2012-08-03 16:47 - 2011-06-16 23:24 - 02054360 ____A C:\Windows\WindowsUpdate.log
2012-08-03 16:47 - 2006-06-17 05:45 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-08-03 16:36 - 2012-08-03 16:36 - 02136664 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2012-08-03 16:31 - 2006-06-17 05:45 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-08-03 16:31 - 2006-06-17 05:45 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-08-03 16:30 - 2006-06-16 22:30 - 00287704 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-03 16:28 - 2011-06-30 13:41 - 00000370 ____A C:\Windows\wiadebug.log
2012-08-03 16:28 - 2011-06-30 13:40 - 00032610 ____A C:\Windows\SchedLgU.Txt
2012-08-03 16:28 - 2009-10-14 22:30 - 00196608 ____A C:\Windows\System32\config\ACEEvent.evt
2012-08-03 16:28 - 2006-11-25 01:17 - 00000178 __ASH C:\Documents and Settings\Owner.Lindsay\ntuser.ini
2012-08-03 16:28 - 2006-06-17 05:45 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 15:55 - 2007-01-10 01:22 - 00171520 ____A C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-03 15:48 - 2010-01-18 19:27 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-03 14:12 - 2011-07-29 22:31 - 00167168 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-08-03 14:11 - 2011-06-17 11:37 - 00159707 ____A C:\Windows\updspapi.log
2012-08-03 14:11 - 2011-06-17 11:09 - 00039756 ____A C:\Windows\spupdsvc.log
2012-08-03 14:11 - 2011-06-17 11:08 - 00678527 ____A C:\Windows\setupapi.log
2012-08-03 14:10 - 2006-06-16 22:31 - 00006608 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 13:48 - 2012-08-03 13:48 - 00000638 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\Shortcut to Steam.lnk
2012-08-03 13:46 - 2012-07-05 01:46 - 00000364 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-08-03 13:01 - 2007-01-27 01:08 - 00039860 ____A C:\Documents and Settings\Owner.Lindsay\Application Data\wklnhst.dat
2012-08-03 05:48 - 2010-01-18 19:27 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-02 18:25 - 2011-09-02 00:04 - 01205222 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\WorkspaceInstall.log
2012-08-02 18:25 - 2011-09-02 00:03 - 00151284 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\WorkspaceUpdate.log
2012-08-02 18:25 - 2011-06-30 13:41 - 00000048 ____A C:\Windows\wiaservc.log
2012-08-02 18:25 - 2006-06-17 05:23 - 00012648 ____A C:\Windows\System32\wpa.dbl
2012-08-02 18:24 - 2011-09-02 00:03 - 00037138 ____A C:\Windows\offSyncService.log
2012-08-02 18:24 - 2008-07-06 11:07 - 00003568 ____A C:\Windows\System32\ativvaxx.cap
2012-08-02 18:24 - 2006-11-25 01:17 - 00000062 __ASH C:\Documents and Settings\Owner.Lindsay\Local Settings\desktop.ini
2012-08-02 18:24 - 2006-06-17 05:45 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-08-02 14:25 - 2011-12-23 21:32 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2012-07-31 23:07 - 2007-02-11 22:10 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-07-30 19:50 - 2006-12-16 15:20 - 00000260 ____A C:\Windows\Tasks\Disk Cleanup.job
2012-07-30 19:23 - 2011-12-29 22:07 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-30 00:31 - 2012-07-30 00:13 - 00016384 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Morgaine.wps
2012-07-28 18:14 - 2012-07-28 18:14 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2012-07-26 23:26 - 2011-09-30 00:50 - 00000438 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\offSyncService.log
2012-07-25 10:39 - 2012-07-25 10:39 - 00000046 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Notes.txt
2012-07-23 15:03 - 2012-07-23 15:22 - 248808301 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\GlowPeep.wmv
2012-07-19 14:48 - 2012-07-19 13:59 - 00000278 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Car Repair.txt
2012-07-18 00:27 - 2012-07-18 00:27 - 00094208 ____A C:\Windows\Minidump\Mini071712-01.dmp
2012-07-13 23:16 - 2012-07-14 00:34 - 157831257 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\bow giveaway.wmv
2012-07-13 20:26 - 2011-06-17 11:39 - 00007680 ____A C:\Windows\wmsetup.log
2012-07-12 11:06 - 2006-06-19 00:25 - 00084464 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-07-11 13:20 - 2012-07-13 12:37 - 259010143 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\BowTuningVideoPeepSight3mbps.wmv
2012-07-09 13:20 - 2012-07-09 13:20 - 00094208 ____A C:\Windows\Minidump\Mini070912-01.dmp
2012-07-05 01:46 - 2006-11-25 00:16 - 00002625 ____A C:\Windows\System32\CONFIG.NT
2012-07-03 15:12 - 2012-07-03 15:17 - 356681525 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\brushawg.wmv
2012-07-03 14:46 - 2011-07-30 19:34 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 12:21 - 2011-06-16 19:59 - 00097608 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon2.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00089624 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 12:21 - 2011-06-16 19:59 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00025256 ____A (AVAST Software) C:\Windows\System32\Drivers\aavmker4.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-26 18:44 - 2011-06-17 12:20 - 00003112 ____A C:\Windows\medblker.Log
2012-06-26 18:44 - 2011-06-17 11:34 - 00128818 ____A C:\Windows\MedCtrOC.log
2012-06-26 18:29 - 2012-04-14 20:03 - 00021577 ____A C:\Windows\KB2646524.log
2012-06-26 18:29 - 2012-04-14 20:03 - 00021566 ____A C:\Windows\KB2544893-v2.log
2012-06-26 18:29 - 2011-06-17 11:34 - 01438751 ____A C:\Windows\iis6.log
2012-06-26 18:29 - 2011-06-17 11:34 - 01335538 ____A C:\Windows\FaxSetup.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00635725 ____A C:\Windows\ocgen.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00608422 ____A C:\Windows\tsoc.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00409316 ____A C:\Windows\msmqinst.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00299137 ____A C:\Windows\comsetup.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00233602 ____A C:\Windows\netfxocm.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00180724 ____A C:\Windows\ntdtcsetup.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00148772 ____A C:\Windows\plusoc.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00069192 ____A C:\Windows\ehOCGen.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00067332 ____A C:\Windows\tabletoc.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00066588 ____A C:\Windows\msgsocm.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00049409 ____A C:\Windows\ocmsn.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00001374 ____A C:\Windows\imsins.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00001374 ____A C:\Windows\imsins.BAK
2012-06-26 18:28 - 2012-04-14 20:03 - 00021757 ____A C:\Windows\KB2585542.log
2012-06-26 18:28 - 2012-04-14 20:02 - 00020490 ____A C:\Windows\KB2631813.log
2012-06-26 18:28 - 2012-04-14 20:01 - 00020793 ____A C:\Windows\KB2598479.log
2012-06-26 18:24 - 2012-04-14 20:01 - 00019506 ____A C:\Windows\KB2624667.log
2012-06-26 18:22 - 2012-06-26 18:22 - 00010388 ____A C:\Windows\KB2603381.log
2012-06-26 18:17 - 2012-06-26 18:17 - 00004777 ____A C:\Windows\KB2633952.log
2012-06-26 18:17 - 2012-04-14 19:49 - 00018116 ____A C:\Windows\KB2653956.log
2012-06-26 18:17 - 2007-02-18 05:01 - 00487740 ____A C:\Windows\System32\TZLog.log
2012-06-26 18:12 - 2012-06-26 18:12 - 00009267 ____A C:\Windows\KB2618451.log
2012-06-26 18:00 - 2012-06-26 18:00 - 00009760 ____A C:\Windows\KB2661637.log
2012-06-26 18:00 - 2012-04-14 19:42 - 00016278 ____A C:\Windows\KB2620712.log
2012-06-26 17:59 - 2012-06-26 17:58 - 00015202 ____A C:\Windows\KB2628259.log
2012-06-26 17:59 - 2012-04-14 19:42 - 00015843 ____A C:\Windows\KB2584146.log
2012-06-26 14:48 - 2012-06-26 14:48 - 00001688 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\sims2.txt
2012-06-19 09:18 - 2010-05-23 13:43 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-06-19 09:12 - 2012-06-19 09:12 - 00230808 ___RA (Coupons, Inc.) C:\Windows\System32\cpnprt2.cid
2012-06-02 16:19 - 2007-05-23 12:44 - 00022040 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll.mui
2012-06-02 16:19 - 2007-05-23 12:44 - 00017944 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll.mui
2012-06-02 16:19 - 2007-05-23 12:44 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl.mui
2012-06-02 16:19 - 2007-05-23 12:44 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui
2012-06-02 16:19 - 2006-11-25 00:19 - 01933848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaueng.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00577048 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuapi.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00329240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wucltui.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00329240 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00219160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaucpl.cpl
2012-06-02 16:19 - 2006-11-25 00:19 - 00219160 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl
2012-06-02 16:19 - 2006-11-25 00:19 - 00210968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuweb.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00210968 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00053784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuauclt.exe
2012-06-02 16:19 - 2006-11-25 00:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 16:19 - 2006-11-25 00:19 - 00035864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wups.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 16:19 - 2006-11-25 00:15 - 00097304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cdm.dll
2012-06-02 16:19 - 2006-11-25 00:15 - 00097304 ____A (Microsoft Corporation) C:\Windows\System32\cdm.dll
2012-06-02 16:19 - 2005-05-26 06:16 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 16:18 - 2007-05-24 07:52 - 00017136 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll.mui
2012-06-02 16:18 - 2007-04-09 12:01 - 00275696 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll
2012-06-02 16:18 - 2005-05-26 05:19 - 00214256 ____A (Microsoft Corporation) C:\Windows\System32\muweb.dll
2012-05-29 19:01 - 2012-05-29 19:01 - 00000113 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\playlist.txt
2012-05-29 11:05 - 2012-05-29 11:05 - 00000005 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Element Code.txt
2012-05-24 18:55 - 2012-05-26 15:59 - 222136889 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\CurtisCustom.wmv
2012-05-21 10:49 - 2012-05-21 16:19 - 319801105 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\2012 hog hunt.wmv
ZeroAccess:
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\@
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\L
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\U
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\U\00000008.@
ZeroAccess:
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}\@
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}\L
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 2815.11 MB
Available physical RAM: 2530.06 MB
Total Pagefile: 2641.29 MB
Available Pagefile: 2573.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:227.51 GB) (Free:6.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (LEXAR MEDIA) (Fixed) (Total:0.12 GB) (Free:0.01 GB) FAT
4 Drive e: (RECOVERY) (Fixed) (Total:5.36 GB) (Free:2.11 GB) FAT32
5 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 118 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5499 MB 32 KB
Partition 2 Primary 228 GB 5499 MB
==================================================================================
Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY FAT32 Partition 5499 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 228 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 32 KB
==================================================================================
Disk: 1
Partition 1
Type : 04
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LEXAR MEDIA FAT Partition 122 MB Healthy
==================================================================================
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 05-08-2012 19:14:42
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE [x]
HKLM\...\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe" [139264 2005-12-09] (Alcor Micro, Corp.)
HKLM\...\Run: [CHotkey] zHotkey.exe [x]
HKLM\...\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup [7311360 2005-11-30] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] "nwiz.exe" /install [x]
HKLM\...\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2005-11-30] (NVIDIA Corporation)
HKLM\...\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe [331776 2006-03-20] ()
HKLM\...\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2006-01-13] (HP)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [36352 2008-08-03] ()
HKLM\...\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA [77891 2001-08-17] (U.S. Robotics Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2221352 2008-06-08] (Nero AG)
HKLM\...\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2011-09-30] (Sun Microsystems, Inc.)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKU\Administrator\...\Run: [Power2GoExpress] NA [x]
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\Run: [Power2GoExpress] NA [x]
HKU\Owner.Lindsay\...\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [196608 2005-06-08] (Logitech Inc.)
HKU\Owner.Lindsay\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-02] (DT Soft Ltd)
HKU\Owner.Lindsay\...\Run: [Starfield Updater] "C:\Program Files\Workspace\WorkspaceUpdate.exe" [34496 2011-09-02] ()
HKU\Owner.Lindsay\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Owner.Lindsay\...\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Owner.Lindsay\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\WRNotifier: WRLogonNTF.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
HKLM\...\InprocServer32: [Default-wbem] \\.\globalroot\systemroot\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\n. ATTENTION! ====> ZeroAccess
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
================================ Services (Whitelisted) ==================
3 Adobe LM Service; "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2008-07-01] ()
2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-07-31] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1174824 2012-07-18] (Starfield Technologies)
3 Macromedia Licensing Service; "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" [68096 2008-06-30] ()
2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-13] (Skype Technologies)
2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 PCTAVSvc; "C:\Antivirus\PC Tools AntiVirus\PCTAVSvc.exe" [x]
========================== Drivers (Whitelisted) =============
3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-07-03] (AVAST Software)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices)
3 aracpi; C:\Windows\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)
3 arhidfltr; C:\Windows\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)
3 arkbcfltr; C:\Windows\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)
3 armoucfltr; C:\Windows\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)
3 ARPolicy; C:\Windows\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35928 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [3266560 2008-08-01] (ATI Technologies Inc.)
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2007-10-07] ()
2 AVFilter; C:\Windows\System32\drivers\AVFilter.sys [15872 2007-08-07] (PC Tools Research Pty Ltd)
3 AVHook; C:\Windows\System32\drivers\AVHook.sys [22528 2007-06-18] (PC Tools Research Pty Ltd.)
3 AVRec; C:\Windows\System32\drivers\AVRec.sys [15872 2007-06-18] (PC Tools Research Pty Ltd )
3 basic2; C:\Windows\System32\DRIVERS\HSF_BSC2.sys [67167 2001-08-17] (Conexant)
2 Ca533av; C:\Windows\System32\Drivers\Ca533av.sys [515803 2002-10-21] (Digital Camera)
2 Ca536av; C:\Windows\System32\Drivers\Ca536av.sys [514859 2003-09-05] (Digital Camera)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9336 2007-03-07] (Sonic Solutions)
1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9464 2007-03-07] (Sonic Solutions)
3 cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-12-26] (DT Soft Ltd)
3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
4 Evf_umpapsa; C:\WINDOWS\system32\drivers\acpiec.sys [11648 2004-08-10] (Microsoft Corporation)
2 Fallback; C:\Windows\System32\DRIVERS\HSF_FALL.sys [289887 2001-08-17] (Conexant)
2 Fsks; C:\Windows\System32\DRIVERS\HSF_FSKS.sys [115807 2001-08-17] (Conexant)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1035008 2008-10-24] (Conexant Systems, Inc.)
3 hsf_msft; C:\Windows\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
2 K56; C:\Windows\System32\DRIVERS\HSF_K56K.sys [391199 2001-08-17] (Conexant)
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2007-10-07] ()
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-05-27] (Logitech Inc.)
3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 ndiscm; C:\Windows\System32\DRIVERS\NetMotCM.sys [15360 2004-09-29] (Motorola Inc.)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 NeroCd2k; C:\Windows\System32\drivers\NeroCd2k.sys [44227 2008-07-17] (ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: [email protected])
3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34048 2005-07-28] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-07-28] (NVIDIA Corporation)
3 PID_08A0; C:\Windows\System32\DRIVERS\LV302AV.SYS [913280 2005-05-27] (Logitech Inc.)
4 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2006-11-25] (New Boundary Technologies, Inc.)
3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
3 Rksample; C:\Windows\System32\DRIVERS\HSF_SAMP.sys [57471 2001-08-17] (Conexant)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMI.sys [3682240 2008-07-17] (Realtek Semiconductor Corp.)
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [108800 2008-06-30] (Realtek Semiconductor Corporation )
3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2008-07-03] (MCCI Corporation)
3 s616mdfl; C:\Windows\System32\DRIVERS\s616mdfl.sys [15112 2007-04-03] (MCCI Corporation)
3 s616mdm; C:\Windows\System32\DRIVERS\s616mdm.sys [108680 2007-04-03] (MCCI Corporation)
3 s616mgmt; C:\Windows\System32\DRIVERS\s616mgmt.sys [100360 2007-04-03] (MCCI Corporation)
3 s616nd5; C:\Windows\System32\DRIVERS\s616nd5.sys [23176 2007-04-03] (MCCI Corporation)
3 s616obex; C:\Windows\System32\DRIVERS\s616obex.sys [98568 2007-04-03] (MCCI Corporation)
3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [99080 2007-04-03] (MCCI Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
2 SoftFax; C:\Windows\System32\DRIVERS\HSF_FAXX.sys [199711 2001-08-17] (Conexant)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tapvpn; C:\Windows\System32\DRIVERS\tapvpn.sys [27136 2009-05-14] (The OpenVPN Project)
2 Tones; C:\Windows\System32\DRIVERS\HSF_TONE.sys [50751 2001-08-17] (Conexant)
3 USBCamera; C:\Windows\System32\Drivers\Bulk533.sys [10986 2002-07-25] (USB BULK)
3 USRpdA; C:\Windows\System32\DRIVERS\USRpdA.sys [113762 2001-08-17] (U.S. Robotics Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
3 .dtsoftbus01; \* [x]
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
3 FXDrv32; \??\E:\FXDrv32.sys [x]
1 lbrtfdc; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 Simbad; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
============ One Month Created Files and Folders ==============
2012-08-05 19:14 - 2012-08-05 19:14 - 00000000 ____D C:\FRST
2012-08-03 16:45 - 2012-08-03 16:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-03 16:36 - 2012-08-03 16:36 - 02136664 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2012-08-03 14:13 - 2012-08-03 14:13 - 00000000 ____D C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\Skyrim
2012-08-03 13:58 - 2010-02-04 11:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-08-03 13:58 - 2010-02-04 11:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-08-03 13:58 - 2010-02-04 11:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-08-03 13:58 - 2010-02-04 11:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-08-03 13:58 - 2009-09-04 18:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-08-03 13:58 - 2009-09-04 18:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-08-03 13:58 - 2009-09-04 18:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-08-03 13:58 - 2009-09-04 18:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-08-03 13:58 - 2009-03-16 15:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-08-03 13:58 - 2009-03-16 15:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-08-03 13:58 - 2009-03-16 15:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-08-03 13:58 - 2009-03-09 16:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-08-03 13:58 - 2009-03-09 16:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-08-03 13:58 - 2009-03-09 16:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-08-03 13:58 - 2008-10-27 11:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-08-03 13:58 - 2008-10-27 11:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-08-03 13:58 - 2008-10-27 11:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-08-03 13:58 - 2008-10-15 07:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-08-03 13:58 - 2008-10-15 07:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-08-03 13:58 - 2008-10-15 07:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-08-03 13:57 - 2008-10-27 11:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-08-03 13:56 - 2012-08-03 13:58 - 00000000 ____D C:\Windows\LastGood
2012-08-03 13:48 - 2012-08-03 13:48 - 00000638 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\Shortcut to Steam.lnk
2012-08-03 13:37 - 2012-08-03 14:21 - 00000000 ____D C:\Program Files\Steam
2012-08-03 12:46 - 2012-08-03 12:46 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-08-02 14:40 - 2012-08-02 14:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\offsync
2012-08-01 10:37 - 2012-08-01 13:44 - 00000000 ___RD C:\Program Files\Skype
2012-08-01 10:37 - 2012-08-01 10:37 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-07-30 00:13 - 2012-07-30 00:31 - 00016384 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Morgaine.wps
2012-07-28 18:15 - 2012-08-03 13:03 - 00000000 ____D C:\Documents and Settings\Owner.Lindsay\Application Data\vlc
2012-07-28 18:14 - 2012-07-28 18:14 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2012-07-28 18:13 - 2012-07-28 18:13 - 00000000 ____D C:\Program Files\VideoLAN
2012-07-25 10:39 - 2012-07-25 10:39 - 00000046 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Notes.txt
2012-07-25 10:22 - 2012-07-25 10:22 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-07-25 10:22 - 2012-07-25 10:22 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-07-23 15:22 - 2012-07-23 15:03 - 248808301 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\GlowPeep.wmv
2012-07-19 13:59 - 2012-07-19 14:48 - 00000278 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Car Repair.txt
2012-07-18 00:27 - 2012-07-18 00:27 - 00094208 ____A C:\Windows\Minidump\Mini071712-01.dmp
2012-07-14 00:34 - 2012-07-13 23:16 - 157831257 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\bow giveaway.wmv
2012-07-13 12:37 - 2012-07-11 13:20 - 259010143 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\BowTuningVideoPeepSight3mbps.wmv
2012-07-09 13:20 - 2012-07-09 13:20 - 00094208 ____A C:\Windows\Minidump\Mini070912-01.dmp
============ 3 Months Modified Files ========================
2012-08-03 16:47 - 2011-06-16 23:24 - 02054360 ____A C:\Windows\WindowsUpdate.log
2012-08-03 16:47 - 2006-06-17 05:45 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-08-03 16:36 - 2012-08-03 16:36 - 02136664 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2012-08-03 16:31 - 2006-06-17 05:45 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-08-03 16:31 - 2006-06-17 05:45 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-08-03 16:30 - 2006-06-16 22:30 - 00287704 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-03 16:28 - 2011-06-30 13:41 - 00000370 ____A C:\Windows\wiadebug.log
2012-08-03 16:28 - 2011-06-30 13:40 - 00032610 ____A C:\Windows\SchedLgU.Txt
2012-08-03 16:28 - 2009-10-14 22:30 - 00196608 ____A C:\Windows\System32\config\ACEEvent.evt
2012-08-03 16:28 - 2006-11-25 01:17 - 00000178 __ASH C:\Documents and Settings\Owner.Lindsay\ntuser.ini
2012-08-03 16:28 - 2006-06-17 05:45 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 15:55 - 2007-01-10 01:22 - 00171520 ____A C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-03 15:48 - 2010-01-18 19:27 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-03 14:12 - 2011-07-29 22:31 - 00167168 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-08-03 14:11 - 2011-06-17 11:37 - 00159707 ____A C:\Windows\updspapi.log
2012-08-03 14:11 - 2011-06-17 11:09 - 00039756 ____A C:\Windows\spupdsvc.log
2012-08-03 14:11 - 2011-06-17 11:08 - 00678527 ____A C:\Windows\setupapi.log
2012-08-03 14:10 - 2006-06-16 22:31 - 00006608 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 13:48 - 2012-08-03 13:48 - 00000638 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\Shortcut to Steam.lnk
2012-08-03 13:46 - 2012-07-05 01:46 - 00000364 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-08-03 13:01 - 2007-01-27 01:08 - 00039860 ____A C:\Documents and Settings\Owner.Lindsay\Application Data\wklnhst.dat
2012-08-03 05:48 - 2010-01-18 19:27 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-02 18:25 - 2011-09-02 00:04 - 01205222 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\WorkspaceInstall.log
2012-08-02 18:25 - 2011-09-02 00:03 - 00151284 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\WorkspaceUpdate.log
2012-08-02 18:25 - 2011-06-30 13:41 - 00000048 ____A C:\Windows\wiaservc.log
2012-08-02 18:25 - 2006-06-17 05:23 - 00012648 ____A C:\Windows\System32\wpa.dbl
2012-08-02 18:24 - 2011-09-02 00:03 - 00037138 ____A C:\Windows\offSyncService.log
2012-08-02 18:24 - 2008-07-06 11:07 - 00003568 ____A C:\Windows\System32\ativvaxx.cap
2012-08-02 18:24 - 2006-11-25 01:17 - 00000062 __ASH C:\Documents and Settings\Owner.Lindsay\Local Settings\desktop.ini
2012-08-02 18:24 - 2006-06-17 05:45 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-08-02 14:25 - 2011-12-23 21:32 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2012-07-31 23:07 - 2007-02-11 22:10 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-07-30 19:50 - 2006-12-16 15:20 - 00000260 ____A C:\Windows\Tasks\Disk Cleanup.job
2012-07-30 19:23 - 2011-12-29 22:07 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-30 00:31 - 2012-07-30 00:13 - 00016384 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Morgaine.wps
2012-07-28 18:14 - 2012-07-28 18:14 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2012-07-26 23:26 - 2011-09-30 00:50 - 00000438 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\offSyncService.log
2012-07-25 10:39 - 2012-07-25 10:39 - 00000046 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Notes.txt
2012-07-23 15:03 - 2012-07-23 15:22 - 248808301 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\GlowPeep.wmv
2012-07-19 14:48 - 2012-07-19 13:59 - 00000278 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Car Repair.txt
2012-07-18 00:27 - 2012-07-18 00:27 - 00094208 ____A C:\Windows\Minidump\Mini071712-01.dmp
2012-07-13 23:16 - 2012-07-14 00:34 - 157831257 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\bow giveaway.wmv
2012-07-13 20:26 - 2011-06-17 11:39 - 00007680 ____A C:\Windows\wmsetup.log
2012-07-12 11:06 - 2006-06-19 00:25 - 00084464 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-07-11 13:20 - 2012-07-13 12:37 - 259010143 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\BowTuningVideoPeepSight3mbps.wmv
2012-07-09 13:20 - 2012-07-09 13:20 - 00094208 ____A C:\Windows\Minidump\Mini070912-01.dmp
2012-07-05 01:46 - 2006-11-25 00:16 - 00002625 ____A C:\Windows\System32\CONFIG.NT
2012-07-03 15:12 - 2012-07-03 15:17 - 356681525 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\brushawg.wmv
2012-07-03 14:46 - 2011-07-30 19:34 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 12:21 - 2011-06-16 19:59 - 00097608 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon2.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00089624 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 12:21 - 2011-06-16 19:59 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00025256 ____A (AVAST Software) C:\Windows\System32\Drivers\aavmker4.sys
2012-07-03 12:21 - 2011-06-16 19:59 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-26 18:44 - 2011-06-17 12:20 - 00003112 ____A C:\Windows\medblker.Log
2012-06-26 18:44 - 2011-06-17 11:34 - 00128818 ____A C:\Windows\MedCtrOC.log
2012-06-26 18:29 - 2012-04-14 20:03 - 00021577 ____A C:\Windows\KB2646524.log
2012-06-26 18:29 - 2012-04-14 20:03 - 00021566 ____A C:\Windows\KB2544893-v2.log
2012-06-26 18:29 - 2011-06-17 11:34 - 01438751 ____A C:\Windows\iis6.log
2012-06-26 18:29 - 2011-06-17 11:34 - 01335538 ____A C:\Windows\FaxSetup.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00635725 ____A C:\Windows\ocgen.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00608422 ____A C:\Windows\tsoc.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00409316 ____A C:\Windows\msmqinst.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00299137 ____A C:\Windows\comsetup.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00233602 ____A C:\Windows\netfxocm.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00180724 ____A C:\Windows\ntdtcsetup.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00148772 ____A C:\Windows\plusoc.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00069192 ____A C:\Windows\ehOCGen.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00067332 ____A C:\Windows\tabletoc.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00066588 ____A C:\Windows\msgsocm.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00049409 ____A C:\Windows\ocmsn.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00001374 ____A C:\Windows\imsins.log
2012-06-26 18:29 - 2011-06-17 11:34 - 00001374 ____A C:\Windows\imsins.BAK
2012-06-26 18:28 - 2012-04-14 20:03 - 00021757 ____A C:\Windows\KB2585542.log
2012-06-26 18:28 - 2012-04-14 20:02 - 00020490 ____A C:\Windows\KB2631813.log
2012-06-26 18:28 - 2012-04-14 20:01 - 00020793 ____A C:\Windows\KB2598479.log
2012-06-26 18:24 - 2012-04-14 20:01 - 00019506 ____A C:\Windows\KB2624667.log
2012-06-26 18:22 - 2012-06-26 18:22 - 00010388 ____A C:\Windows\KB2603381.log
2012-06-26 18:17 - 2012-06-26 18:17 - 00004777 ____A C:\Windows\KB2633952.log
2012-06-26 18:17 - 2012-04-14 19:49 - 00018116 ____A C:\Windows\KB2653956.log
2012-06-26 18:17 - 2007-02-18 05:01 - 00487740 ____A C:\Windows\System32\TZLog.log
2012-06-26 18:12 - 2012-06-26 18:12 - 00009267 ____A C:\Windows\KB2618451.log
2012-06-26 18:00 - 2012-06-26 18:00 - 00009760 ____A C:\Windows\KB2661637.log
2012-06-26 18:00 - 2012-04-14 19:42 - 00016278 ____A C:\Windows\KB2620712.log
2012-06-26 17:59 - 2012-06-26 17:58 - 00015202 ____A C:\Windows\KB2628259.log
2012-06-26 17:59 - 2012-04-14 19:42 - 00015843 ____A C:\Windows\KB2584146.log
2012-06-26 14:48 - 2012-06-26 14:48 - 00001688 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\sims2.txt
2012-06-19 09:18 - 2010-05-23 13:43 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-06-19 09:12 - 2012-06-19 09:12 - 00230808 ___RA (Coupons, Inc.) C:\Windows\System32\cpnprt2.cid
2012-06-02 16:19 - 2007-05-23 12:44 - 00022040 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll.mui
2012-06-02 16:19 - 2007-05-23 12:44 - 00017944 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll.mui
2012-06-02 16:19 - 2007-05-23 12:44 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl.mui
2012-06-02 16:19 - 2007-05-23 12:44 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui
2012-06-02 16:19 - 2006-11-25 00:19 - 01933848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaueng.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00577048 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuapi.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00329240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wucltui.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00329240 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00219160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaucpl.cpl
2012-06-02 16:19 - 2006-11-25 00:19 - 00219160 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl
2012-06-02 16:19 - 2006-11-25 00:19 - 00210968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuweb.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00210968 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00053784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuauclt.exe
2012-06-02 16:19 - 2006-11-25 00:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 16:19 - 2006-11-25 00:19 - 00035864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wups.dll
2012-06-02 16:19 - 2006-11-25 00:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 16:19 - 2006-11-25 00:15 - 00097304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cdm.dll
2012-06-02 16:19 - 2006-11-25 00:15 - 00097304 ____A (Microsoft Corporation) C:\Windows\System32\cdm.dll
2012-06-02 16:19 - 2005-05-26 06:16 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 16:18 - 2007-05-24 07:52 - 00017136 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll.mui
2012-06-02 16:18 - 2007-04-09 12:01 - 00275696 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll
2012-06-02 16:18 - 2005-05-26 05:19 - 00214256 ____A (Microsoft Corporation) C:\Windows\System32\muweb.dll
2012-05-29 19:01 - 2012-05-29 19:01 - 00000113 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\playlist.txt
2012-05-29 11:05 - 2012-05-29 11:05 - 00000005 ____A C:\Documents and Settings\Owner.Lindsay\My Documents\Element Code.txt
2012-05-24 18:55 - 2012-05-26 15:59 - 222136889 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\CurtisCustom.wmv
2012-05-21 10:49 - 2012-05-21 16:19 - 319801105 ____A C:\Documents and Settings\Owner.Lindsay\Desktop\2012 hog hunt.wmv
ZeroAccess:
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\@
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\L
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\U
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\U\00000008.@
ZeroAccess:
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}\@
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}\L
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 2815.11 MB
Available physical RAM: 2530.06 MB
Total Pagefile: 2641.29 MB
Available Pagefile: 2573.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:227.51 GB) (Free:6.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (LEXAR MEDIA) (Fixed) (Total:0.12 GB) (Free:0.01 GB) FAT
4 Drive e: (RECOVERY) (Fixed) (Total:5.36 GB) (Free:2.11 GB) FAT32
5 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 118 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5499 MB 32 KB
Partition 2 Primary 228 GB 5499 MB
==================================================================================
Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY FAT32 Partition 5499 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 228 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 32 KB
==================================================================================
Disk: 1
Partition 1
Type : 04
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LEXAR MEDIA FAT Partition 122 MB Healthy
==================================================================================
======================= End Of Log ==========================
#20
Posted 06 August 2012 - 04:17 PM
Amlak
-
- Member
-
- 1,470 posts
Member 1K
- Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
- Right-click in the open notepad and select Paste).
- Save it on the flashdrive as fixlist.txt
HKLM\...\InprocServer32: [Default-wbem] \\.\globalroot\systemroot\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}\n. ATTENTION! ====> ZeroAccess
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330}
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330}
C:\Windows\assembly\GAC\Desktop.ini
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now connect the flash drive again to the concerned computer and boot back into the Reatogo environment.
- Once the Reatogo desktop has fully loaded, click the Start button and then click Run
- In the dialog box that appears, type in the following (and press Enter afterwards):
cmd
- In the command prompt window that appears, type in the following:
chkdsk /f c:
- Press Enter.
- If prompted, type Y and press Enter.
- Let the chkdsk process do its thing. Watch the screen every now and then and let me know if any errors come up on the black screen.
Once it's done, proceed with the following:
Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. And let me know if your system now boots in normally.
#21
Posted 06 August 2012 - 06:47 PM
Skiminims
- Topic Starter
-
- Member
-
- 63 posts
Member
Where and when do I enter the code for the fixlist.txt?
do I enter it it when I load FRST and hit fix?
do I enter it it when I load FRST and hit fix?
#22
Posted 06 August 2012 - 07:25 PM
Amlak
-
- Member
-
- 1,470 posts
Member 1K
Make sure the fixlist.txt file is in the same location as FRST and just hit the Fix button on FRST.
#23
Posted 06 August 2012 - 08:16 PM
Skiminims
- Topic Starter
-
- Member
-
- 63 posts
Member
No errors popped up during the check disk phase.
Log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-06 23:13:37 Run:1
Running from D:\
==============================================
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default value was restored successfully .
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330} moved successfully.
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330} moved successfully.
Could not move C:\Windows\assembly\GAC\Desktop.ini.
==== End of Fixlog ====
Log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-06 23:13:37 Run:1
Running from D:\
==============================================
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default value was restored successfully .
C:\Windows\Installer\{65081e7c-d21d-cb8f-f390-15e856d82330} moved successfully.
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{65081e7c-d21d-cb8f-f390-15e856d82330} moved successfully.
Could not move C:\Windows\assembly\GAC\Desktop.ini.
==== End of Fixlog ====
#24
Posted 06 August 2012 - 08:39 PM
Amlak
-
- Member
-
- 1,470 posts
Member 1K
Are you able to get into Windows now?
#25
Posted 06 August 2012 - 09:22 PM
Skiminims
- Topic Starter
-
- Member
-
- 63 posts
Member
No, it's giving me the same "Invalid Partition Table" upon boot.
#26
Posted 07 August 2012 - 03:49 AM
Amlak
-
- Member
-
- 1,470 posts
Member 1K
Can you tell me what you know about the drive that contains FRST. The log says it's a fixed drive, but it's supposed to be removable one. Just to be clear, and this is a stupid question, it's a removable drive, right? As in you can take it out and insert it back into the computer safely?
#27
Posted 07 August 2012 - 08:05 AM
Skiminims
- Topic Starter
-
- Member
-
- 63 posts
Member
Yes, it's a Lexamark Jumpdrive. It is removable.
#28
Posted 07 August 2012 - 10:38 AM
Amlak
-
- Member
-
- 1,470 posts
Member 1K
Ok, just as a test, could you remove it from the computer for now and try to boot into Windows?
Do you still get the error?
Do you still get the error?
#29
Posted 07 August 2012 - 11:24 AM
Skiminims
- Topic Starter
-
- Member
-
- 63 posts
Member
I removed both the jumpdrive and the boot disk from the computer and still got the same error "invalid partition table"
#30
Posted 08 August 2012 - 07:27 PM
Skiminims
- Topic Starter
-
- Member
-
- 63 posts
Member
Is there anything else I can try or am I out of luck on this one?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
