TechSpot

[Closed] Computer goes into restart cycle

By nwaters31
Aug 21, 2012
  1. Ever since I installed Microsoft Security Essentials on my partner's laptop when I startup it says "windows has encountered a critical error and must restart in one minute. Please save your work". I cannot get it to cancel the auto shutdown even with "shutdown -a" in cmd. I tried using kaspersky disc 10 and it found several Trojans and 1 virus but on restarting the problem still remained.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  3. nwaters31

    nwaters31 TS Rookie Topic Starter

    ***FRST Log***
    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 21-08-2012 02
    Ran by SYSTEM at 22-08-2012 09:36:04
    Running from G:\
    Windows Vista (TM) Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
    HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
    HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174616 2007-07-24] (Intel Corporation)
    HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [51048 2007-08-24] (Symantec Corporation)
    HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-09-19] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8497696 2007-09-19] (NVIDIA Corporation)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-25] (Microsoft Corporation)
    HKU\Anton\...\Run: [Ekapx] C:\Users\Anton\AppData\Roaming\Hasyo\qomai.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
    AppInit_DLLs:
    IMEO: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\AcroRd32.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\agent.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\blasterball3-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\chuzzle-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\diner dash-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\dpexpimp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\dpfplogonmanager.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\dpproperties.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\dpregapp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\dprunhlp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\fate-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\golf-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\granny-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\hpwucli.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\insaniquariumdeluxe-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\isuspm.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\itunes.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\jewelquest-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\jqsolitaire-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\mahjong-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\maze-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\mga-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\onplay.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\otto-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\penguins-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\polar-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\presentationhost.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\qp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\qpmanager.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\racing-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\regmech.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\ricochet-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\slingo-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\ssp-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\tradewinds-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\virtualvillagers-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\winbej2-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\wonders-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IMEO\zuma-wt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    Lsa: [Notification Packages] scecli
    DPPWDFLT

    ================================ Services (Whitelisted) ==================

    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
    2 gupdate1ca536734e0efb0; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-10-22] (Google Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-25] (Microsoft Corporation)
    3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-25] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2011-08-17] ()
    2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2011-08-17] ()
    2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [183808 2012-04-02] ()
    4 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-09-30] ()
    4 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-09-30] ()
    2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()
    3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1245064 2008-10-24] ()
    2 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe" [1528672 2012-05-29] (TuneUp Software)
    2 ccEvtMgr; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
    2 ccSetMgr; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
    2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
    3 comHost; "c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [x]
    4 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
    2 LiveUpdate Notice; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

    ========================== Drivers (Whitelisted) =============

    3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
    3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
    3 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [180272 2007-08-15] (Symantec Corporation)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-10-24] (Symantec Corporation)
    3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation)
    3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation)
    3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2007-08-13] (Symantec Corporation)
    1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188464 2007-08-13] (Symantec Corporation)
    3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-07] (TuneUp Software)
    2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\QuickPlay\000.fcl [39408 2007-09-30] (Cyberlink Corp.)
    4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
    2 CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-21 05:40 - 2012-08-21 07:32 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
    2012-08-20 19:47 - 2012-08-20 19:30 - 14229744 ____N (DT Soft Ltd) C:\Users\Anton\Desktop\DTLite4454-0315.exe
    2012-08-20 19:45 - 2012-08-20 19:42 - 274393088 ____N C:\Users\Anton\Desktop\kav_rescue_10.iso
    2012-08-20 19:44 - 2012-08-20 19:44 - 00000728 ____A C:\Users\Anton\Desktop\shutdown (2).lnk
    2012-08-20 19:23 - 2012-08-20 19:24 - 00000728 ____A C:\Users\Anton\Desktop\shutdown.lnk
    2012-08-20 19:20 - 2012-08-20 19:20 - 00000174 ____A C:\Users\Anton\Desktop\New Shortcut.lnk
    2012-08-20 19:02 - 2012-08-20 19:02 - 00000000 ____D C:\Users\Anton\My Documents\My Weblog Posts
    2012-08-20 19:02 - 2012-08-20 19:02 - 00000000 ____D C:\Users\Anton\Documents\My Weblog Posts
    2012-08-20 19:02 - 2012-08-20 19:02 - 00000000 ____D C:\Users\Anton\Application Data\Windows Live Writer
    2012-08-20 19:02 - 2012-08-20 19:02 - 00000000 ____D C:\Users\Anton\AppData\Roaming\Windows Live Writer
    2012-08-20 18:43 - 2012-08-20 18:43 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-20 18:42 - 2012-08-20 18:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-20 18:41 - 2012-08-20 18:42 - 00981754 ____A C:\Users\All Users\LUUNINSTALL.LIVEUPDATE
    2012-08-20 18:41 - 2012-08-20 18:42 - 00981754 ____A C:\Users\All Users\Application Data\LUUNINSTALL.LIVEUPDATE
    2012-08-20 18:39 - 2012-08-20 18:40 - 10288512 ____A (Microsoft Corporation) C:\Users\Anton\Downloads\mseinstall (1).exe
    2012-08-20 18:35 - 2012-08-20 18:35 - 12621696 ____A (Microsoft Corporation) C:\Users\Anton\Downloads\mseinstall.exe
    2012-08-20 04:29 - 2012-08-20 05:15 - 00000000 ____D C:\Users\Anton\Desktop\Exam Revision
    2012-08-19 19:15 - 2012-08-19 19:15 - 00001865 ____A C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
    2012-08-19 19:15 - 2012-08-19 19:15 - 00001865 ____A C:\Users\All Users\Desktop\TuneUp Utilities 2012.lnk
    2012-08-19 19:15 - 2012-05-29 03:16 - 00031584 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
    2012-08-19 19:15 - 2012-05-29 03:16 - 00021344 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
    2012-08-19 19:14 - 2012-08-19 19:15 - 00000000 ____D C:\Program Files\TuneUp Utilities 2012
    2012-08-19 19:14 - 2012-08-19 19:14 - 00000000 ____D C:\Users\Anton\Application Data\TuneUp Software
    2012-08-19 19:14 - 2012-08-19 19:14 - 00000000 ____D C:\Users\Anton\AppData\Roaming\TuneUp Software
    2012-08-19 19:13 - 2012-08-19 19:15 - 00000000 ____D C:\Users\All Users\TuneUp Software
    2012-08-19 19:13 - 2012-08-19 19:15 - 00000000 ____D C:\Users\All Users\Application Data\TuneUp Software
    2012-08-19 19:13 - 2012-08-19 19:13 - 00000000 __SHD C:\Users\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-08-19 19:13 - 2012-08-19 19:13 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-08-19 19:10 - 2012-08-19 19:10 - 27930544 ____A (TuneUp Software) C:\Users\Anton\Downloads\TuneUpUtilities2012_en-US.exe
    2012-08-19 19:10 - 2012-08-19 19:10 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-08-19 19:10 - 2012-08-19 19:10 - 00001894 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
    2012-08-19 19:10 - 2012-08-19 19:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2012-08-19 19:02 - 2012-08-19 19:03 - 54476696 ____A (Adobe Systems Incorporated) C:\Users\Anton\Downloads\AdbeRdr1013_en_US.exe
    2012-08-18 21:32 - 2012-08-18 21:32 - 12430576 ____A C:\Users\Anton\Downloads\E4E1.tmp
    2012-08-18 01:25 - 2012-08-18 01:25 - 00000000 ____D C:\Users\Anton\Downloads\Rocky IV
    2012-08-18 01:23 - 2012-08-18 01:23 - 00028508 ____A C:\Users\Anton\Downloads\[isoHunt] Rocky IV.torrent
    2012-08-12 06:22 - 2012-08-12 06:22 - 00007223 ____A C:\Users\Anton\Downloads\[isoHunt] The.Office.6x22.(HDTV-2HD)[VTV].torrent
    2012-08-12 02:56 - 2012-08-12 06:00 - 183543738 ____A C:\Users\Anton\Downloads\The.Office.S06E22.HDTV.XviD-2HD.[VTV].avi
    2012-08-12 02:52 - 2012-08-12 02:58 - 00000000 ____D C:\Users\Anton\Downloads\The Office US - The Complete Season 7 [HDTV]
    2012-08-12 02:52 - 2012-08-12 02:52 - 00007243 ____A C:\Users\Anton\Downloads\[isoHunt] The.Office.S06E22.HDTV.XviD-2HD.[VTV].avi.torrent
    2012-08-12 02:51 - 2012-08-12 02:51 - 00025720 ____A C:\Users\Anton\Downloads\[isoHunt] The Office US - The Complete Season 7 [HDTV].torrent
    2012-08-12 02:34 - 2012-08-12 02:36 - 00000000 ____D C:\Users\Anton\Downloads\Contraband.2012.DVDRip.XViD-NYDIC
    2012-08-12 02:33 - 2012-08-12 02:33 - 00057584 ____A C:\Users\Anton\Downloads\[isoHunt] b3c62d331bffd81e9422284d5a0bcbd9a451eb6e.torrent
    2012-08-10 09:27 - 2012-08-10 09:27 - 00000000 ____D C:\Program Files\Oracle
    2012-08-10 09:26 - 2012-07-05 04:36 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-08-10 09:25 - 2012-08-10 09:25 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-08-10 09:25 - 2012-08-10 09:25 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-08-10 09:23 - 2012-08-10 09:23 - 00893936 ____A (Oracle Corporation) C:\Users\Anton\Downloads\chromeinstall-7u5.exe
    2012-08-09 01:03 - 2012-08-09 02:11 - 00000000 ____D C:\Users\Anton\Downloads\Colditz-AC3-5,1-DVDRip[Eng]2005
    2012-08-09 00:59 - 2012-08-09 00:59 - 00018657 ____A C:\Users\Anton\Downloads\[isoHunt] Colditz-AC3-5,1-DVDRip[Eng]2005.torrent
    2012-08-03 20:41 - 2012-08-03 20:43 - 00000000 ____D C:\Users\Anton\Downloads\The Office Season 2
    2012-08-03 03:29 - 2012-08-03 03:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-03 03:29 - 2012-08-03 03:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-03 01:25 - 2012-08-03 01:25 - 00000000 ____D C:\Users\Anton\Downloads\The Office Season 1
    2012-08-01 18:54 - 2012-08-01 19:02 - 183292780 ____A C:\Users\Anton\Downloads\The.Office.S08E15.HDTV.XviD-LOL.[VTV].avi
    2012-08-01 18:53 - 2012-08-01 19:00 - 00000000 ____D C:\Users\Anton\Downloads\The Office S08E14 REPACK HDTV XviD-2HD[ettv]
    2012-08-01 18:41 - 2012-08-01 18:52 - 161865412 ____A C:\Users\Anton\Downloads\The.Office.S08E24.HDTV.x264-LOL.[VTV].mp4
    2012-08-01 18:41 - 2012-08-01 18:50 - 181691335 ____A C:\Users\Anton\Downloads\The.Office.S08E22.HDTV.x264-LOL.[VTV].mp4
    2012-08-01 18:41 - 2012-08-01 18:50 - 168553581 ____A C:\Users\Anton\Downloads\The.Office.S08E23.HDTV.x264-LOL.[VTV].mp4
    2012-08-01 18:13 - 2012-08-01 18:19 - 179694184 ____A C:\Users\Anton\Downloads\The.Office.S08E21.HDTV.x264-LOL.[VTV].mp4
    2012-08-01 18:04 - 2012-08-02 16:35 - 00000000 ____D C:\Users\Anton\Downloads\The Office S08E19 HDTV XviD-2HD[ettv]
    2012-08-01 18:04 - 2012-08-01 18:17 - 188600132 ____A C:\Users\Anton\Downloads\The Office Episode 20.mp4
    2012-08-01 18:03 - 2012-08-02 16:33 - 00000000 ____D C:\Users\Anton\Downloads\The Office US S08E17 HDTV XviD-2HD[ettv]
    2012-08-01 17:26 - 2012-08-02 16:34 - 00000000 ____D C:\Users\Anton\Downloads\The Office S08E18 HDTV XviD-2HD[ettv]
    2012-08-01 17:25 - 2012-08-01 17:38 - 00000000 ____D C:\Users\Anton\Downloads\The Office US S08E16 HDTV XviD-2HD[ettv]
    2012-07-31 20:46 - 2012-07-31 20:46 - 00015652 ____A C:\Users\Anton\Downloads\The.Office.US.S08E16.HDTV.XviD-2HD_[www.NewTorrents.info].torrent
    2012-07-31 20:45 - 2012-07-31 20:45 - 00292688 ____A (Premium) C:\Users\Anton\Downloads\DownloadSetup (1).exe
    2012-07-31 20:42 - 2012-08-10 09:19 - 00000000 ____D C:\Users\Anton\Desktop\Essay 2
    2012-07-31 14:59 - 2012-07-31 15:08 - 182819188 ____A C:\Users\Anton\Downloads\The.Office.S08E13.HDTV.XviD-LOL.[VTV].avi
    2012-07-31 14:58 - 2012-07-31 15:09 - 183572480 ____A C:\Users\Anton\Downloads\The.Office.S08E12.HDTV.XviD-LOL.[VTV].avi
    2012-07-31 14:57 - 2012-07-31 15:03 - 183489168 ____A C:\Users\Anton\Downloads\The.Office.S08E11.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 19:49 - 2012-07-30 20:03 - 182619500 ____A C:\Users\Anton\Downloads\The.Office.S08E09.HDTV.XviD-2HD.[VTV].avi
    2012-07-30 19:49 - 2012-07-30 20:00 - 183495174 ____A C:\Users\Anton\Downloads\The.Office.S08E10.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 19:48 - 2012-07-30 20:00 - 183560192 ____A C:\Users\Anton\Downloads\The.Office.S08E08.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 18:33 - 2012-07-30 18:41 - 182990426 ____A C:\Users\Anton\Downloads\The.Office.S08E07.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 18:32 - 2012-07-30 18:43 - 183501592 ____A C:\Users\Anton\Downloads\The.Office.S08E05.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 18:32 - 2012-07-30 18:42 - 183551314 ____A C:\Users\Anton\Downloads\The.Office.S08E06.HDTV.XviD-LOL.[VTV].avi
    2012-07-29 21:30 - 2012-07-29 21:48 - 00000000 ____D C:\Users\Anton\Downloads\The Office S08E04 HDTV XviD-LOL
    2012-07-29 21:26 - 2012-07-29 21:30 - 183062774 ____A C:\Users\Anton\Downloads\The.Office.S08E03.HDTV.XviD-LOL.[VTV].avi
    2012-07-29 01:58 - 2012-07-29 02:04 - 183584342 ____A C:\Users\Anton\Downloads\The.Office.S08E02.HDTV.XviD-LOL.[VTV].avi
    2012-07-29 01:53 - 2012-07-29 02:00 - 183574086 ____A C:\Users\Anton\Downloads\The.Office.S08E01.HDTV.XviD-LOL.[VTV].avi
    2012-07-27 01:36 - 2012-08-05 22:38 - 00000000 ____D C:\Users\Anton\Application Data\Olekyq
    2012-07-27 01:36 - 2012-08-05 22:38 - 00000000 ____D C:\Users\Anton\AppData\Roaming\Olekyq
    2012-07-27 01:36 - 2012-07-27 01:36 - 00000000 ____D C:\Users\Anton\Application Data\Yqoqve
    2012-07-27 01:36 - 2012-07-27 01:36 - 00000000 ____D C:\Users\Anton\AppData\Roaming\Yqoqve
    2012-07-26 04:47 - 2012-08-02 18:59 - 00012320 ____A C:\Users\Anton\My Documents\WIGHT2012.TAX
    2012-07-26 04:47 - 2012-08-02 18:59 - 00012320 ____A C:\Users\Anton\Documents\WIGHT2012.TAX
    2012-07-26 04:47 - 2012-07-31 22:11 - 00011408 ____A C:\Users\Anton\My Documents\WIGHT2012.BAK
    2012-07-26 04:47 - 2012-07-31 22:11 - 00011408 ____A C:\Users\Anton\Documents\WIGHT2012.BAK
    2012-07-26 04:37 - 2012-07-26 04:37 - 00000400 ____A C:\Users\Anton\My Documents\ANTHONY2012.TAX
    2012-07-26 04:37 - 2012-07-26 04:37 - 00000400 ____A C:\Users\Anton\Documents\ANTHONY2012.TAX
    2012-07-26 04:21 - 2012-07-26 04:21 - 00001422 ____A C:\Users\Anton\Desktop\e-tax 2012.lnk
    2012-07-26 04:21 - 2012-07-26 04:21 - 00000627 ____A C:\Users\Anton\Desktop\e-tax 2012_uninstall.lnk
    2012-07-26 04:21 - 2012-07-26 04:21 - 00000000 ____D C:\Users\Anton\Local Settings\etax2012
    2012-07-26 04:21 - 2012-07-26 04:21 - 00000000 ____D C:\Users\Anton\Local Settings\Application Data\etax2012
    2012-07-26 04:21 - 2012-07-26 04:21 - 00000000 ____D C:\Users\Anton\AppData\Local\etax2012
    2012-07-26 04:20 - 2012-07-26 04:21 - 00000000 ____D C:\Users\Anton\Desktop\help
    2012-07-26 04:18 - 2012-07-26 04:18 - 09369600 ____A C:\Users\Anton\Downloads\etax2012_1.msi
    2012-07-25 03:27 - 2012-07-25 03:29 - 00000000 ____D C:\Users\Anton\Downloads\Independence Day Special Edition dvd rip xvd.Rets
    2012-07-25 03:19 - 2012-07-25 03:31 - 324136329 ____A C:\Users\Anton\Downloads\[clips4sale.com]071812VF_DoublePop.wmv
    2012-07-24 03:20 - 2012-07-24 03:23 - 00000000 ____D C:\Users\Anton\Downloads\Iron Man 2[2010]DvDrip[Eng]-FXG
    2012-07-24 03:19 - 2012-07-24 03:31 - 00000000 ____D C:\Users\Anton\Downloads\Planet Of The Apes 2001 DVDRip XviD-iNNERCORE (Kingdom-Release)
    2012-07-23 05:02 - 2012-07-23 05:02 - 00047104 ____A C:\Users\Anton\Downloads\20680-b16-Australia (Australia).xls
    2012-07-23 00:16 - 2012-07-23 00:42 - 00000000 ____D C:\Users\Anton\Downloads\Scream 4


    ============ 3 Months Modified Files ========================

    2012-08-20 22:57 - 2008-12-16 01:42 - 00027335 ____A C:\Users\Anton\Application Data\nvModes.001
    2012-08-20 22:57 - 2008-12-16 01:42 - 00027335 ____A C:\Users\Anton\AppData\Roaming\nvModes.001
    2012-08-20 22:56 - 2009-10-22 14:39 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-20 22:56 - 2008-12-20 05:44 - 00279040 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-20 22:55 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-20 22:55 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-20 22:55 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-20 19:44 - 2012-08-20 19:44 - 00000728 ____A C:\Users\Anton\Desktop\shutdown (2).lnk
    2012-08-20 19:42 - 2012-08-20 19:45 - 274393088 ____N C:\Users\Anton\Desktop\kav_rescue_10.iso
    2012-08-20 19:30 - 2012-08-20 19:47 - 14229744 ____N (DT Soft Ltd) C:\Users\Anton\Desktop\DTLite4454-0315.exe
    2012-08-20 19:24 - 2012-08-20 19:23 - 00000728 ____A C:\Users\Anton\Desktop\shutdown.lnk
    2012-08-20 19:20 - 2012-08-20 19:20 - 00000174 ____A C:\Users\Anton\Desktop\New Shortcut.lnk
    2012-08-20 19:18 - 2008-12-16 01:48 - 00148480 ____A C:\Users\Anton\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-20 19:18 - 2008-12-16 01:48 - 00148480 ____A C:\Users\Anton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-20 19:18 - 2008-12-16 01:48 - 00148480 ____A C:\Users\Anton\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-20 19:12 - 2008-12-17 16:29 - 00000836 ____A C:\Windows\bthservsdp.dat
    2012-08-20 19:12 - 2006-11-02 05:01 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-20 18:55 - 2008-10-24 07:55 - 00080230 ____A C:\Windows\PFRO.log
    2012-08-20 18:44 - 2008-10-24 09:48 - 01980948 ____A C:\Windows\WindowsUpdate.log
    2012-08-20 18:43 - 2012-08-20 18:43 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-20 18:42 - 2012-08-20 18:41 - 00981754 ____A C:\Users\All Users\LUUNINSTALL.LIVEUPDATE
    2012-08-20 18:42 - 2012-08-20 18:41 - 00981754 ____A C:\Users\All Users\Application Data\LUUNINSTALL.LIVEUPDATE
    2012-08-20 18:42 - 2006-11-02 02:33 - 00789240 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-20 18:40 - 2012-08-20 18:39 - 10288512 ____A (Microsoft Corporation) C:\Users\Anton\Downloads\mseinstall (1).exe
    2012-08-20 18:35 - 2012-08-20 18:35 - 12621696 ____A (Microsoft Corporation) C:\Users\Anton\Downloads\mseinstall.exe
    2012-08-20 18:32 - 2009-10-22 14:39 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-20 18:26 - 2008-10-24 09:59 - 00004549 ____A C:\Windows\HPQLB.LOG
    2012-08-20 17:47 - 2008-11-14 04:13 - 00107216 ____A C:\Users\Anton\Local Settings\GDIPFONTCACHEV1.DAT
    2012-08-20 17:47 - 2008-11-14 04:13 - 00107216 ____A C:\Users\Anton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-08-20 17:47 - 2008-11-14 04:13 - 00107216 ____A C:\Users\Anton\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-20 17:46 - 2008-10-24 09:59 - 00000163 ____A C:\Users\Public\Documents\hpqp.ini
    2012-08-20 17:46 - 2008-10-24 09:59 - 00000163 ____A C:\Users\All Users\Documents\hpqp.ini
    2012-08-20 01:36 - 2006-11-02 04:47 - 00389320 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-19 19:15 - 2012-08-19 19:15 - 00001865 ____A C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
    2012-08-19 19:15 - 2012-08-19 19:15 - 00001865 ____A C:\Users\All Users\Desktop\TuneUp Utilities 2012.lnk
    2012-08-19 19:10 - 2012-08-19 19:10 - 27930544 ____A (TuneUp Software) C:\Users\Anton\Downloads\TuneUpUtilities2012_en-US.exe
    2012-08-19 19:10 - 2012-08-19 19:10 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-08-19 19:10 - 2012-08-19 19:10 - 00001894 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
    2012-08-19 19:03 - 2012-08-19 19:02 - 54476696 ____A (Adobe Systems Incorporated) C:\Users\Anton\Downloads\AdbeRdr1013_en_US.exe
    2012-08-19 18:51 - 2008-12-16 01:42 - 00027335 ____A C:\Users\Anton\Application Data\nvModes.dat
    2012-08-19 18:51 - 2008-12-16 01:42 - 00027335 ____A C:\Users\Anton\AppData\Roaming\nvModes.dat
    2012-08-18 21:32 - 2012-08-18 21:32 - 12430576 ____A C:\Users\Anton\Downloads\E4E1.tmp
    2012-08-18 01:23 - 2012-08-18 01:23 - 00028508 ____A C:\Users\Anton\Downloads\[isoHunt] Rocky IV.torrent
    2012-08-12 06:22 - 2012-08-12 06:22 - 00007223 ____A C:\Users\Anton\Downloads\[isoHunt] The.Office.6x22.(HDTV-2HD)[VTV].torrent
    2012-08-12 06:00 - 2012-08-12 02:56 - 183543738 ____A C:\Users\Anton\Downloads\The.Office.S06E22.HDTV.XviD-2HD.[VTV].avi
    2012-08-12 02:52 - 2012-08-12 02:52 - 00007243 ____A C:\Users\Anton\Downloads\[isoHunt] The.Office.S06E22.HDTV.XviD-2HD.[VTV].avi.torrent
    2012-08-12 02:51 - 2012-08-12 02:51 - 00025720 ____A C:\Users\Anton\Downloads\[isoHunt] The Office US - The Complete Season 7 [HDTV].torrent
    2012-08-12 02:33 - 2012-08-12 02:33 - 00057584 ____A C:\Users\Anton\Downloads\[isoHunt] b3c62d331bffd81e9422284d5a0bcbd9a451eb6e.torrent
    2012-08-10 09:32 - 2012-05-06 23:26 - 00000117 ____A C:\Users\Anton\webct_upload_applet.properties
    2012-08-10 09:25 - 2012-08-10 09:25 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-08-10 09:25 - 2012-08-10 09:25 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-08-10 09:23 - 2012-08-10 09:23 - 00893936 ____A (Oracle Corporation) C:\Users\Anton\Downloads\chromeinstall-7u5.exe
    2012-08-09 00:59 - 2012-08-09 00:59 - 00018657 ____A C:\Users\Anton\Downloads\[isoHunt] Colditz-AC3-5,1-DVDRip[Eng]2005.torrent
    2012-08-03 14:50 - 2008-12-17 16:28 - 00007592 ____A C:\Users\Anton\Local Settings\d3d9caps.dat
    2012-08-03 14:50 - 2008-12-17 16:28 - 00007592 ____A C:\Users\Anton\Local Settings\Application Data\d3d9caps.dat
    2012-08-03 14:50 - 2008-12-17 16:28 - 00007592 ____A C:\Users\Anton\AppData\Local\d3d9caps.dat
    2012-08-03 03:29 - 2012-08-03 03:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-03 03:29 - 2012-08-03 03:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-02 18:59 - 2012-07-26 04:47 - 00012320 ____A C:\Users\Anton\My Documents\WIGHT2012.TAX
    2012-08-02 18:59 - 2012-07-26 04:47 - 00012320 ____A C:\Users\Anton\Documents\WIGHT2012.TAX
    2012-08-01 19:02 - 2012-08-01 18:54 - 183292780 ____A C:\Users\Anton\Downloads\The.Office.S08E15.HDTV.XviD-LOL.[VTV].avi
    2012-08-01 18:52 - 2012-08-01 18:41 - 161865412 ____A C:\Users\Anton\Downloads\The.Office.S08E24.HDTV.x264-LOL.[VTV].mp4
    2012-08-01 18:50 - 2012-08-01 18:41 - 181691335 ____A C:\Users\Anton\Downloads\The.Office.S08E22.HDTV.x264-LOL.[VTV].mp4
    2012-08-01 18:50 - 2012-08-01 18:41 - 168553581 ____A C:\Users\Anton\Downloads\The.Office.S08E23.HDTV.x264-LOL.[VTV].mp4
    2012-08-01 18:19 - 2012-08-01 18:13 - 179694184 ____A C:\Users\Anton\Downloads\The.Office.S08E21.HDTV.x264-LOL.[VTV].mp4
    2012-08-01 18:17 - 2012-08-01 18:04 - 188600132 ____A C:\Users\Anton\Downloads\The Office Episode 20.mp4
    2012-07-31 22:11 - 2012-07-26 04:47 - 00011408 ____A C:\Users\Anton\My Documents\WIGHT2012.BAK
    2012-07-31 22:11 - 2012-07-26 04:47 - 00011408 ____A C:\Users\Anton\Documents\WIGHT2012.BAK
    2012-07-31 20:46 - 2012-07-31 20:46 - 00015652 ____A C:\Users\Anton\Downloads\The.Office.US.S08E16.HDTV.XviD-2HD_[www.NewTorrents.info].torrent
    2012-07-31 20:45 - 2012-07-31 20:45 - 00292688 ____A (Premium) C:\Users\Anton\Downloads\DownloadSetup (1).exe
    2012-07-31 15:09 - 2012-07-31 14:58 - 183572480 ____A C:\Users\Anton\Downloads\The.Office.S08E12.HDTV.XviD-LOL.[VTV].avi
    2012-07-31 15:08 - 2012-07-31 14:59 - 182819188 ____A C:\Users\Anton\Downloads\The.Office.S08E13.HDTV.XviD-LOL.[VTV].avi
    2012-07-31 15:03 - 2012-07-31 14:57 - 183489168 ____A C:\Users\Anton\Downloads\The.Office.S08E11.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 20:03 - 2012-07-30 19:49 - 182619500 ____A C:\Users\Anton\Downloads\The.Office.S08E09.HDTV.XviD-2HD.[VTV].avi
    2012-07-30 20:00 - 2012-07-30 19:49 - 183495174 ____A C:\Users\Anton\Downloads\The.Office.S08E10.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 20:00 - 2012-07-30 19:48 - 183560192 ____A C:\Users\Anton\Downloads\The.Office.S08E08.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 18:43 - 2012-07-30 18:32 - 183501592 ____A C:\Users\Anton\Downloads\The.Office.S08E05.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 18:42 - 2012-07-30 18:32 - 183551314 ____A C:\Users\Anton\Downloads\The.Office.S08E06.HDTV.XviD-LOL.[VTV].avi
    2012-07-30 18:41 - 2012-07-30 18:33 - 182990426 ____A C:\Users\Anton\Downloads\The.Office.S08E07.HDTV.XviD-LOL.[VTV].avi
    2012-07-29 21:30 - 2012-07-29 21:26 - 183062774 ____A C:\Users\Anton\Downloads\The.Office.S08E03.HDTV.XviD-LOL.[VTV].avi
    2012-07-29 02:04 - 2012-07-29 01:58 - 183584342 ____A C:\Users\Anton\Downloads\The.Office.S08E02.HDTV.XviD-LOL.[VTV].avi
    2012-07-29 02:00 - 2012-07-29 01:53 - 183574086 ____A C:\Users\Anton\Downloads\The.Office.S08E01.HDTV.XviD-LOL.[VTV].avi
    2012-07-26 04:37 - 2012-07-26 04:37 - 00000400 ____A C:\Users\Anton\My Documents\ANTHONY2012.TAX
    2012-07-26 04:37 - 2012-07-26 04:37 - 00000400 ____A C:\Users\Anton\Documents\ANTHONY2012.TAX
    2012-07-26 04:21 - 2012-07-26 04:21 - 00001422 ____A C:\Users\Anton\Desktop\e-tax 2012.lnk
    2012-07-26 04:21 - 2012-07-26 04:21 - 00000627 ____A C:\Users\Anton\Desktop\e-tax 2012_uninstall.lnk
    2012-07-26 04:18 - 2012-07-26 04:18 - 09369600 ____A C:\Users\Anton\Downloads\etax2012_1.msi
    2012-07-25 03:31 - 2012-07-25 03:19 - 324136329 ____A C:\Users\Anton\Downloads\[clips4sale.com]071812VF_DoublePop.wmv
    2012-07-23 09:35 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
    2012-07-23 09:32 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-23 05:02 - 2012-07-23 05:02 - 00047104 ____A C:\Users\Anton\Downloads\20680-b16-Australia (Australia).xls
    2012-07-09 04:29 - 2006-11-02 04:52 - 00033707 ____A C:\Windows\setupact.log
    2012-07-09 04:24 - 2012-07-09 04:24 - 02428362 ____A (A-PDF.com ) C:\Users\Anton\Downloads\a-pdf-mg.exe
    2012-07-05 04:36 - 2012-08-10 09:26 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-07-05 04:36 - 2012-07-22 18:43 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
    2012-07-05 04:36 - 2012-04-12 22:41 - 00687544 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-06-28 03:11 - 2012-06-28 03:11 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-28 03:11 - 2012-06-28 03:11 - 00001728 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
    2012-06-28 03:08 - 2012-06-28 03:06 - 39401336 ____A (Apple Inc.) C:\Users\Anton\Downloads\QuickTimeInstaller.exe
    2012-06-27 00:38 - 2012-06-27 00:38 - 00006865 ____A C:\Users\Anton\Desktop\Institute of Public Affairs Australia.htm
    2012-06-13 05:07 - 2012-06-13 04:49 - 736284672 ____A C:\Users\Anton\Downloads\Hard Target(Van Damme)[1993]DvDrip[Eng]-prithwi.avi
    2012-06-12 15:01 - 2012-06-12 15:01 - 00082420 ____A C:\Users\Anton\Desktop\Police Health Online.htm
    2012-06-11 00:42 - 2012-06-11 00:42 - 00089883 ____A C:\Users\Anton\Desktop\Assessment Processes.htm
    2012-06-11 00:23 - 2012-06-11 00:23 - 00138176 ____A C:\Windows\Minidump\Mini061112-01.dmp
    2012-06-11 00:23 - 2012-06-11 00:22 - 314165493 ____A C:\Windows\MEMORY.DMP
    2012-06-07 17:50 - 2012-06-07 17:50 - 00730624 ____A C:\Users\Anton\Desktop\etaxHelp.exe
    2012-06-07 17:50 - 2012-06-07 17:50 - 00044544 ____A C:\Users\Anton\Desktop\VMem.dll
    2012-06-07 17:47 - 2012-06-07 17:47 - 04606976 ____A C:\Users\Anton\Desktop\etax2012.exe
    2012-06-07 17:37 - 2012-06-07 17:37 - 03623365 ____A C:\Users\Anton\Desktop\PrintScreen.rav
    2012-06-03 22:36 - 2012-06-03 22:36 - 00357474 ____A C:\Users\Anton\Desktop\PrintScreen_InformationOnly.rav
    2012-05-31 00:59 - 2012-05-31 00:58 - 00100499 ____A C:\Users\Anton\Desktop\Unibooks - Home.htm
    2012-05-30 18:55 - 2009-10-23 01:43 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 03:16 - 2012-08-19 19:15 - 00031584 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
    2012-05-29 03:16 - 2012-08-19 19:15 - 00021344 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll


    ZeroAccess:
    C:\Windows\Installer\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}
    C:\Windows\Installer\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}\@
    C:\Windows\Installer\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}\L
    C:\Windows\Installer\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}\U
    C:\Windows\Installer\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}\U\00000001.@

    ZeroAccess:
    C:\Users\Anton\AppData\Local\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}
    C:\Users\Anton\AppData\Local\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}\@
    C:\Users\Anton\AppData\Local\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}\L
    C:\Users\Anton\AppData\Local\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}\U
    C:\Users\Anton\AppData\Local\{a54a366c-6e87-0d6e-91c4-600c59fb6d64}\U\00000001.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2008-12-20 05:44] - [2012-08-20 22:56] - 0279040 ____A (Microsoft Corporation) 60FAB074393CB3F0331DFB86891A7F91

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 17%
    Total physical RAM: 3069.81 MB
    Available physical RAM: 2531.37 MB
    Total Pagefile: 2786.24 MB
    Available Pagefile: 2600.94 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1983.55 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:222.35 GB) (Free:17.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:80 GB) NTFS
    3 Drive e: (HP_RECOVERY) (Fixed) (Total:10.53 GB) (Free:2.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive g: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 1528 KB
    Disk 1 Online 233 GB 1528 KB
    Disk 2 Online 124 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 222 GB 32 KB
    Partition 2 Primary 11 GB 222 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 C OS NTFS Partition 222 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E HP_RECOVERY NTFS Partition 11 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 233 GB 32 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D DATA NTFS Partition 233 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 124 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 G FAT Removable 124 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-20 18:44

    ======================= End Of Log ==========================


    ***Search Log***

    Farbar Recovery Scan Tool Version: 21-08-2012 02
    Ran by SYSTEM at 2012-08-22 09:38:35
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-12-20 05:44] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
    [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

    C:\Windows\System32\services.exe
    [2008-12-20 05:44] - [2012-08-20 22:56] - 0279040 ____A (Microsoft Corporation) 60FAB074393CB3F0331DFB86891A7F91

    C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-10-24 05:08] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    === End Of Search ===
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  5. nwaters31

    nwaters31 TS Rookie Topic Starter

    Just did the first part and tried to turn on the laptop but the screen is just staying black now and it stops making any noise after about 5 seconds.
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Turn the computer off for a while, then try again. Let me know if it works.

    If not, do you have the OEM discs?
     
  7. nwaters31

    nwaters31 TS Rookie Topic Starter

    It still isn't working and unfortunately no I don't have the discs...
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    • Download OTLPENet.exe to your desktop
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
    • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads [​IMG]
    • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
    • Insert the flash drive with FRST on it
    • Locate the flash drive and run FSRT
    • The tool will start to run.
    [​IMG]
    • When the tool opens click Yes to disclaimer.
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  9. nwaters31

    nwaters31 TS Rookie Topic Starter

    I tried it but the screen stays completely black and nothing happens. I think the only way to solve this is buying a new laptop thanks for your help though.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...