TechSpot

Laptop taken over by apype and smartwebsearch

Inactive
By frh
Nov 19, 2011
  1. frh

    frh TS Rookie Topic Starter Posts: 41

    Cannot get to X:\SOURCES

    Hi Broni,


    This is what I get on F8:


    Choose Advanced Options for : WIndows 7

    Repair your computer

    Safe Mode
    Safe Mode with networking
    Safe Mode with Command Prompt

    Enable Boot Logging
    Enable low-resolution video (640x480)
    Last Know Good Configuration (advanced)
    Directory Services Restore Mode
    Debugging Mode
    Disable automatic restart on system failure
    Disable Driver Signature Enforcement

    Start Windows normally



    There is no Command Prompt option other than that in Safe Mode. I am assuming that I need a command prompt outside of Windows. If I do go into the Safe Mode with Command Prompt option, I see a c: directory, and cannot switch to an x: drive.

    Where do I go from here please?

    Thanks.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Always read my instructions very carefully.
    Go back to my link and re-read.
    You should select "Repair your computer" and go from there.
     
  3. frh

    frh TS Rookie Topic Starter Posts: 41

    Repair Your Computer does not work

    Hello Broni,

    When I select "Repair Your Computer", I get the "Windows is loading files message", the load bar fills quickly, then nothing happens (no hard disk activity apparent). After several minutes the computer either shuts down, or (more frequently) Windows loads as normal.

    Now I am really worried!

    Thanks.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    You may be infected with the newest TDL rootkit.

    Let's see....

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  5. frh

    frh TS Rookie Topic Starter Posts: 41

    Farbars Scan Pt 1

    Hello Broni,

    Scan results below. Part 2 to follow.

    Thanks.




    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
    Ran by Daddy at 2011-12-02 19:31:00
    Running from C:\Users\Daddy\Desktop
    (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKU\Callum\...\Run: [49E.exe] C:\Users\Callum\AppData\Roaming\Microsoft\5487\49E.exe [x]
    HKU\Callum\...\Policies\system: [LogonHoursAction] 2
    HKU\Callum\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Callum\...\Winlogon: [Shell] explorer.exe,C:\Users\Callum\AppData\Roaming\7C4E8\1B154.exe
    HKU\Mummy\...\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1483264 2010-12-21] (Nokia)
    HKU\Mummy\...\Run: [49E.exe] C:\Users\Mummy\AppData\Roaming\Microsoft\5487\49E.exe [x]
    HKU\Mummy\...\Policies\system: [LogonHoursAction] 2
    HKU\Mummy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Mummy\...\Winlogon: [Shell] explorer.exe,C:\Users\Mummy\AppData\Roaming\7C4E8\1B154.exe
    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit]
    HKLM\...\Winlogon: [Shell]
    HKLM-x32\...\Winlogon: [Shell] [x x] ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2011-12-02 19:29 - 2011-12-02 19:29 - 1377555 ____A C:\Users\Daddy\Desktop\FRST64.exe
    2011-12-02 17:11 - 2011-12-02 17:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{75D25876-DFC9-46CE-8FA6-A1A4D0333732}
    2011-12-02 17:11 - 2011-12-02 17:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{23F59F62-B813-42C3-9AA7-79B301812A5C}
    2011-12-02 17:09 - 2011-12-02 17:09 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2011-12-02 03:14 - 2011-12-02 03:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4D3A0DE9-79BF-4A96-9587-7D20B51D9F6D}
    2011-12-02 03:14 - 2011-12-02 03:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{38C6A593-E2E2-4548-A14C-FB7A48D0748E}
    2011-11-30 17:23 - 2011-11-30 17:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{00D35B38-2BD4-43C5-B98B-80803CCE9E05}
    2011-11-30 17:20 - 2011-11-30 17:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{41F604B1-7952-4FCC-B3BD-D48773A07AFE}
    2011-11-30 01:57 - 2011-11-30 01:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B71767B9-24CC-44C7-9E7C-87B192CBB567}
    2011-11-30 01:56 - 2011-11-30 01:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{141C2DFB-3B3F-4776-8E5A-3E2C6311B18E}
    2011-11-28 22:20 - 2011-11-28 22:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7CD59C7A-EC7F-4846-917B-650FB762452F}
    2011-11-28 22:20 - 2011-11-28 22:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5F739D53-28FA-4F09-98B5-0375DE63C353}
    2011-11-28 22:05 - 2011-11-28 22:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A332030C-E9AA-41FD-9F2F-7D02DE43A06A}
    2011-11-28 22:05 - 2011-11-28 22:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C0656FEB-8730-4353-B909-79C532428744}
    2011-11-28 21:35 - 2011-11-28 21:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{78E5BE88-6B6B-4E58-A597-F7D775B25130}
    2011-11-28 21:35 - 2011-11-28 21:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7124B92C-B8B8-44D4-A2FA-7928624BAF5B}
    2011-11-28 21:22 - 2011-11-28 21:22 - 0000000 ____D C:\Users\Daddy\AppData\Local\{18CCCDB4-E314-4FA6-99A6-DB71B845B309}
    2011-11-25 01:54 - 2011-11-25 01:55 - 0000000 ____D C:\Users\Daddy\AppData\Local\{40CE25FE-D15D-4D0B-987C-5C9113588557}
    2011-11-25 01:54 - 2011-11-25 01:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{50EA1BFB-2778-474B-93DD-0BA170157FDD}
    2011-11-25 01:14 - 2011-11-25 01:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{89BD194E-4F8F-4E58-B153-86D99B480476}
    2011-11-25 01:14 - 2011-11-25 01:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3D4A723B-56FF-4B5F-AD60-2508F79947E4}
    2011-11-25 00:43 - 2011-11-25 00:43 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A95D7B9A-623F-4302-8928-0AF3F343AB2A}
    2011-11-25 00:01 - 2011-11-25 00:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C3A881C3-111D-4561-9CAF-76579F05299E}
    2011-11-25 00:01 - 2011-11-25 00:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5B3F9F57-B656-474C-88C1-2BBA55255297}
    2011-11-24 23:54 - 2011-11-24 23:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{429176A2-93EA-4819-9A84-1178ED124285}
    2011-11-24 23:53 - 2011-11-24 23:53 - 0000000 ____D C:\Users\Daddy\AppData\Local\{71F1FFCF-B71A-4D29-9948-8AED955B7765}
    2011-11-24 23:33 - 2011-11-24 23:33 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4861B47-7B36-40F8-BA06-4BA188030F09}
    2011-11-24 23:32 - 2011-11-24 23:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{8EA97EC2-96CB-4F17-B46C-752F041700B9}
    2011-11-24 23:30 - 2011-11-24 23:30 - 0262144 ____A C:\Windows\Minidump\112411-18891-01.dmp
    2011-11-24 22:42 - 2011-11-24 22:45 - 0058583 ____A C:\Users\Daddy\Desktop\bootkit_remover_debug_log.txt
    2011-11-24 22:40 - 2011-11-24 22:41 - 0000000 ____D C:\Users\Daddy\Desktop\bootkit_remover
    2011-11-24 22:40 - 2011-11-24 22:40 - 0044607 ____A C:\Users\Daddy\Desktop\bootkit_remover.zip
    2011-11-24 22:36 - 2011-11-24 22:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B47FE670-5C7E-4ABE-8A30-4789A0F02657}
    2011-11-24 22:36 - 2011-11-24 22:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{9CF922DA-F8BF-4BB1-9015-BD08920AA2AC}
    2011-11-24 00:16 - 2011-11-24 00:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{09FBBCF3-C3D8-479A-877F-A23EBE64071D}
    2011-11-24 00:16 - 2011-11-24 00:16 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5C8551E3-24B0-419B-84CD-A35AAE7EFADE}
    2011-11-23 20:39 - 2011-11-23 20:39 - 0000000 ____D C:\Users\Daddy\AppData\Local\{21BE17EA-E82B-4677-993A-0C90B19D9242}
    2011-11-23 20:38 - 2011-11-23 20:39 - 0000000 ____D C:\Users\Daddy\AppData\Local\{18634E2E-BF1E-40E7-A771-9F9A385BD597}
    2011-11-23 00:20 - 2011-11-23 00:21 - 0000000 ____D C:\Users\Daddy\AppData\Local\{69E76B89-68CD-45C8-8F02-D5EF7AE1A0EA}
    2011-11-23 00:20 - 2011-11-23 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{F41D546E-BB94-4A9B-AFCE-2395CA4578EA}
    2011-11-23 00:15 - 2011-11-23 00:15 - 0113870 ____A C:\Users\Daddy\Desktop\OTL 6.Txt
    2011-11-23 00:08 - 2011-11-23 00:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{110F7C98-5752-423F-BF90-E801F8831DEB}
    2011-11-23 00:07 - 2011-11-23 00:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{70651BAA-AD19-44FA-A5FC-5228C41B4796}
    2011-11-22 23:44 - 2011-11-22 23:44 - 0000646 ____A C:\Users\Daddy\Desktop\SystemLook.txt
    2011-11-22 23:43 - 2011-11-22 23:43 - 0165376 ____A C:\Users\Daddy\Desktop\SystemLook_x64.exe
    2011-11-22 22:34 - 2011-11-22 22:34 - 0113156 ____A C:\Users\Daddy\Desktop\OTL 5.Txt
    2011-11-22 22:26 - 2011-11-22 22:26 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A8150411-734F-4E21-8E6D-BFE22A05B51A}
    2011-11-22 22:26 - 2011-11-22 22:26 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3043279B-6227-4852-9399-FD6A4E51D54B}
    2011-11-22 22:16 - 2011-11-22 22:16 - 0000022 ____A C:\Users\Daddy\Desktop\temp.txt
    2011-11-22 22:14 - 2011-11-22 22:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CDB9D0DB-E56D-4F21-978E-A76926D5F100}
    2011-11-22 22:13 - 2011-11-22 22:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E2A6B758-4077-45C3-BD5E-45BDA88A6319}
    2011-11-22 05:29 - 2011-11-22 05:29 - 0114050 ____A C:\Users\Daddy\Desktop\OTL 4.Txt
    2011-11-22 05:19 - 2011-11-22 05:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{AB419CAF-C2F8-4CCA-AC89-54FCC08807CE}
    2011-11-22 05:18 - 2011-11-22 05:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{ADB3B6F0-7FF0-48CB-A252-02351906D813}
    2011-11-22 04:54 - 2011-11-22 04:54 - 0114180 ____A C:\Users\Daddy\Desktop\OTL 3.Txt
    2011-11-22 04:41 - 2011-11-22 04:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E2E09817-E277-4AA0-A55D-5657F5BF82CD}
    2011-11-22 04:40 - 2011-11-22 04:40 - 0000000 ____D C:\Users\Daddy\AppData\Local\{DC0AD153-B620-4643-979A-FE6A8D9D02B1}
    2011-11-22 04:10 - 2011-11-22 04:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{957FA4B2-6880-4BCF-B4C5-A2972BEC13D8}
    2011-11-22 04:10 - 2011-11-22 04:10 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4120A0C-ED31-4970-AEB0-D68A66129E44}
    2011-11-22 03:53 - 2011-11-28 21:48 - 0747396 ____A C:\Windows\ntbtlog.txt
    2011-11-22 03:49 - 2011-11-22 03:49 - 0000000 ____D C:\Users\Daddy\AppData\Local\{228F0A0D-C961-45C2-BE2E-20393F840167}
    2011-11-22 03:49 - 2011-11-22 03:49 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0799F999-605E-4E7C-95B0-83C26E5CE6C9}
    2011-11-22 03:09 - 2011-11-22 03:09 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CCDD6E87-DF2F-4E33-908D-871A959F904F}
    2011-11-22 03:09 - 2011-11-22 03:09 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C0EA4F15-218D-4DE2-A03A-1C9A63A5F359}
    2011-11-22 01:55 - 2011-11-22 01:56 - 0003633 ____A C:\Users\Daddy\Desktop\OTL 2.txt
    2011-11-22 01:52 - 2011-11-22 01:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7084EB2B-95BE-43B8-97C1-43DCC21AEC59}
    2011-11-22 01:52 - 2011-11-22 01:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4A04BC3A-025E-450E-8493-E29460CDB901}
    2011-11-22 01:46 - 2011-11-22 01:46 - 0000000 ____D C:\_OTL
    2011-11-22 01:29 - 2011-11-22 01:30 - 0000000 ____D C:\Users\Daddy\AppData\Local\{25F3A49C-2AF9-4B5A-AB28-1EDF1C8C8C28}
    2011-11-22 01:29 - 2011-11-22 01:29 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7EE5991D-6395-4D24-910D-0DBB27E96063}
    2011-11-22 01:28 - 2011-11-22 01:28 - 0000000 __SHD C:\$RECYCLE.BIN
    2011-11-22 00:14 - 2011-11-23 00:14 - 0113870 ____A C:\Users\Daddy\Desktop\OTL.Txt
    2011-11-22 00:14 - 2011-11-22 00:14 - 0068286 ____A C:\Users\Daddy\Desktop\Extras.Txt
    2011-11-22 00:03 - 2011-11-22 00:03 - 0584192 ____A (OldTimer Tools) C:\Users\Daddy\Desktop\OTL.exe
    2011-11-21 23:46 - 2011-11-21 23:46 - 0027582 ____A C:\Users\Daddy\Desktop\ComboFix 2.txt
    2011-11-21 23:45 - 2011-11-21 23:45 - 0027582 ____A C:\ComboFix.txt
    2011-11-21 22:34 - 2011-11-21 23:45 - 0000000 ____D C:\ComboFix
    2011-11-21 22:18 - 2011-11-21 22:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5E7B5DCA-C3B3-4A99-9D3D-680C7A78E055}
    2011-11-21 22:18 - 2011-11-21 22:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{1C3D6565-DAD5-43F7-8C4F-E40F215061BB}
    2011-11-21 01:17 - 2011-11-21 01:17 - 0022093 ____A C:\Users\Daddy\Desktop\ComboFix.txt
    2011-11-21 00:03 - 2011-06-26 07:45 - 0256000 ____A C:\Windows\PEV.exe
    2011-11-21 00:03 - 2010-11-07 18:20 - 0208896 ____A C:\Windows\MBR.exe
    2011-11-21 00:03 - 2009-04-20 05:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2011-11-21 00:03 - 2000-08-31 01:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2011-11-21 00:03 - 2000-08-31 01:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2011-11-21 00:03 - 2000-08-31 01:00 - 0098816 ____A C:\Windows\sed.exe
    2011-11-21 00:03 - 2000-08-31 01:00 - 0080412 ____A C:\Windows\grep.exe
    2011-11-21 00:03 - 2000-08-31 01:00 - 0068096 ____A C:\Windows\zip.exe
    2011-11-20 23:56 - 2011-11-21 00:59 - 0000000 ____D C:\Windows\ERDNT
    2011-11-20 23:30 - 2011-11-28 21:55 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2011-11-20 23:30 - 2011-11-28 21:55 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2011-11-20 00:52 - 2011-11-21 23:45 - 0000000 ____D C:\Qoobox
    2011-11-20 00:45 - 2011-11-21 22:29 - 4303424 ____R (Swearware) C:\Users\Daddy\Desktop\ComboFix.exe
    2011-11-20 00:44 - 2011-11-20 00:44 - 0001572 ____A C:\Users\Daddy\Desktop\aswMBR.txt
    2011-11-20 00:44 - 2011-11-20 00:44 - 0000512 ____A C:\Users\Daddy\Desktop\MBR.dat
    2011-11-20 00:39 - 2011-11-20 00:39 - 1916416 ____A (AVAST Software) C:\Users\Daddy\Desktop\aswMBR.exe
    2011-11-19 23:21 - 2011-11-19 23:21 - 0011304 ____A C:\Users\Daddy\Desktop\Attach.txt
    2011-11-19 23:10 - 2011-11-19 23:10 - 0002355 ____A C:\Users\Daddy\Desktop\GMER.txt
    2011-11-19 22:09 - 2011-11-19 22:09 - 0001530 ____A C:\Users\Daddy\Desktop\Post.txt
    2011-11-19 22:05 - 2011-11-19 22:05 - 0000887 ____A C:\Users\Daddy\Desktop\mbam-log-2011-11-19 (22-05-18).txt
    2011-11-19 21:48 - 2011-11-19 23:21 - 0029164 ____A C:\Users\Daddy\Desktop\DDS.txt
    2011-11-19 20:58 - 2011-11-19 20:58 - 0000000 ____A C:\Users\Daddy\Desktop\gmer.log
    2011-11-19 20:47 - 2011-11-19 20:47 - 0607260 ____R (Swearware) C:\Users\Daddy\Desktop\dds.scr
    2011-11-19 20:43 - 2011-11-19 20:43 - 0071787 ____A C:\Users\Daddy\Desktop\8 Step Guide.docx
    2011-11-19 20:34 - 2011-11-19 20:34 - 0302592 ____A C:\Users\Daddy\Desktop\7wxwoicb.exe
    2011-11-19 20:17 - 2011-11-19 20:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{63345C7D-CA91-4DDE-9B6C-13DEAB8BDCC6}
    2011-11-19 20:17 - 2011-11-19 20:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{02F99136-B844-4E35-9B64-951485D46D9C}
    2011-11-19 19:24 - 2011-11-19 19:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D8435C12-1580-4EE8-B6B2-4D304241ECAE}
    2011-11-19 19:24 - 2011-11-19 19:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BDFDC5D8-FF77-4040-A255-5F5E98FDE185}
    2011-11-19 19:22 - 2011-12-02 17:09 - 0011795 ____A C:\aaw7boot.log
    2011-11-19 07:07 - 2011-11-19 07:07 - 0002259 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2011-11-19 02:08 - 2011-11-19 02:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2F578588-C781-431C-ADD9-0516BF9CAD46}
    2011-11-19 02:07 - 2011-11-19 02:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D96D471F-F887-4943-BA8D-1BE6744B3711}
    2011-11-19 01:17 - 2011-11-17 22:51 - 0016432 ____A C:\Windows\System32\lsdelete.exe
    2011-11-18 00:04 - 2011-11-18 00:04 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4DEB02B-6B22-4554-BE3D-380F4A674286}
    2011-11-18 00:03 - 2011-11-18 00:04 - 0000000 ____D C:\Users\Daddy\AppData\Local\{220F4A37-1030-4E58-ACC9-EA1736633762}
    2011-11-17 22:51 - 2011-11-17 22:51 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
    2011-11-17 22:48 - 2011-11-17 22:48 - 0001107 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
    2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\Users\All Users\Lavasoft
    2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\ProgramData\Lavasoft
    2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\Program Files (x86)\Lavasoft
    2011-11-17 22:48 - 2011-11-03 12:06 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
    2011-11-17 22:46 - 2011-11-17 22:46 - 0000000 ____D C:\Users\Daddy\Downloads\AdAware
    2011-11-17 22:06 - 2011-11-17 22:06 - 0000000 ____D C:\Windows\Sun
    2011-11-17 22:02 - 2011-11-17 22:02 - 0000000 ____D C:\Users\Daddy\AppData\Local\{81547243-F6A2-4239-9C23-E069E5E74095}
    2011-11-17 22:02 - 2011-11-17 22:02 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3FE19719-756B-404B-89D9-4B1082BC60D9}
    2011-11-17 22:01 - 2011-11-17 22:01 - 0000344 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
    2011-11-17 04:56 - 2011-11-17 04:56 - 0000016 ____A C:\Windows\System32\config\software.szfi
    2011-11-17 02:12 - 2011-11-17 02:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C83F3967-5A6B-4CC4-A910-458C64F5BBCC}
    2011-11-17 02:11 - 2011-11-17 02:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{49FE06D3-4FB6-4D17-97A3-09501CE0289A}
    2011-11-17 01:13 - 2011-11-17 01:15 - 0165252 ____A C:\TDSSKiller.2.6.19.0_17.11.2011_01.13.24_log.txt
    2011-11-17 01:12 - 2011-11-17 01:12 - 1545858 ____A C:\Users\Daddy\Downloads\tdsskiller.zip
    2011-11-17 01:12 - 2011-11-17 01:12 - 0000000 ____D C:\Users\Daddy\Downloads\TDSSKiller
    2011-11-17 00:50 - 2011-11-17 00:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B7AF6830-B83F-4D30-A3AB-D0A07ED89A4B}
    2011-11-17 00:50 - 2011-11-17 00:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A0C1B9FE-5C97-4CAD-B6B6-869C5B07B666}
    2011-11-15 17:25 - 2011-11-15 17:25 - 0000000 ____D C:\Users\Daddy\AppData\Local\{31B81133-FD5A-4F7E-BCFC-0D0698FA715C}
    2011-11-15 17:25 - 2011-11-15 17:25 - 0000000 ____D C:\Users\Daddy\AppData\Local\{181EA340-CA15-4186-8654-D6E91FC54FA1}
    2011-11-15 17:14 - 2011-11-15 17:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{867956E2-F466-4ECF-8F75-97504C719CB7}
    2011-11-15 17:14 - 2011-11-15 17:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6AD1A3C3-EA33-4060-9BA2-8E405CB7076D}
    2011-11-15 00:42 - 2011-11-15 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BC66E416-D557-428A-8DDF-AC62A68E7AD0}
    2011-11-15 00:42 - 2011-11-15 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A939B63C-FF12-4D6B-9B06-77650BCC780E}
    2011-11-14 19:23 - 2011-11-14 19:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C55EDE01-C58B-4BA6-BC8C-7F7D4CDDCC26}
    2011-11-14 19:23 - 2011-11-14 19:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C49AA169-4690-4196-9A34-E0B1EA4657DB}
    2011-11-13 02:15 - 2011-11-13 02:15 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B260EFF4-0419-4833-9576-6648A05D0FF7}
    2011-11-13 02:15 - 2011-11-13 02:15 - 0000000 ____D C:\Users\Daddy\AppData\Local\{90B51F54-335F-418D-A9BA-AC2010F8A5EC}
    2011-11-13 01:50 - 2011-11-13 02:19 - 0000000 ____A C:\Users\Daddy\Downloads\jxpiinstall.exe
    2011-11-13 01:46 - 2011-11-13 01:46 - 14753912 ____A (Mozilla) C:\Users\Daddy\Downloads\Firefox Setup 8.0.exe
    2011-11-13 01:05 - 2011-11-13 01:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B4388EDC-CFA5-41B3-A1C2-40F2BA73CAD1}
    2011-11-13 01:05 - 2011-11-13 01:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5F0B7321-5FFE-464E-B4A5-10382CFA2D46}
    2011-11-12 19:49 - 2011-11-12 19:49 - 0000000 ____D C:\Windows\System32\Macromed
    2011-11-12 19:47 - 2011-11-12 19:48 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7670782F-5632-4DEA-B553-4479C38DE2A4}
    2011-11-12 19:47 - 2011-11-12 19:47 - 0000000 ____D C:\Users\Daddy\AppData\Local\{68703C67-9D01-4F8C-9F4A-75E0C5AEFC5B}
    2011-11-12 00:05 - 2011-11-12 00:05 - 0000000 ___HD C:\Users\All Users\CanonIJEGV
    2011-11-12 00:05 - 2011-11-12 00:05 - 0000000 ___HD C:\ProgramData\CanonIJEGV
    2011-11-11 23:54 - 2011-11-11 23:56 - 10260664 ____A C:\Users\Daddy\Downloads\MP980_GS_EN-US_V3.pdf
    2011-11-11 23:52 - 2011-11-11 23:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A3063E73-CECB-437F-A8B0-6F054BA57505}
    2011-11-11 23:52 - 2011-11-11 23:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{91F1BC4B-9AAD-4E23-8B5B-35636FFC9A26}
    2011-11-11 01:51 - 2011-09-29 17:24 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2011-11-11 01:51 - 2011-09-29 05:09 - 3141120 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-11 01:38 - 2011-11-11 01:38 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E788BC36-449E-4918-B6B0-50F123A4305E}
    2011-11-10 15:06 - 2011-11-10 15:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{66A37168-9B2D-48E8-90EE-A349C7ACF0A2}
    2011-11-10 15:06 - 2011-11-10 15:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6154443F-D3EF-4819-9FBD-06F2B7894590}
    2011-11-10 14:51 - 2011-11-10 14:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{390B54B8-0CA0-42FF-9FD0-C7CA3BBA4578}
    2011-11-06 23:12 - 2011-11-06 23:14 - 0000000 ____D C:\Users\Daddy\Documents\Photos
    2011-11-06 23:12 - 2011-11-06 23:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E629B392-F9B7-4889-A277-E43D4BEE4961}
    2011-11-04 20:41 - 2011-11-04 20:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{60AB8944-1C45-4416-803D-455132F4B967}
    2011-11-04 20:41 - 2011-11-04 20:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2A95A727-8526-4BC1-A6E5-56EC93220E9F}
     
  6. frh

    frh TS Rookie Topic Starter Posts: 41

    ============ 3 Months Modified Files and Folders =============

    2011-12-02 19:31 - 2011-12-02 19:30 - 0000000 ____D C:\FRST
    2011-12-02 19:29 - 2011-12-02 19:29 - 1377555 ____A C:\Users\Daddy\Desktop\FRST64.exe
    2011-12-02 19:27 - 2011-02-26 13:48 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2011-12-02 18:37 - 2011-01-17 06:21 - 1757875 ____A C:\Windows\WindowsUpdate.log
    2011-12-02 17:18 - 2009-07-14 05:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2011-12-02 17:18 - 2009-07-14 05:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2011-12-02 17:12 - 2011-12-02 17:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{75D25876-DFC9-46CE-8FA6-A1A4D0333732}
    2011-12-02 17:11 - 2011-12-02 17:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{23F59F62-B813-42C3-9AA7-79B301812A5C}
    2011-12-02 17:11 - 2011-03-13 01:52 - 0000000 ____D C:\Users\Daddy\Tracing
    2011-12-02 17:10 - 2011-01-17 07:28 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2011-12-02 17:09 - 2011-12-02 17:09 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2011-12-02 17:09 - 2011-11-19 19:22 - 0011795 ____A C:\aaw7boot.log
    2011-12-02 17:09 - 2011-02-26 13:48 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2011-12-02 17:09 - 2011-01-24 20:34 - 0000000 ____D C:\Users\Daddy\AppData\Local\SoftThinks
    2011-12-02 17:09 - 2011-01-17 06:18 - 3113234432 __ASH C:\hiberfil.sys
    2011-12-02 17:09 - 2009-07-14 06:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2011-12-02 17:09 - 2009-07-14 05:51 - 0060288 ____A C:\Windows\setupact.log
    2011-12-02 03:14 - 2011-12-02 03:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4D3A0DE9-79BF-4A96-9587-7D20B51D9F6D}
    2011-12-02 03:14 - 2011-12-02 03:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{38C6A593-E2E2-4548-A14C-FB7A48D0748E}
    2011-12-02 03:14 - 2011-01-17 06:48 - 0000000 ____D C:\Users\All Users\Sonic
    2011-12-02 03:14 - 2011-01-17 06:48 - 0000000 ____D C:\ProgramData\Sonic
    2011-11-30 17:23 - 2011-11-30 17:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{00D35B38-2BD4-43C5-B98B-80803CCE9E05}
    2011-11-30 17:23 - 2011-11-30 17:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{41F604B1-7952-4FCC-B3BD-D48773A07AFE}
    2011-11-30 01:57 - 2011-11-30 01:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B71767B9-24CC-44C7-9E7C-87B192CBB567}
    2011-11-30 01:57 - 2011-11-30 01:56 - 0000000 ____D C:\Users\Daddy\AppData\Local\{141C2DFB-3B3F-4776-8E5A-3E2C6311B18E}
    2011-11-28 22:20 - 2011-11-28 22:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7CD59C7A-EC7F-4846-917B-650FB762452F}
    2011-11-28 22:20 - 2011-11-28 22:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5F739D53-28FA-4F09-98B5-0375DE63C353}
    2011-11-28 22:06 - 2011-11-28 22:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A332030C-E9AA-41FD-9F2F-7D02DE43A06A}
    2011-11-28 22:05 - 2011-11-28 22:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C0656FEB-8730-4353-B909-79C532428744}
    2011-11-28 21:55 - 2011-11-20 23:30 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2011-11-28 21:55 - 2011-11-20 23:30 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2011-11-28 21:48 - 2011-11-22 03:53 - 0747396 ____A C:\Windows\ntbtlog.txt
    2011-11-28 21:35 - 2011-11-28 21:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{78E5BE88-6B6B-4E58-A597-F7D775B25130}
    2011-11-28 21:35 - 2011-11-28 21:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7124B92C-B8B8-44D4-A2FA-7928624BAF5B}
    2011-11-28 21:22 - 2011-11-28 21:22 - 0000000 ____D C:\Users\Daddy\AppData\Local\{18CCCDB4-E314-4FA6-99A6-DB71B845B309}
    2011-11-25 01:55 - 2011-11-25 01:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{40CE25FE-D15D-4D0B-987C-5C9113588557}
    2011-11-25 01:54 - 2011-11-25 01:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{50EA1BFB-2778-474B-93DD-0BA170157FDD}
    2011-11-25 01:14 - 2011-11-25 01:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{89BD194E-4F8F-4E58-B153-86D99B480476}
    2011-11-25 01:14 - 2011-11-25 01:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3D4A723B-56FF-4B5F-AD60-2508F79947E4}
    2011-11-25 00:43 - 2011-11-25 00:43 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A95D7B9A-623F-4302-8928-0AF3F343AB2A}
    2011-11-25 00:38 - 2011-04-23 15:31 - 283971254 ____A C:\Windows\MEMORY.DMP
    2011-11-25 00:01 - 2011-11-25 00:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C3A881C3-111D-4561-9CAF-76579F05299E}
    2011-11-25 00:01 - 2011-11-25 00:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5B3F9F57-B656-474C-88C1-2BBA55255297}
    2011-11-24 23:56 - 2009-07-14 06:13 - 0730448 ____A C:\Windows\System32\PerfStringBackup.INI
    2011-11-24 23:54 - 2011-11-24 23:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{429176A2-93EA-4819-9A84-1178ED124285}
    2011-11-24 23:53 - 2011-11-24 23:53 - 0000000 ____D C:\Users\Daddy\AppData\Local\{71F1FFCF-B71A-4D29-9948-8AED955B7765}
    2011-11-24 23:37 - 2011-06-04 19:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\Apps\2.0
    2011-11-24 23:33 - 2011-11-24 23:33 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4861B47-7B36-40F8-BA06-4BA188030F09}
    2011-11-24 23:32 - 2011-11-24 23:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{8EA97EC2-96CB-4F17-B46C-752F041700B9}
    2011-11-24 23:30 - 2011-11-24 23:30 - 0262144 ____A C:\Windows\Minidump\112411-18891-01.dmp
    2011-11-24 23:30 - 2011-04-23 15:32 - 0000000 ____D C:\Windows\Minidump
    2011-11-24 22:45 - 2011-11-24 22:42 - 0058583 ____A C:\Users\Daddy\Desktop\bootkit_remover_debug_log.txt
    2011-11-24 22:41 - 2011-11-24 22:40 - 0000000 ____D C:\Users\Daddy\Desktop\bootkit_remover
    2011-11-24 22:40 - 2011-11-24 22:40 - 0044607 ____A C:\Users\Daddy\Desktop\bootkit_remover.zip
    2011-11-24 22:40 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\Daddy\Desktop\boot_cleaner.exe
    2011-11-24 22:36 - 2011-11-24 22:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B47FE670-5C7E-4ABE-8A30-4789A0F02657}
    2011-11-24 22:36 - 2011-11-24 22:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{9CF922DA-F8BF-4BB1-9015-BD08920AA2AC}
    2011-11-24 00:17 - 2011-11-24 00:16 - 0000000 ____D C:\Users\Daddy\AppData\Local\{09FBBCF3-C3D8-479A-877F-A23EBE64071D}
    2011-11-24 00:16 - 2011-11-24 00:16 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5C8551E3-24B0-419B-84CD-A35AAE7EFADE}
    2011-11-23 20:39 - 2011-11-23 20:39 - 0000000 ____D C:\Users\Daddy\AppData\Local\{21BE17EA-E82B-4677-993A-0C90B19D9242}
    2011-11-23 20:39 - 2011-11-23 20:38 - 0000000 ____D C:\Users\Daddy\AppData\Local\{18634E2E-BF1E-40E7-A771-9F9A385BD597}
    2011-11-23 20:35 - 2011-01-17 06:53 - 0079030 ____A C:\Windows\PFRO.log
    2011-11-23 00:21 - 2011-11-23 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{69E76B89-68CD-45C8-8F02-D5EF7AE1A0EA}
    2011-11-23 00:20 - 2011-11-23 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{F41D546E-BB94-4A9B-AFCE-2395CA4578EA}
    2011-11-23 00:15 - 2011-11-23 00:15 - 0113870 ____A C:\Users\Daddy\Desktop\OTL 6.Txt
    2011-11-23 00:14 - 2011-11-22 00:14 - 0113870 ____A C:\Users\Daddy\Desktop\OTL.Txt
    2011-11-23 00:08 - 2011-11-23 00:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{110F7C98-5752-423F-BF90-E801F8831DEB}
    2011-11-23 00:08 - 2011-11-23 00:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{70651BAA-AD19-44FA-A5FC-5228C41B4796}
    2011-11-22 23:44 - 2011-11-22 23:44 - 0000646 ____A C:\Users\Daddy\Desktop\SystemLook.txt
    2011-11-22 23:43 - 2011-11-22 23:43 - 0165376 ____A C:\Users\Daddy\Desktop\SystemLook_x64.exe
    2011-11-22 22:34 - 2011-11-22 22:34 - 0113156 ____A C:\Users\Daddy\Desktop\OTL 5.Txt
    2011-11-22 22:26 - 2011-11-22 22:26 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A8150411-734F-4E21-8E6D-BFE22A05B51A}
    2011-11-22 22:26 - 2011-11-22 22:26 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3043279B-6227-4852-9399-FD6A4E51D54B}
    2011-11-22 22:16 - 2011-11-22 22:16 - 0000022 ____A C:\Users\Daddy\Desktop\temp.txt
    2011-11-22 22:14 - 2011-11-22 22:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CDB9D0DB-E56D-4F21-978E-A76926D5F100}
    2011-11-22 22:14 - 2011-11-22 22:13 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E2A6B758-4077-45C3-BD5E-45BDA88A6319}
    2011-11-22 05:29 - 2011-11-22 05:29 - 0114050 ____A C:\Users\Daddy\Desktop\OTL 4.Txt
    2011-11-22 05:19 - 2011-11-22 05:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{AB419CAF-C2F8-4CCA-AC89-54FCC08807CE}
    2011-11-22 05:19 - 2011-11-22 05:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{ADB3B6F0-7FF0-48CB-A252-02351906D813}
    2011-11-22 04:54 - 2011-11-22 04:54 - 0114180 ____A C:\Users\Daddy\Desktop\OTL 3.Txt
    2011-11-22 04:41 - 2011-11-22 04:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E2E09817-E277-4AA0-A55D-5657F5BF82CD}
    2011-11-22 04:40 - 2011-11-22 04:40 - 0000000 ____D C:\Users\Daddy\AppData\Local\{DC0AD153-B620-4643-979A-FE6A8D9D02B1}
    2011-11-22 04:11 - 2011-11-22 04:10 - 0000000 ____D C:\Users\Daddy\AppData\Local\{957FA4B2-6880-4BCF-B4C5-A2972BEC13D8}
    2011-11-22 04:10 - 2011-11-22 04:10 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4120A0C-ED31-4970-AEB0-D68A66129E44}
    2011-11-22 03:49 - 2011-11-22 03:49 - 0000000 ____D C:\Users\Daddy\AppData\Local\{228F0A0D-C961-45C2-BE2E-20393F840167}
    2011-11-22 03:49 - 2011-11-22 03:49 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0799F999-605E-4E7C-95B0-83C26E5CE6C9}
    2011-11-22 03:09 - 2011-11-22 03:09 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CCDD6E87-DF2F-4E33-908D-871A959F904F}
    2011-11-22 03:09 - 2011-11-22 03:09 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C0EA4F15-218D-4DE2-A03A-1C9A63A5F359}
    2011-11-22 01:56 - 2011-11-22 01:55 - 0003633 ____A C:\Users\Daddy\Desktop\OTL 2.txt
    2011-11-22 01:52 - 2011-11-22 01:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7084EB2B-95BE-43B8-97C1-43DCC21AEC59}
    2011-11-22 01:52 - 2011-11-22 01:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4A04BC3A-025E-450E-8493-E29460CDB901}
    2011-11-22 01:46 - 2011-11-22 01:46 - 0000000 ____D C:\_OTL
    2011-11-22 01:30 - 2011-11-22 01:29 - 0000000 ____D C:\Users\Daddy\AppData\Local\{25F3A49C-2AF9-4B5A-AB28-1EDF1C8C8C28}
    2011-11-22 01:29 - 2011-11-22 01:29 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7EE5991D-6395-4D24-910D-0DBB27E96063}
    2011-11-22 01:28 - 2011-11-22 01:28 - 0000000 __SHD C:\$RECYCLE.BIN
    2011-11-22 00:14 - 2011-11-22 00:14 - 0068286 ____A C:\Users\Daddy\Desktop\Extras.Txt
    2011-11-22 00:03 - 2011-11-22 00:03 - 0584192 ____A (OldTimer Tools) C:\Users\Daddy\Desktop\OTL.exe
    2011-11-21 23:46 - 2011-11-21 23:46 - 0027582 ____A C:\Users\Daddy\Desktop\ComboFix 2.txt
    2011-11-21 23:45 - 2011-11-21 23:45 - 0027582 ____A C:\ComboFix.txt
    2011-11-21 23:45 - 2011-11-21 22:34 - 0000000 ____D C:\ComboFix
    2011-11-21 23:45 - 2011-11-20 00:52 - 0000000 ____D C:\Qoobox
    2011-11-21 23:25 - 2009-07-14 03:34 - 0000215 ____A C:\Windows\system.ini
    2011-11-21 23:23 - 2009-07-14 03:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
    2011-11-21 22:29 - 2011-11-20 00:45 - 4303424 ____R (Swearware) C:\Users\Daddy\Desktop\ComboFix.exe
    2011-11-21 22:18 - 2011-11-21 22:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5E7B5DCA-C3B3-4A99-9D3D-680C7A78E055}
    2011-11-21 22:18 - 2011-11-21 22:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{1C3D6565-DAD5-43F7-8C4F-E40F215061BB}
    2011-11-21 01:17 - 2011-11-21 01:17 - 0022093 ____A C:\Users\Daddy\Desktop\ComboFix.txt
    2011-11-21 01:16 - 2009-07-14 04:20 - 0000000 __RHD C:\users\Default
    2011-11-21 01:16 - 2009-07-14 04:20 - 0000000 ___RD C:\users\Public
    2011-11-21 00:59 - 2011-11-20 23:56 - 0000000 ____D C:\Windows\ERDNT
    2011-11-20 00:44 - 2011-11-20 00:44 - 0001572 ____A C:\Users\Daddy\Desktop\aswMBR.txt
    2011-11-20 00:44 - 2011-11-20 00:44 - 0000512 ____A C:\Users\Daddy\Desktop\MBR.dat
    2011-11-20 00:39 - 2011-11-20 00:39 - 1916416 ____A (AVAST Software) C:\Users\Daddy\Desktop\aswMBR.exe
    2011-11-19 23:21 - 2011-11-19 23:21 - 0011304 ____A C:\Users\Daddy\Desktop\Attach.txt
    2011-11-19 23:21 - 2011-11-19 21:48 - 0029164 ____A C:\Users\Daddy\Desktop\DDS.txt
    2011-11-19 23:10 - 2011-11-19 23:10 - 0002355 ____A C:\Users\Daddy\Desktop\GMER.txt
    2011-11-19 22:09 - 2011-11-19 22:09 - 0001530 ____A C:\Users\Daddy\Desktop\Post.txt
    2011-11-19 22:05 - 2011-11-19 22:05 - 0000887 ____A C:\Users\Daddy\Desktop\mbam-log-2011-11-19 (22-05-18).txt
    2011-11-19 20:58 - 2011-11-19 20:58 - 0000000 ____A C:\Users\Daddy\Desktop\gmer.log
    2011-11-19 20:47 - 2011-11-19 20:47 - 0607260 ____R (Swearware) C:\Users\Daddy\Desktop\dds.scr
    2011-11-19 20:43 - 2011-11-19 20:43 - 0071787 ____A C:\Users\Daddy\Desktop\8 Step Guide.docx
    2011-11-19 20:34 - 2011-11-19 20:34 - 0302592 ____A C:\Users\Daddy\Desktop\7wxwoicb.exe
    2011-11-19 20:17 - 2011-11-19 20:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{63345C7D-CA91-4DDE-9B6C-13DEAB8BDCC6}
    2011-11-19 20:17 - 2011-11-19 20:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{02F99136-B844-4E35-9B64-951485D46D9C}
    2011-11-19 19:24 - 2011-11-19 19:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D8435C12-1580-4EE8-B6B2-4D304241ECAE}
    2011-11-19 19:24 - 2011-11-19 19:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BDFDC5D8-FF77-4040-A255-5F5E98FDE185}
    2011-11-19 07:07 - 2011-11-19 07:07 - 0002259 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2011-11-19 07:06 - 2011-02-26 13:48 - 0000000 ____D C:\Program Files (x86)\Google
    2011-11-19 02:08 - 2011-11-19 02:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2F578588-C781-431C-ADD9-0516BF9CAD46}
    2011-11-19 02:08 - 2011-11-19 02:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D96D471F-F887-4943-BA8D-1BE6744B3711}
    2011-11-18 07:32 - 2011-03-19 21:08 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\Skype
    2011-11-18 02:17 - 2011-01-25 00:40 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\GanymedeNet
    2011-11-18 00:51 - 2011-01-25 00:40 - 0000000 ____D C:\Program Files (x86)\Ganymede
    2011-11-18 00:34 - 2011-07-31 14:37 - 0000000 ____D C:\Users\All Users\Skype Extras
    2011-11-18 00:34 - 2011-07-31 14:37 - 0000000 ____D C:\ProgramData\Skype Extras
    2011-11-18 00:24 - 2011-03-19 21:20 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\skypePM
    2011-11-18 00:04 - 2011-11-18 00:04 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4DEB02B-6B22-4554-BE3D-380F4A674286}
    2011-11-18 00:04 - 2011-11-18 00:03 - 0000000 ____D C:\Users\Daddy\AppData\Local\{220F4A37-1030-4E58-ACC9-EA1736633762}
    2011-11-17 22:51 - 2011-11-19 01:17 - 0016432 ____A C:\Windows\System32\lsdelete.exe
    2011-11-17 22:51 - 2011-11-17 22:51 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
    2011-11-17 22:48 - 2011-11-17 22:48 - 0001107 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
    2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\Users\All Users\Lavasoft
    2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\ProgramData\Lavasoft
    2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\Program Files (x86)\Lavasoft
    2011-11-17 22:46 - 2011-11-17 22:46 - 0000000 ____D C:\Users\Daddy\Downloads\AdAware
    2011-11-17 22:06 - 2011-11-17 22:06 - 0000000 ____D C:\Windows\Sun
    2011-11-17 22:05 - 2011-04-23 15:18 - 0000000 ____D C:\Users\All Users\STOPzilla!
    2011-11-17 22:05 - 2011-04-23 15:18 - 0000000 ____D C:\ProgramData\STOPzilla!
    2011-11-17 22:02 - 2011-11-17 22:02 - 0000000 ____D C:\Users\Daddy\AppData\Local\{81547243-F6A2-4239-9C23-E069E5E74095}
    2011-11-17 22:02 - 2011-11-17 22:02 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3FE19719-756B-404B-89D9-4B1082BC60D9}
    2011-11-17 22:01 - 2011-11-17 22:01 - 0000344 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
    2011-11-17 21:58 - 2011-04-23 14:35 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-17 04:56 - 2011-11-17 04:56 - 0000016 ____A C:\Windows\System32\config\software.szfi
    2011-11-17 02:12 - 2011-11-17 02:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C83F3967-5A6B-4CC4-A910-458C64F5BBCC}
    2011-11-17 02:12 - 2011-11-17 02:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{49FE06D3-4FB6-4D17-97A3-09501CE0289A}
    2011-11-17 01:16 - 2011-04-23 15:16 - 0605288 ____A (iS3, Inc.) C:\Users\Daddy\Downloads\STOPzilla_Setup.exe
    2011-11-17 01:15 - 2011-11-17 01:13 - 0165252 ____A C:\TDSSKiller.2.6.19.0_17.11.2011_01.13.24_log.txt
    2011-11-17 01:12 - 2011-11-17 01:12 - 1545858 ____A C:\Users\Daddy\Downloads\tdsskiller.zip
    2011-11-17 01:12 - 2011-11-17 01:12 - 0000000 ____D C:\Users\Daddy\Downloads\TDSSKiller
    2011-11-17 00:50 - 2011-11-17 00:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B7AF6830-B83F-4D30-A3AB-D0A07ED89A4B}
    2011-11-17 00:50 - 2011-11-17 00:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A0C1B9FE-5C97-4CAD-B6B6-869C5B07B666}
    2011-11-15 17:25 - 2011-11-15 17:25 - 0000000 ____D C:\Users\Daddy\AppData\Local\{31B81133-FD5A-4F7E-BCFC-0D0698FA715C}
    2011-11-15 17:25 - 2011-11-15 17:25 - 0000000 ____D C:\Users\Daddy\AppData\Local\{181EA340-CA15-4186-8654-D6E91FC54FA1}
    2011-11-15 17:20 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\NDF
    2011-11-15 17:14 - 2011-11-15 17:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{867956E2-F466-4ECF-8F75-97504C719CB7}
    2011-11-15 17:14 - 2011-11-15 17:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6AD1A3C3-EA33-4060-9BA2-8E405CB7076D}
    2011-11-15 00:42 - 2011-11-15 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BC66E416-D557-428A-8DDF-AC62A68E7AD0}
    2011-11-15 00:42 - 2011-11-15 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A939B63C-FF12-4D6B-9B06-77650BCC780E}
    2011-11-14 19:43 - 2011-08-01 13:30 - 0000000 ____D C:\Users\Daddy\Documents\House
    2011-11-14 19:23 - 2011-11-14 19:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C55EDE01-C58B-4BA6-BC8C-7F7D4CDDCC26}
    2011-11-14 19:23 - 2011-11-14 19:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C49AA169-4690-4196-9A34-E0B1EA4657DB}
    2011-11-14 02:24 - 2011-01-25 00:43 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\Spotify
    2011-11-13 20:24 - 2011-01-25 00:43 - 0000000 ____D C:\Users\Daddy\AppData\Local\Spotify
    2011-11-13 02:19 - 2011-11-13 01:50 - 0000000 ____A C:\Users\Daddy\Downloads\jxpiinstall.exe
    2011-11-13 02:15 - 2011-11-13 02:15 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B260EFF4-0419-4833-9576-6648A05D0FF7}
    2011-11-13 02:15 - 2011-11-13 02:15 - 0000000 ____D C:\Users\Daddy\AppData\Local\{90B51F54-335F-418D-A9BA-AC2010F8A5EC}
    2011-11-13 01:48 - 2011-01-25 00:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2011-11-13 01:46 - 2011-11-13 01:46 - 14753912 ____A (Mozilla) C:\Users\Daddy\Downloads\Firefox Setup 8.0.exe
    2011-11-13 01:41 - 2011-05-20 23:53 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2011-11-13 01:05 - 2011-11-13 01:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B4388EDC-CFA5-41B3-A1C2-40F2BA73CAD1}
    2011-11-13 01:05 - 2011-11-13 01:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5F0B7321-5FFE-464E-B4A5-10382CFA2D46}
    2011-11-12 19:49 - 2011-11-12 19:49 - 0000000 ____D C:\Windows\System32\Macromed
    2011-11-12 19:48 - 2011-11-12 19:47 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7670782F-5632-4DEA-B553-4479C38DE2A4}
    2011-11-12 19:47 - 2011-11-12 19:47 - 0000000 ____D C:\Users\Daddy\AppData\Local\{68703C67-9D01-4F8C-9F4A-75E0C5AEFC5B}
    2011-11-12 19:05 - 2011-03-10 22:03 - 0000000 ____D C:\Users\Mummy\AppData\Local\SoftThinks
    2011-11-12 00:05 - 2011-11-12 00:05 - 0000000 ___HD C:\Users\All Users\CanonIJEGV
    2011-11-12 00:05 - 2011-11-12 00:05 - 0000000 ___HD C:\ProgramData\CanonIJEGV
    2011-11-12 00:01 - 2011-08-01 12:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\ElevatedDiagnostics
    2011-11-11 23:56 - 2011-11-11 23:54 - 10260664 ____A C:\Users\Daddy\Downloads\MP980_GS_EN-US_V3.pdf
    2011-11-11 23:52 - 2011-11-11 23:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A3063E73-CECB-437F-A8B0-6F054BA57505}
    2011-11-11 23:52 - 2011-11-11 23:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{91F1BC4B-9AAD-4E23-8B5B-35636FFC9A26}
    2011-11-11 18:30 - 2009-07-14 05:45 - 0466184 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-11-11 03:56 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-11 03:00 - 2011-02-14 20:14 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-11-11 01:38 - 2011-11-11 01:38 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E788BC36-449E-4918-B6B0-50F123A4305E}
    2011-11-10 15:06 - 2011-11-10 15:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{66A37168-9B2D-48E8-90EE-A349C7ACF0A2}
    2011-11-10 15:06 - 2011-11-10 15:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6154443F-D3EF-4819-9FBD-06F2B7894590}
    2011-11-10 14:54 - 2011-11-10 14:51 - 0000000 ____D C:\Users\Daddy\AppData\Local\{390B54B8-0CA0-42FF-9FD0-C7CA3BBA4578}
    2011-11-06 23:14 - 2011-11-06 23:12 - 0000000 ____D C:\Users\Daddy\Documents\Photos
    2011-11-06 23:12 - 2011-11-06 23:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E629B392-F9B7-4889-A277-E43D4BEE4961}
    2011-11-04 20:41 - 2011-11-04 20:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{60AB8944-1C45-4416-803D-455132F4B967}
    2011-11-04 20:41 - 2011-11-04 20:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2A95A727-8526-4BC1-A6E5-56EC93220E9F}
    2011-11-03 12:06 - 2011-11-17 22:48 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
    2011-10-30 17:28 - 2011-10-30 17:28 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C36D71FA-30C7-4638-A0E8-DA1ADED7652B}
    2011-10-30 17:28 - 2011-10-30 17:28 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2B98BDD9-6857-4BC8-B3D0-8C828082DFDA}
    2011-10-29 13:07 - 2011-10-29 13:06 - 0890266 ____A C:\Users\Callum\Documents\Callums bedroom furniture.docx
    2011-10-29 13:06 - 2011-10-29 13:06 - 0000162 ___AH C:\Users\Callum\Documents\~$llums bedroom furniture.docx
    2011-10-26 18:24 - 2011-10-26 18:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{AFE03083-33EA-4C4C-AC7E-BDE359EE15DA}
    2011-10-26 18:24 - 2011-10-26 18:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{8083DF18-8708-456F-AC79-6D88497607C2}
    2011-10-24 16:49 - 2011-10-24 16:48 - 0000000 ____D C:\Users\Mummy\AppData\Roaming\.minecraft
    2011-10-23 03:02 - 2011-02-26 13:48 - 0000000 ____D C:\Users\Daddy\AppData\Local\Google
    2011-10-23 02:03 - 2011-02-05 22:07 - 0000000 ____A C:\Windows\SysWOW64\config.nt
    2011-10-23 00:58 - 2011-10-23 00:58 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B06B7393-ECB3-4084-9288-4C6E78C98BC2}
    2011-10-23 00:58 - 2011-10-23 00:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0FC149A9-BA5E-407C-866A-CC30E4F44CAF}
    2011-10-21 00:42 - 2011-10-21 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{DD6F7731-2C18-49D6-8FF5-A9CEDB1D40BD}
    2011-10-21 00:42 - 2011-10-21 00:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0E3C0DF7-062C-4E28-8EFF-0566E0B4AC2F}
    2011-10-18 19:18 - 2011-10-18 19:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{908DCA68-00CB-4D4C-A904-2D79F64756A0}
    2011-10-17 18:35 - 2011-10-17 18:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CF6548E9-3322-43CC-BBCD-35E636B967E7}
    2011-10-17 18:35 - 2011-10-17 18:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0065EBD5-8F37-4EB6-813A-1F3281A11DB4}
    2011-10-16 20:32 - 2011-05-16 22:12 - 0000000 ____D C:\Users\Mummy\AppData\Roaming\Apple Computer
    2011-10-16 20:32 - 2011-05-16 22:12 - 0000000 ____D C:\Users\Mummy\AppData\Local\Apple Computer
    2011-10-16 20:32 - 2011-03-10 22:04 - 0000000 ____D C:\Users\Mummy\AppData\Local\VirtualStore
    2011-10-16 16:33 - 2011-10-16 16:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7ADF336A-98A7-4268-A7F2-649575503E98}
    2011-10-16 16:32 - 2011-10-16 16:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4CBE6909-F430-4BC7-826A-E2D59E282F7E}
    2011-10-16 11:55 - 2011-01-25 00:32 - 0007605 ____A C:\Users\Daddy\AppData\Local\resmon.resmoncfg
    2011-10-16 11:47 - 2011-02-14 19:28 - 0375407 ____A C:\Users\Callum\Documents\Callums Fish and Monsters.pptx
    2011-10-16 00:08 - 2011-10-16 00:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6E2D225B-8F53-42B5-B33F-6FF8B22C4819}
    2011-10-16 00:07 - 2011-10-16 00:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6D4830F4-60AA-4243-9457-69A17FB49D48}
    2011-10-15 15:28 - 2011-10-15 15:28 - 0008974 ____A C:\Users\Mummy\Documents\Badgers Under 10 Fixture schedule 2011 (2) (version 1).xlsx
    2011-10-14 16:17 - 2011-10-14 16:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{AA85C1AC-46F6-4F41-88E8-48F43C73B6FA}
    2011-10-14 16:17 - 2011-10-14 16:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{1A980A4F-3402-4518-89EE-F15644AF5341}
    2011-10-14 02:33 - 2011-01-17 07:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2011-10-14 02:04 - 2011-01-27 09:34 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-10-14 02:04 - 2011-01-27 09:34 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-10-13 23:23 - 2011-07-14 23:37 - 0000000 ____D C:\Users\Daddy\Documents\P
    2011-10-13 23:18 - 2011-10-13 23:18 - 1642611 ____A C:\Users\Daddy\Downloads\james bond Dr No theme tune.mp3
    2011-10-12 16:19 - 2011-10-12 16:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{EC00EAAB-7B62-4A15-93F2-826DA8EE9394}
    2011-10-12 16:19 - 2011-10-12 16:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0B8F7E03-6B3A-4687-AF47-06AF6AFDD830}
    2011-10-11 02:33 - 2011-10-11 02:33 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E86E6DBF-61C4-4A23-A78D-864CBA387A15}
    2011-10-11 02:33 - 2011-10-11 02:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4611D8A4-A3FA-4745-A5CA-A4B4E2FF1C17}
    2011-10-10 22:28 - 2011-10-10 22:28 - 0014187 ____A C:\Users\Mummy\Documents\PiXL6 Meeting.docx
    2011-10-09 18:10 - 2011-10-09 18:10 - 0000000 ____D C:\Users\Callum\AppData\Roaming\.minecraft
    2011-10-09 18:06 - 2011-10-09 14:10 - 0012055 ____A C:\Users\Callum\Documents\Benvolio's diary.docx
    2011-10-09 15:36 - 2011-10-09 15:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E0352EA8-11B3-439C-9152-E9F825995114}
    2011-10-09 15:36 - 2011-10-09 15:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0B59C5F7-A429-4B75-9D7C-DD6363593E39}
    2011-10-09 14:10 - 2011-10-09 14:10 - 0000162 ___AH C:\Users\Callum\Documents\~$nvolio's diary.docx
    2011-10-09 01:41 - 2011-10-09 01:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BE575EA3-62E5-45DA-8AC4-51ADAC688DD1}
    2011-10-09 01:41 - 2011-10-09 01:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5E3D2AD9-04B2-4C49-8215-E241DE1A3649}
    2011-10-07 00:59 - 2011-10-07 00:59 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C68C8138-32F9-452A-92DD-B89A4DFDF1CB}
    2011-10-07 00:59 - 2011-10-07 00:59 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7706E8AD-21DE-45C9-8137-22133B4A07E7}
    2011-10-03 02:18 - 2011-01-25 00:14 - 0000000 ____D C:\Program Files (x86)\Spotify
    2011-10-01 06:24 - 2011-10-13 23:27 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-10-01 05:42 - 2011-10-13 23:27 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-10-01 04:21 - 2011-10-13 23:27 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-10-01 03:59 - 2011-10-13 23:27 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-09-29 17:24 - 2011-11-11 01:51 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2011-09-29 05:09 - 2011-11-11 01:51 - 3141120 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-09-28 20:12 - 2011-03-10 22:04 - 0000000 ____D C:\Users\Mummy\AppData\Roaming\Adobe
    2011-09-26 03:27 - 2011-09-26 03:26 - 0000000 ____D C:\Users\Daddy\Documents\Work
    2011-09-26 02:42 - 2011-01-17 06:58 - 0000000 ____D C:\Users\All Users\Adobe
    2011-09-26 02:42 - 2011-01-17 06:58 - 0000000 ____D C:\ProgramData\Adobe
    2011-09-26 02:41 - 2011-01-24 20:50 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\Adobe
    2011-09-26 02:38 - 2011-09-26 02:38 - 0002066 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2011-09-26 02:38 - 2011-02-20 19:22 - 0000000 ____D C:\Users\Daddy\AppData\Local\Adobe
    2011-09-26 02:38 - 2011-01-17 06:58 - 0000000 ____D C:\Program Files (x86)\Adobe
    2011-09-26 02:36 - 2011-09-26 02:36 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2011-09-26 02:36 - 2011-09-26 02:36 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2011-09-25 14:36 - 2011-01-24 20:30 - 0000000 ____D C:\Users\Daddy\AppData\LocalLow
    2011-09-25 00:20 - 2011-09-25 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{DCB3B23B-C495-491A-BFF1-2A353C8347E1}
    2011-09-25 00:20 - 2011-09-25 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CC2F58B5-D079-404E-9D37-6E55283ED68E}
    2011-09-22 23:00 - 2011-02-08 20:06 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\ICAClient
    2011-09-21 21:55 - 2011-09-21 21:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D58A7D49-A28D-45AB-AADE-6B41D88BCBB3}
    2011-09-21 21:54 - 2011-09-21 21:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CC24DD29-11B0-4F33-9502-A7F2DE018F91}
    2011-09-20 20:05 - 2011-09-20 20:03 - 0014822 ____A C:\Users\Mummy\Documents\Tudor Money.docx
    2011-09-20 17:13 - 2011-01-24 23:58 - 0000000 ____D C:\Users\Callum\AppData\LocalLow
    2011-09-20 17:12 - 2011-09-20 17:12 - 0000000 ____D C:\Program Files (x86)\alotappbar
    2011-09-20 17:12 - 2011-03-10 22:03 - 0000000 ____D C:\Users\Mummy\AppData\LocalLow
    2011-09-16 20:35 - 2011-09-16 20:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{238543A1-7523-4D24-8568-89F91A05B666}
    2011-09-16 20:35 - 2011-09-16 20:34 - 0000000 ____D C:\Users\Daddy\AppData\Local\{FAB9D85D-1D3B-48A0-8E76-7D33A86B9986}
    2011-09-13 01:08 - 2011-09-13 01:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{482E6F4B-EA2E-4786-882E-9DD1F431C845}
    2011-09-13 01:07 - 2011-09-13 01:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{76026A56-BB38-468D-922B-15B48816F950}
    2011-09-11 00:14 - 2011-09-11 00:13 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C9B4E8F6-AD8E-41FB-8031-83242A68A516}
    2011-09-11 00:13 - 2011-09-11 00:13 - 0000000 ____D C:\Users\Daddy\AppData\Local\{34188E65-8DBA-4C1B-BA68-F6F4F1A8443D}
    2011-09-10 23:15 - 2011-09-10 23:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CF895EAD-C062-4BD4-A52B-E1AE9341FD50}
    2011-09-10 23:14 - 2011-09-10 23:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{96D888BD-8AD6-438D-A240-0C354826028D}
    2011-09-08 00:57 - 2011-09-08 00:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6D7557BA-E2A5-4E5D-B84F-DAD1E37D9B2C}
    2011-09-08 00:57 - 2011-09-08 00:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{021813A8-7659-4BB5-9FFF-382B120E7EB8}
    2011-09-08 00:24 - 2011-09-08 00:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{96E37450-3BA4-4F31-BD5D-2F5009E21938}
    2011-09-08 00:24 - 2011-09-08 00:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{028D76D2-EB8C-48E8-A09F-0FA231437D28}
    2011-09-08 00:13 - 2011-09-07 20:02 - 0391601 ____A C:\Users\Callum\Documents\Tudor Cover Page.pptx
    2011-09-07 20:02 - 2011-09-07 20:02 - 0000165 ___AH C:\Users\Callum\Documents\~$Tudor Cover Page.pptx
    2011-09-07 19:54 - 2011-09-07 19:54 - 0000000 ____D C:\Users\Callum\AppData\Local\Microsoft Help
    2011-09-06 21:45 - 2011-02-05 22:07 - 0254400 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2011-09-06 21:45 - 2011-02-05 22:06 - 0199304 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2011-09-06 21:45 - 2011-02-05 22:06 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
    2011-09-06 21:38 - 2011-10-16 20:29 - 0601944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2011-09-06 21:38 - 2011-02-05 22:07 - 0301912 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2011-09-06 21:36 - 2011-02-05 22:07 - 0065368 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2011-09-06 21:36 - 2011-02-05 22:07 - 0058200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2011-09-06 21:36 - 2011-02-05 22:07 - 0042328 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2011-09-06 21:36 - 2011-02-05 22:07 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2011-09-06 18:57 - 2011-09-06 18:57 - 0000000 ____D C:\Users\Daddy\Documents\LEGO Creations
    2011-09-06 18:57 - 2011-09-06 18:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\LEGO Software
    2011-09-06 18:47 - 2011-09-06 18:47 - 0002397 ____A C:\Users\Public\Desktop\LEGO Universe.lnk
    2011-09-06 18:47 - 2011-09-06 18:47 - 0000000 ____D C:\Program Files (x86)\LEGO Software
    2011-09-06 18:38 - 2011-09-06 18:38 - 0000000 ____D C:\Users\Daddy\AppData\Local\Chromium
    2011-09-04 18:01 - 2011-09-04 18:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D24F64EE-66FE-4323-A84A-D9ACD02FA391}
    2011-09-04 18:01 - 2011-09-04 18:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{76F8FFF6-6235-47A3-A986-F149038DB671}
    2011-09-04 14:44 - 2011-09-04 14:44 - 0000000 ____D C:\Users\Mummy\Documents\LEGO Creations
    2011-09-04 14:44 - 2011-09-04 14:44 - 0000000 ____D C:\Users\Mummy\AppData\Local\LEGO Software
    2011-09-04 14:36 - 2011-09-04 14:36 - 0000000 ____D C:\Users\Mummy\AppData\Local\Chromium
    2011-09-04 14:35 - 2011-09-04 14:35 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 49%
    Total physical RAM: 3958.68 MB
    Available physical RAM: 1987.43 MB
    Total Pagefile: 7915.48 MB
    Available Pagefile: 5614.17 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:306.23 GB) NTFS ==>[System with boot components]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 100 MB 1024 KB
    Partition 2 Primary 14 GB 101 MB
    Partition 3 Primary 451 GB 14 GB
    Partition 4 Primary 1016 KB 465 GB

    Disk: 0
    Partition 4
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    ==========================================================

    Last Boot: 2011-12-02 18:27

    ======================= End Of Log ==========================
     
  7. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    I have some questions.
    Look at your drive C. 4 partitions are listed:
    Partition 1 is your recovery partition.
    Did you split your hard drive into Partition 2 (I'd assume containing Windows) and Partition 3 (for data?)?
    I'd assume you have no idea what Partition 4 is?
     
  8. frh

    frh TS Rookie Topic Starter Posts: 41

    Disk Partitions

    Hello Broni.

    I have done nothing to the disk partitions since I purchased the machine.

    The Disk Management entry for the C: drive shows the following:

    Volume Layout Type File System Status Capacity Free Space % Free Fault Tolerance Overhead
    Simple Basic Healthy (OEM Partition) 100MB 100MB 100% No 0%
    Simple Basic Healthy (Active, Primary Partition 1MB 1MB 100% No 0%
    OS (C:) Simple Basic NTFS Healthy (Boot, Page File, Crash Dump, Primary Partition)451.01GB 306.21 GB 68% No 0%
    RecoverySimple Basic NTFS Healthy (System, Primary Partition) 14.65GB 7.30GB 50% No 0%
     
  9. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Let's try one more thing before we'll deal with that hidden partition.

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  10. frh

    frh TS Rookie Topic Starter Posts: 41

    Hi Broni,

    Scan results for TDSS:

    ***Infected MBR detected
    Repair succeeded


    I have done a few searches in all the browsers I have installed (Firefox, IE8, Safari, Chrome), and so far I see none of the previous symptoms.

    Thanks.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Very good :)

    Give me fresh Bootkit Remover log.
     
     
  12. frh

    frh TS Rookie Topic Starter Posts: 41

    Hi Broni.

    I spoke too soon :/

    Not long after the FixTDSS procedure and whilst browsing, I got a blue screen. I tried a system repair twice, which failed:

    Prob event name: StartupRepairOffline
    Prob Sig 01: 6.1.7600.16385
    02: ditto
    O3 unknown
    04 157 (on second run showed as 21200625)
    05 AutoFailover
    06 1 (on second run showed as 3)
    07 0x109
    Os version 6.1.7600.2.0.0.256.1
    Locale ID 1033

    From the dump log, which I can only access via windows command prompt, I isolated this:

    Root cause found:
    Unknown Bugcheck: Bugcheck 109. Parameters = 0xa3a039d89b5a7519, 0xb3b7465eedd8ab9b, 0xfffff80000bac5cc, 0x1

    What now?

    Thanks.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    bootrec /fixboot

    exit

    Restart computer.
     
  14. frh

    frh TS Rookie Topic Starter Posts: 41

    Hi Broni,

    I followed your fixmbr/fixboot instructions. After each a "success" message was displayed.

    On restart windows begins to load, however there is a brief flash of a blue screen, and a divert to the repair screen. Startup Repair fails. I did try a restore to earlier system backup earlier today. This also failed.

    Thanks.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Did you try Safe Mode?
     
  16. frh

    frh TS Rookie Topic Starter Posts: 41

    Same problem with Safe Mode.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  18. frh

    frh TS Rookie Topic Starter Posts: 41

    HI Broni,

    I made the bootable CD as per your instructions.

    When I attempted to boot the machine using the CD, it showed the REATOGO-X-PE load-bar, then an XP splash screen. Before any desktop was displayed there was a boot screen, advising a check for viruses and the performance of CHKDSK /F.

    I tried again, and after the load bar filled the machine powered off. I have tried to get into the system repair options and again the machine powered off.

    Looking desperate now ............

    Thanks.
     
  19. frh

    frh TS Rookie Topic Starter Posts: 41

    I have tried again after leaving the machine off for a little while. It is now attempting to boot from the CD again .......
     
  20. frh

    frh TS Rookie Topic Starter Posts: 41

    As before; blue screen after trying to boot from CD. At least it has stopped powering off ........
     
  21. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    We may have some hard drive problem.

    Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard drive diagnostic)
    Make sure, you select tool, which is appropriate for the brand of your hard drive.
    Depending on the program, it'll create bootable floppy, or bootable CD.
    If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
    For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Pa...rivesUSandCanada/SoftwareUtilities#diagnostic

    Note : If you do not know how to set your computer to boot from CD follow the steps HERE
     
  22. frh

    frh TS Rookie Topic Starter Posts: 41

    Hi Broni,

    I went for the DOS version of DLG; I assume this was the correct thing to do?

    I booted from the disk. I immediately got a "NO CRIVE FOUND ERROR/STATUS CODE: 0120" message.

    I don't know how relevant it is, but yesterday I managed to use the Dell Recovery disk utility to back up data from the hard drive to an external USB drive. I.e. the drive is there and recognisable to some extent.

    I see from forums that others have had similar boot issues after running FixTDSS. Is it possible that this is the problem for me?

    Thanks.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    The drive may be still accessible to backup data but it may be damaged enough to not be able to boot.
    This is what WD says about error 120: http://support.wdc.com/techinfo/general/errorcodes.asp
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.