Inactive Laptop taken over by apype and smartwebsearch

[frh]

Cannot get to X:\SOURCES

Hi Broni,


This is what I get on F8:


Choose Advanced Options for : WIndows 7

Repair your computer

Safe Mode
Safe Mode with networking
Safe Mode with Command Prompt

Enable Boot Logging
Enable low-resolution video (640x480)
Last Know Good Configuration (advanced)
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement

Start Windows normally


There is no Command Prompt option other than that in Safe Mode. I am assuming that I need a command prompt outside of Windows. If I do go into the Safe Mode with Command Prompt option, I see a c: directory, and cannot switch to an x: drive.

Where do I go from here please?

Thanks.

 

[Broni]

Always read my instructions very carefully.
Go back to my link and re-read.
You should select "Repair your computer" and go from there.

 

[frh]

Repair Your Computer does not work

Hello Broni,

When I select "Repair Your Computer", I get the "Windows is loading files message", the load bar fills quickly, then nothing happens (no hard disk activity apparent). After several minutes the computer either shuts down, or (more frequently) Windows loads as normal.

Now I am really worried!

Thanks.

 

[Broni]

You may be infected with the newest TDL rootkit.

Let's see....

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

• Double click on downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log (FRST.txt) on your desktop.
• Please copy and paste it to your reply.

 

[frh]

Farbars Scan Pt 1

Hello Broni,

Scan results below. Part 2 to follow.

Thanks.




Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by Daddy at 2011-12-02 19:31:00
Running from C:\Users\Daddy\Desktop
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\Callum\...\Run: [49E.exe] C:\Users\Callum\AppData\Roaming\Microsoft\5487\49E.exe [x]
HKU\Callum\...\Policies\system: [LogonHoursAction] 2
HKU\Callum\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Callum\...\Winlogon: [Shell] explorer.exe,C:\Users\Callum\AppData\Roaming\7C4E8\1B154.exe
HKU\Mummy\...\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1483264 2010-12-21] (Nokia)
HKU\Mummy\...\Run: [49E.exe] C:\Users\Mummy\AppData\Roaming\Microsoft\5487\49E.exe [x]
HKU\Mummy\...\Policies\system: [LogonHoursAction] 2
HKU\Mummy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mummy\...\Winlogon: [Shell] explorer.exe,C:\Users\Mummy\AppData\Roaming\7C4E8\1B154.exe
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-02 19:29 - 2011-12-02 19:29 - 1377555 ____A C:\Users\Daddy\Desktop\FRST64.exe
2011-12-02 17:11 - 2011-12-02 17:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{75D25876-DFC9-46CE-8FA6-A1A4D0333732}
2011-12-02 17:11 - 2011-12-02 17:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{23F59F62-B813-42C3-9AA7-79B301812A5C}
2011-12-02 17:09 - 2011-12-02 17:09 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2011-12-02 03:14 - 2011-12-02 03:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4D3A0DE9-79BF-4A96-9587-7D20B51D9F6D}
2011-12-02 03:14 - 2011-12-02 03:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{38C6A593-E2E2-4548-A14C-FB7A48D0748E}
2011-11-30 17:23 - 2011-11-30 17:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{00D35B38-2BD4-43C5-B98B-80803CCE9E05}
2011-11-30 17:20 - 2011-11-30 17:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{41F604B1-7952-4FCC-B3BD-D48773A07AFE}
2011-11-30 01:57 - 2011-11-30 01:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B71767B9-24CC-44C7-9E7C-87B192CBB567}
2011-11-30 01:56 - 2011-11-30 01:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{141C2DFB-3B3F-4776-8E5A-3E2C6311B18E}
2011-11-28 22:20 - 2011-11-28 22:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7CD59C7A-EC7F-4846-917B-650FB762452F}
2011-11-28 22:20 - 2011-11-28 22:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5F739D53-28FA-4F09-98B5-0375DE63C353}
2011-11-28 22:05 - 2011-11-28 22:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A332030C-E9AA-41FD-9F2F-7D02DE43A06A}
2011-11-28 22:05 - 2011-11-28 22:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C0656FEB-8730-4353-B909-79C532428744}
2011-11-28 21:35 - 2011-11-28 21:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{78E5BE88-6B6B-4E58-A597-F7D775B25130}
2011-11-28 21:35 - 2011-11-28 21:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7124B92C-B8B8-44D4-A2FA-7928624BAF5B}
2011-11-28 21:22 - 2011-11-28 21:22 - 0000000 ____D C:\Users\Daddy\AppData\Local\{18CCCDB4-E314-4FA6-99A6-DB71B845B309}
2011-11-25 01:54 - 2011-11-25 01:55 - 0000000 ____D C:\Users\Daddy\AppData\Local\{40CE25FE-D15D-4D0B-987C-5C9113588557}
2011-11-25 01:54 - 2011-11-25 01:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{50EA1BFB-2778-474B-93DD-0BA170157FDD}
2011-11-25 01:14 - 2011-11-25 01:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{89BD194E-4F8F-4E58-B153-86D99B480476}
2011-11-25 01:14 - 2011-11-25 01:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3D4A723B-56FF-4B5F-AD60-2508F79947E4}
2011-11-25 00:43 - 2011-11-25 00:43 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A95D7B9A-623F-4302-8928-0AF3F343AB2A}
2011-11-25 00:01 - 2011-11-25 00:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C3A881C3-111D-4561-9CAF-76579F05299E}
2011-11-25 00:01 - 2011-11-25 00:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5B3F9F57-B656-474C-88C1-2BBA55255297}
2011-11-24 23:54 - 2011-11-24 23:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{429176A2-93EA-4819-9A84-1178ED124285}
2011-11-24 23:53 - 2011-11-24 23:53 - 0000000 ____D C:\Users\Daddy\AppData\Local\{71F1FFCF-B71A-4D29-9948-8AED955B7765}
2011-11-24 23:33 - 2011-11-24 23:33 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4861B47-7B36-40F8-BA06-4BA188030F09}
2011-11-24 23:32 - 2011-11-24 23:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{8EA97EC2-96CB-4F17-B46C-752F041700B9}
2011-11-24 23:30 - 2011-11-24 23:30 - 0262144 ____A C:\Windows\Minidump\112411-18891-01.dmp
2011-11-24 22:42 - 2011-11-24 22:45 - 0058583 ____A C:\Users\Daddy\Desktop\bootkit_remover_debug_log.txt
2011-11-24 22:40 - 2011-11-24 22:41 - 0000000 ____D C:\Users\Daddy\Desktop\bootkit_remover
2011-11-24 22:40 - 2011-11-24 22:40 - 0044607 ____A C:\Users\Daddy\Desktop\bootkit_remover.zip
2011-11-24 22:36 - 2011-11-24 22:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B47FE670-5C7E-4ABE-8A30-4789A0F02657}
2011-11-24 22:36 - 2011-11-24 22:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{9CF922DA-F8BF-4BB1-9015-BD08920AA2AC}
2011-11-24 00:16 - 2011-11-24 00:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{09FBBCF3-C3D8-479A-877F-A23EBE64071D}
2011-11-24 00:16 - 2011-11-24 00:16 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5C8551E3-24B0-419B-84CD-A35AAE7EFADE}
2011-11-23 20:39 - 2011-11-23 20:39 - 0000000 ____D C:\Users\Daddy\AppData\Local\{21BE17EA-E82B-4677-993A-0C90B19D9242}
2011-11-23 20:38 - 2011-11-23 20:39 - 0000000 ____D C:\Users\Daddy\AppData\Local\{18634E2E-BF1E-40E7-A771-9F9A385BD597}
2011-11-23 00:20 - 2011-11-23 00:21 - 0000000 ____D C:\Users\Daddy\AppData\Local\{69E76B89-68CD-45C8-8F02-D5EF7AE1A0EA}
2011-11-23 00:20 - 2011-11-23 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{F41D546E-BB94-4A9B-AFCE-2395CA4578EA}
2011-11-23 00:15 - 2011-11-23 00:15 - 0113870 ____A C:\Users\Daddy\Desktop\OTL 6.Txt
2011-11-23 00:08 - 2011-11-23 00:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{110F7C98-5752-423F-BF90-E801F8831DEB}
2011-11-23 00:07 - 2011-11-23 00:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{70651BAA-AD19-44FA-A5FC-5228C41B4796}
2011-11-22 23:44 - 2011-11-22 23:44 - 0000646 ____A C:\Users\Daddy\Desktop\SystemLook.txt
2011-11-22 23:43 - 2011-11-22 23:43 - 0165376 ____A C:\Users\Daddy\Desktop\SystemLook_x64.exe
2011-11-22 22:34 - 2011-11-22 22:34 - 0113156 ____A C:\Users\Daddy\Desktop\OTL 5.Txt
2011-11-22 22:26 - 2011-11-22 22:26 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A8150411-734F-4E21-8E6D-BFE22A05B51A}
2011-11-22 22:26 - 2011-11-22 22:26 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3043279B-6227-4852-9399-FD6A4E51D54B}
2011-11-22 22:16 - 2011-11-22 22:16 - 0000022 ____A C:\Users\Daddy\Desktop\temp.txt
2011-11-22 22:14 - 2011-11-22 22:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CDB9D0DB-E56D-4F21-978E-A76926D5F100}
2011-11-22 22:13 - 2011-11-22 22:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E2A6B758-4077-45C3-BD5E-45BDA88A6319}
2011-11-22 05:29 - 2011-11-22 05:29 - 0114050 ____A C:\Users\Daddy\Desktop\OTL 4.Txt
2011-11-22 05:19 - 2011-11-22 05:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{AB419CAF-C2F8-4CCA-AC89-54FCC08807CE}
2011-11-22 05:18 - 2011-11-22 05:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{ADB3B6F0-7FF0-48CB-A252-02351906D813}
2011-11-22 04:54 - 2011-11-22 04:54 - 0114180 ____A C:\Users\Daddy\Desktop\OTL 3.Txt
2011-11-22 04:41 - 2011-11-22 04:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E2E09817-E277-4AA0-A55D-5657F5BF82CD}
2011-11-22 04:40 - 2011-11-22 04:40 - 0000000 ____D C:\Users\Daddy\AppData\Local\{DC0AD153-B620-4643-979A-FE6A8D9D02B1}
2011-11-22 04:10 - 2011-11-22 04:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{957FA4B2-6880-4BCF-B4C5-A2972BEC13D8}
2011-11-22 04:10 - 2011-11-22 04:10 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4120A0C-ED31-4970-AEB0-D68A66129E44}
2011-11-22 03:53 - 2011-11-28 21:48 - 0747396 ____A C:\Windows\ntbtlog.txt
2011-11-22 03:49 - 2011-11-22 03:49 - 0000000 ____D C:\Users\Daddy\AppData\Local\{228F0A0D-C961-45C2-BE2E-20393F840167}
2011-11-22 03:49 - 2011-11-22 03:49 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0799F999-605E-4E7C-95B0-83C26E5CE6C9}
2011-11-22 03:09 - 2011-11-22 03:09 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CCDD6E87-DF2F-4E33-908D-871A959F904F}
2011-11-22 03:09 - 2011-11-22 03:09 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C0EA4F15-218D-4DE2-A03A-1C9A63A5F359}
2011-11-22 01:55 - 2011-11-22 01:56 - 0003633 ____A C:\Users\Daddy\Desktop\OTL 2.txt
2011-11-22 01:52 - 2011-11-22 01:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7084EB2B-95BE-43B8-97C1-43DCC21AEC59}
2011-11-22 01:52 - 2011-11-22 01:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4A04BC3A-025E-450E-8493-E29460CDB901}
2011-11-22 01:46 - 2011-11-22 01:46 - 0000000 ____D C:\_OTL
2011-11-22 01:29 - 2011-11-22 01:30 - 0000000 ____D C:\Users\Daddy\AppData\Local\{25F3A49C-2AF9-4B5A-AB28-1EDF1C8C8C28}
2011-11-22 01:29 - 2011-11-22 01:29 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7EE5991D-6395-4D24-910D-0DBB27E96063}
2011-11-22 01:28 - 2011-11-22 01:28 - 0000000 __SHD C:\$RECYCLE.BIN
2011-11-22 00:14 - 2011-11-23 00:14 - 0113870 ____A C:\Users\Daddy\Desktop\OTL.Txt
2011-11-22 00:14 - 2011-11-22 00:14 - 0068286 ____A C:\Users\Daddy\Desktop\Extras.Txt
2011-11-22 00:03 - 2011-11-22 00:03 - 0584192 ____A (OldTimer Tools) C:\Users\Daddy\Desktop\OTL.exe
2011-11-21 23:46 - 2011-11-21 23:46 - 0027582 ____A C:\Users\Daddy\Desktop\ComboFix 2.txt
2011-11-21 23:45 - 2011-11-21 23:45 - 0027582 ____A C:\ComboFix.txt
2011-11-21 22:34 - 2011-11-21 23:45 - 0000000 ____D C:\ComboFix
2011-11-21 22:18 - 2011-11-21 22:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5E7B5DCA-C3B3-4A99-9D3D-680C7A78E055}
2011-11-21 22:18 - 2011-11-21 22:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{1C3D6565-DAD5-43F7-8C4F-E40F215061BB}
2011-11-21 01:17 - 2011-11-21 01:17 - 0022093 ____A C:\Users\Daddy\Desktop\ComboFix.txt
2011-11-21 00:03 - 2011-06-26 07:45 - 0256000 ____A C:\Windows\PEV.exe
2011-11-21 00:03 - 2010-11-07 18:20 - 0208896 ____A C:\Windows\MBR.exe
2011-11-21 00:03 - 2009-04-20 05:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-11-21 00:03 - 2000-08-31 01:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-11-21 00:03 - 2000-08-31 01:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-11-21 00:03 - 2000-08-31 01:00 - 0098816 ____A C:\Windows\sed.exe
2011-11-21 00:03 - 2000-08-31 01:00 - 0080412 ____A C:\Windows\grep.exe
2011-11-21 00:03 - 2000-08-31 01:00 - 0068096 ____A C:\Windows\zip.exe
2011-11-20 23:56 - 2011-11-21 00:59 - 0000000 ____D C:\Windows\ERDNT
2011-11-20 23:30 - 2011-11-28 21:55 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2011-11-20 23:30 - 2011-11-28 21:55 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2011-11-20 00:52 - 2011-11-21 23:45 - 0000000 ____D C:\Qoobox
2011-11-20 00:45 - 2011-11-21 22:29 - 4303424 ____R (Swearware) C:\Users\Daddy\Desktop\ComboFix.exe
2011-11-20 00:44 - 2011-11-20 00:44 - 0001572 ____A C:\Users\Daddy\Desktop\aswMBR.txt
2011-11-20 00:44 - 2011-11-20 00:44 - 0000512 ____A C:\Users\Daddy\Desktop\MBR.dat
2011-11-20 00:39 - 2011-11-20 00:39 - 1916416 ____A (AVAST Software) C:\Users\Daddy\Desktop\aswMBR.exe
2011-11-19 23:21 - 2011-11-19 23:21 - 0011304 ____A C:\Users\Daddy\Desktop\Attach.txt
2011-11-19 23:10 - 2011-11-19 23:10 - 0002355 ____A C:\Users\Daddy\Desktop\GMER.txt
2011-11-19 22:09 - 2011-11-19 22:09 - 0001530 ____A C:\Users\Daddy\Desktop\Post.txt
2011-11-19 22:05 - 2011-11-19 22:05 - 0000887 ____A C:\Users\Daddy\Desktop\mbam-log-2011-11-19 (22-05-18).txt
2011-11-19 21:48 - 2011-11-19 23:21 - 0029164 ____A C:\Users\Daddy\Desktop\DDS.txt
2011-11-19 20:58 - 2011-11-19 20:58 - 0000000 ____A C:\Users\Daddy\Desktop\gmer.log
2011-11-19 20:47 - 2011-11-19 20:47 - 0607260 ____R (Swearware) C:\Users\Daddy\Desktop\dds.scr
2011-11-19 20:43 - 2011-11-19 20:43 - 0071787 ____A C:\Users\Daddy\Desktop\8 Step Guide.docx
2011-11-19 20:34 - 2011-11-19 20:34 - 0302592 ____A C:\Users\Daddy\Desktop\7wxwoicb.exe
2011-11-19 20:17 - 2011-11-19 20:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{63345C7D-CA91-4DDE-9B6C-13DEAB8BDCC6}
2011-11-19 20:17 - 2011-11-19 20:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{02F99136-B844-4E35-9B64-951485D46D9C}
2011-11-19 19:24 - 2011-11-19 19:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D8435C12-1580-4EE8-B6B2-4D304241ECAE}
2011-11-19 19:24 - 2011-11-19 19:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BDFDC5D8-FF77-4040-A255-5F5E98FDE185}
2011-11-19 19:22 - 2011-12-02 17:09 - 0011795 ____A C:\aaw7boot.log
2011-11-19 07:07 - 2011-11-19 07:07 - 0002259 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-11-19 02:08 - 2011-11-19 02:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2F578588-C781-431C-ADD9-0516BF9CAD46}
2011-11-19 02:07 - 2011-11-19 02:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D96D471F-F887-4943-BA8D-1BE6744B3711}
2011-11-19 01:17 - 2011-11-17 22:51 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2011-11-18 00:04 - 2011-11-18 00:04 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4DEB02B-6B22-4554-BE3D-380F4A674286}
2011-11-18 00:03 - 2011-11-18 00:04 - 0000000 ____D C:\Users\Daddy\AppData\Local\{220F4A37-1030-4E58-ACC9-EA1736633762}
2011-11-17 22:51 - 2011-11-17 22:51 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2011-11-17 22:48 - 2011-11-17 22:48 - 0001107 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\ProgramData\Lavasoft
2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2011-11-17 22:48 - 2011-11-03 12:06 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2011-11-17 22:46 - 2011-11-17 22:46 - 0000000 ____D C:\Users\Daddy\Downloads\AdAware
2011-11-17 22:06 - 2011-11-17 22:06 - 0000000 ____D C:\Windows\Sun
2011-11-17 22:02 - 2011-11-17 22:02 - 0000000 ____D C:\Users\Daddy\AppData\Local\{81547243-F6A2-4239-9C23-E069E5E74095}
2011-11-17 22:02 - 2011-11-17 22:02 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3FE19719-756B-404B-89D9-4B1082BC60D9}
2011-11-17 22:01 - 2011-11-17 22:01 - 0000344 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2011-11-17 04:56 - 2011-11-17 04:56 - 0000016 ____A C:\Windows\System32\config\software.szfi
2011-11-17 02:12 - 2011-11-17 02:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C83F3967-5A6B-4CC4-A910-458C64F5BBCC}
2011-11-17 02:11 - 2011-11-17 02:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{49FE06D3-4FB6-4D17-97A3-09501CE0289A}
2011-11-17 01:13 - 2011-11-17 01:15 - 0165252 ____A C:\TDSSKiller.2.6.19.0_17.11.2011_01.13.24_log.txt
2011-11-17 01:12 - 2011-11-17 01:12 - 1545858 ____A C:\Users\Daddy\Downloads\tdsskiller.zip
2011-11-17 01:12 - 2011-11-17 01:12 - 0000000 ____D C:\Users\Daddy\Downloads\TDSSKiller
2011-11-17 00:50 - 2011-11-17 00:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B7AF6830-B83F-4D30-A3AB-D0A07ED89A4B}
2011-11-17 00:50 - 2011-11-17 00:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A0C1B9FE-5C97-4CAD-B6B6-869C5B07B666}
2011-11-15 17:25 - 2011-11-15 17:25 - 0000000 ____D C:\Users\Daddy\AppData\Local\{31B81133-FD5A-4F7E-BCFC-0D0698FA715C}
2011-11-15 17:25 - 2011-11-15 17:25 - 0000000 ____D C:\Users\Daddy\AppData\Local\{181EA340-CA15-4186-8654-D6E91FC54FA1}
2011-11-15 17:14 - 2011-11-15 17:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{867956E2-F466-4ECF-8F75-97504C719CB7}
2011-11-15 17:14 - 2011-11-15 17:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6AD1A3C3-EA33-4060-9BA2-8E405CB7076D}
2011-11-15 00:42 - 2011-11-15 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BC66E416-D557-428A-8DDF-AC62A68E7AD0}
2011-11-15 00:42 - 2011-11-15 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A939B63C-FF12-4D6B-9B06-77650BCC780E}
2011-11-14 19:23 - 2011-11-14 19:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C55EDE01-C58B-4BA6-BC8C-7F7D4CDDCC26}
2011-11-14 19:23 - 2011-11-14 19:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C49AA169-4690-4196-9A34-E0B1EA4657DB}
2011-11-13 02:15 - 2011-11-13 02:15 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B260EFF4-0419-4833-9576-6648A05D0FF7}
2011-11-13 02:15 - 2011-11-13 02:15 - 0000000 ____D C:\Users\Daddy\AppData\Local\{90B51F54-335F-418D-A9BA-AC2010F8A5EC}
2011-11-13 01:50 - 2011-11-13 02:19 - 0000000 ____A C:\Users\Daddy\Downloads\jxpiinstall.exe
2011-11-13 01:46 - 2011-11-13 01:46 - 14753912 ____A (Mozilla) C:\Users\Daddy\Downloads\Firefox Setup 8.0.exe
2011-11-13 01:05 - 2011-11-13 01:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B4388EDC-CFA5-41B3-A1C2-40F2BA73CAD1}
2011-11-13 01:05 - 2011-11-13 01:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5F0B7321-5FFE-464E-B4A5-10382CFA2D46}
2011-11-12 19:49 - 2011-11-12 19:49 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-12 19:47 - 2011-11-12 19:48 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7670782F-5632-4DEA-B553-4479C38DE2A4}
2011-11-12 19:47 - 2011-11-12 19:47 - 0000000 ____D C:\Users\Daddy\AppData\Local\{68703C67-9D01-4F8C-9F4A-75E0C5AEFC5B}
2011-11-12 00:05 - 2011-11-12 00:05 - 0000000 ___HD C:\Users\All Users\CanonIJEGV
2011-11-12 00:05 - 2011-11-12 00:05 - 0000000 ___HD C:\ProgramData\CanonIJEGV
2011-11-11 23:54 - 2011-11-11 23:56 - 10260664 ____A C:\Users\Daddy\Downloads\MP980_GS_EN-US_V3.pdf
2011-11-11 23:52 - 2011-11-11 23:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A3063E73-CECB-437F-A8B0-6F054BA57505}
2011-11-11 23:52 - 2011-11-11 23:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{91F1BC4B-9AAD-4E23-8B5B-35636FFC9A26}
2011-11-11 01:51 - 2011-09-29 17:24 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-11-11 01:51 - 2011-09-29 05:09 - 3141120 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-11 01:38 - 2011-11-11 01:38 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E788BC36-449E-4918-B6B0-50F123A4305E}
2011-11-10 15:06 - 2011-11-10 15:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{66A37168-9B2D-48E8-90EE-A349C7ACF0A2}
2011-11-10 15:06 - 2011-11-10 15:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6154443F-D3EF-4819-9FBD-06F2B7894590}
2011-11-10 14:51 - 2011-11-10 14:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{390B54B8-0CA0-42FF-9FD0-C7CA3BBA4578}
2011-11-06 23:12 - 2011-11-06 23:14 - 0000000 ____D C:\Users\Daddy\Documents\Photos
2011-11-06 23:12 - 2011-11-06 23:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E629B392-F9B7-4889-A277-E43D4BEE4961}
2011-11-04 20:41 - 2011-11-04 20:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{60AB8944-1C45-4416-803D-455132F4B967}
2011-11-04 20:41 - 2011-11-04 20:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2A95A727-8526-4BC1-A6E5-56EC93220E9F}

 

[frh]

============ 3 Months Modified Files and Folders =============

2011-12-02 19:31 - 2011-12-02 19:30 - 0000000 ____D C:\FRST
2011-12-02 19:29 - 2011-12-02 19:29 - 1377555 ____A C:\Users\Daddy\Desktop\FRST64.exe
2011-12-02 19:27 - 2011-02-26 13:48 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-12-02 18:37 - 2011-01-17 06:21 - 1757875 ____A C:\Windows\WindowsUpdate.log
2011-12-02 17:18 - 2009-07-14 05:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-02 17:18 - 2009-07-14 05:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-02 17:12 - 2011-12-02 17:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{75D25876-DFC9-46CE-8FA6-A1A4D0333732}
2011-12-02 17:11 - 2011-12-02 17:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{23F59F62-B813-42C3-9AA7-79B301812A5C}
2011-12-02 17:11 - 2011-03-13 01:52 - 0000000 ____D C:\Users\Daddy\Tracing
2011-12-02 17:10 - 2011-01-17 07:28 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-12-02 17:09 - 2011-12-02 17:09 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2011-12-02 17:09 - 2011-11-19 19:22 - 0011795 ____A C:\aaw7boot.log
2011-12-02 17:09 - 2011-02-26 13:48 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-12-02 17:09 - 2011-01-24 20:34 - 0000000 ____D C:\Users\Daddy\AppData\Local\SoftThinks
2011-12-02 17:09 - 2011-01-17 06:18 - 3113234432 __ASH C:\hiberfil.sys
2011-12-02 17:09 - 2009-07-14 06:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-02 17:09 - 2009-07-14 05:51 - 0060288 ____A C:\Windows\setupact.log
2011-12-02 03:14 - 2011-12-02 03:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4D3A0DE9-79BF-4A96-9587-7D20B51D9F6D}
2011-12-02 03:14 - 2011-12-02 03:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{38C6A593-E2E2-4548-A14C-FB7A48D0748E}
2011-12-02 03:14 - 2011-01-17 06:48 - 0000000 ____D C:\Users\All Users\Sonic
2011-12-02 03:14 - 2011-01-17 06:48 - 0000000 ____D C:\ProgramData\Sonic
2011-11-30 17:23 - 2011-11-30 17:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{00D35B38-2BD4-43C5-B98B-80803CCE9E05}
2011-11-30 17:23 - 2011-11-30 17:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{41F604B1-7952-4FCC-B3BD-D48773A07AFE}
2011-11-30 01:57 - 2011-11-30 01:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B71767B9-24CC-44C7-9E7C-87B192CBB567}
2011-11-30 01:57 - 2011-11-30 01:56 - 0000000 ____D C:\Users\Daddy\AppData\Local\{141C2DFB-3B3F-4776-8E5A-3E2C6311B18E}
2011-11-28 22:20 - 2011-11-28 22:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7CD59C7A-EC7F-4846-917B-650FB762452F}
2011-11-28 22:20 - 2011-11-28 22:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5F739D53-28FA-4F09-98B5-0375DE63C353}
2011-11-28 22:06 - 2011-11-28 22:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A332030C-E9AA-41FD-9F2F-7D02DE43A06A}
2011-11-28 22:05 - 2011-11-28 22:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C0656FEB-8730-4353-B909-79C532428744}
2011-11-28 21:55 - 2011-11-20 23:30 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2011-11-28 21:55 - 2011-11-20 23:30 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2011-11-28 21:48 - 2011-11-22 03:53 - 0747396 ____A C:\Windows\ntbtlog.txt
2011-11-28 21:35 - 2011-11-28 21:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{78E5BE88-6B6B-4E58-A597-F7D775B25130}
2011-11-28 21:35 - 2011-11-28 21:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7124B92C-B8B8-44D4-A2FA-7928624BAF5B}
2011-11-28 21:22 - 2011-11-28 21:22 - 0000000 ____D C:\Users\Daddy\AppData\Local\{18CCCDB4-E314-4FA6-99A6-DB71B845B309}
2011-11-25 01:55 - 2011-11-25 01:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{40CE25FE-D15D-4D0B-987C-5C9113588557}
2011-11-25 01:54 - 2011-11-25 01:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{50EA1BFB-2778-474B-93DD-0BA170157FDD}
2011-11-25 01:14 - 2011-11-25 01:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{89BD194E-4F8F-4E58-B153-86D99B480476}
2011-11-25 01:14 - 2011-11-25 01:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3D4A723B-56FF-4B5F-AD60-2508F79947E4}
2011-11-25 00:43 - 2011-11-25 00:43 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A95D7B9A-623F-4302-8928-0AF3F343AB2A}
2011-11-25 00:38 - 2011-04-23 15:31 - 283971254 ____A C:\Windows\MEMORY.DMP
2011-11-25 00:01 - 2011-11-25 00:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C3A881C3-111D-4561-9CAF-76579F05299E}
2011-11-25 00:01 - 2011-11-25 00:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5B3F9F57-B656-474C-88C1-2BBA55255297}
2011-11-24 23:56 - 2009-07-14 06:13 - 0730448 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-24 23:54 - 2011-11-24 23:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{429176A2-93EA-4819-9A84-1178ED124285}
2011-11-24 23:53 - 2011-11-24 23:53 - 0000000 ____D C:\Users\Daddy\AppData\Local\{71F1FFCF-B71A-4D29-9948-8AED955B7765}
2011-11-24 23:37 - 2011-06-04 19:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\Apps\2.0
2011-11-24 23:33 - 2011-11-24 23:33 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4861B47-7B36-40F8-BA06-4BA188030F09}
2011-11-24 23:32 - 2011-11-24 23:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{8EA97EC2-96CB-4F17-B46C-752F041700B9}
2011-11-24 23:30 - 2011-11-24 23:30 - 0262144 ____A C:\Windows\Minidump\112411-18891-01.dmp
2011-11-24 23:30 - 2011-04-23 15:32 - 0000000 ____D C:\Windows\Minidump
2011-11-24 22:45 - 2011-11-24 22:42 - 0058583 ____A C:\Users\Daddy\Desktop\bootkit_remover_debug_log.txt
2011-11-24 22:41 - 2011-11-24 22:40 - 0000000 ____D C:\Users\Daddy\Desktop\bootkit_remover
2011-11-24 22:40 - 2011-11-24 22:40 - 0044607 ____A C:\Users\Daddy\Desktop\bootkit_remover.zip
2011-11-24 22:40 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\Daddy\Desktop\boot_cleaner.exe
2011-11-24 22:36 - 2011-11-24 22:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B47FE670-5C7E-4ABE-8A30-4789A0F02657}
2011-11-24 22:36 - 2011-11-24 22:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{9CF922DA-F8BF-4BB1-9015-BD08920AA2AC}
2011-11-24 00:17 - 2011-11-24 00:16 - 0000000 ____D C:\Users\Daddy\AppData\Local\{09FBBCF3-C3D8-479A-877F-A23EBE64071D}
2011-11-24 00:16 - 2011-11-24 00:16 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5C8551E3-24B0-419B-84CD-A35AAE7EFADE}
2011-11-23 20:39 - 2011-11-23 20:39 - 0000000 ____D C:\Users\Daddy\AppData\Local\{21BE17EA-E82B-4677-993A-0C90B19D9242}
2011-11-23 20:39 - 2011-11-23 20:38 - 0000000 ____D C:\Users\Daddy\AppData\Local\{18634E2E-BF1E-40E7-A771-9F9A385BD597}
2011-11-23 20:35 - 2011-01-17 06:53 - 0079030 ____A C:\Windows\PFRO.log
2011-11-23 00:21 - 2011-11-23 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{69E76B89-68CD-45C8-8F02-D5EF7AE1A0EA}
2011-11-23 00:20 - 2011-11-23 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{F41D546E-BB94-4A9B-AFCE-2395CA4578EA}
2011-11-23 00:15 - 2011-11-23 00:15 - 0113870 ____A C:\Users\Daddy\Desktop\OTL 6.Txt
2011-11-23 00:14 - 2011-11-22 00:14 - 0113870 ____A C:\Users\Daddy\Desktop\OTL.Txt
2011-11-23 00:08 - 2011-11-23 00:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{110F7C98-5752-423F-BF90-E801F8831DEB}
2011-11-23 00:08 - 2011-11-23 00:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{70651BAA-AD19-44FA-A5FC-5228C41B4796}
2011-11-22 23:44 - 2011-11-22 23:44 - 0000646 ____A C:\Users\Daddy\Desktop\SystemLook.txt
2011-11-22 23:43 - 2011-11-22 23:43 - 0165376 ____A C:\Users\Daddy\Desktop\SystemLook_x64.exe
2011-11-22 22:34 - 2011-11-22 22:34 - 0113156 ____A C:\Users\Daddy\Desktop\OTL 5.Txt
2011-11-22 22:26 - 2011-11-22 22:26 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A8150411-734F-4E21-8E6D-BFE22A05B51A}
2011-11-22 22:26 - 2011-11-22 22:26 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3043279B-6227-4852-9399-FD6A4E51D54B}
2011-11-22 22:16 - 2011-11-22 22:16 - 0000022 ____A C:\Users\Daddy\Desktop\temp.txt
2011-11-22 22:14 - 2011-11-22 22:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CDB9D0DB-E56D-4F21-978E-A76926D5F100}
2011-11-22 22:14 - 2011-11-22 22:13 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E2A6B758-4077-45C3-BD5E-45BDA88A6319}
2011-11-22 05:29 - 2011-11-22 05:29 - 0114050 ____A C:\Users\Daddy\Desktop\OTL 4.Txt
2011-11-22 05:19 - 2011-11-22 05:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{AB419CAF-C2F8-4CCA-AC89-54FCC08807CE}
2011-11-22 05:19 - 2011-11-22 05:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{ADB3B6F0-7FF0-48CB-A252-02351906D813}
2011-11-22 04:54 - 2011-11-22 04:54 - 0114180 ____A C:\Users\Daddy\Desktop\OTL 3.Txt
2011-11-22 04:41 - 2011-11-22 04:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E2E09817-E277-4AA0-A55D-5657F5BF82CD}
2011-11-22 04:40 - 2011-11-22 04:40 - 0000000 ____D C:\Users\Daddy\AppData\Local\{DC0AD153-B620-4643-979A-FE6A8D9D02B1}
2011-11-22 04:11 - 2011-11-22 04:10 - 0000000 ____D C:\Users\Daddy\AppData\Local\{957FA4B2-6880-4BCF-B4C5-A2972BEC13D8}
2011-11-22 04:10 - 2011-11-22 04:10 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4120A0C-ED31-4970-AEB0-D68A66129E44}
2011-11-22 03:49 - 2011-11-22 03:49 - 0000000 ____D C:\Users\Daddy\AppData\Local\{228F0A0D-C961-45C2-BE2E-20393F840167}
2011-11-22 03:49 - 2011-11-22 03:49 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0799F999-605E-4E7C-95B0-83C26E5CE6C9}
2011-11-22 03:09 - 2011-11-22 03:09 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CCDD6E87-DF2F-4E33-908D-871A959F904F}
2011-11-22 03:09 - 2011-11-22 03:09 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C0EA4F15-218D-4DE2-A03A-1C9A63A5F359}
2011-11-22 01:56 - 2011-11-22 01:55 - 0003633 ____A C:\Users\Daddy\Desktop\OTL 2.txt
2011-11-22 01:52 - 2011-11-22 01:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7084EB2B-95BE-43B8-97C1-43DCC21AEC59}
2011-11-22 01:52 - 2011-11-22 01:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4A04BC3A-025E-450E-8493-E29460CDB901}
2011-11-22 01:46 - 2011-11-22 01:46 - 0000000 ____D C:\_OTL
2011-11-22 01:30 - 2011-11-22 01:29 - 0000000 ____D C:\Users\Daddy\AppData\Local\{25F3A49C-2AF9-4B5A-AB28-1EDF1C8C8C28}
2011-11-22 01:29 - 2011-11-22 01:29 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7EE5991D-6395-4D24-910D-0DBB27E96063}
2011-11-22 01:28 - 2011-11-22 01:28 - 0000000 __SHD C:\$RECYCLE.BIN
2011-11-22 00:14 - 2011-11-22 00:14 - 0068286 ____A C:\Users\Daddy\Desktop\Extras.Txt
2011-11-22 00:03 - 2011-11-22 00:03 - 0584192 ____A (OldTimer Tools) C:\Users\Daddy\Desktop\OTL.exe
2011-11-21 23:46 - 2011-11-21 23:46 - 0027582 ____A C:\Users\Daddy\Desktop\ComboFix 2.txt
2011-11-21 23:45 - 2011-11-21 23:45 - 0027582 ____A C:\ComboFix.txt
2011-11-21 23:45 - 2011-11-21 22:34 - 0000000 ____D C:\ComboFix
2011-11-21 23:45 - 2011-11-20 00:52 - 0000000 ____D C:\Qoobox
2011-11-21 23:25 - 2009-07-14 03:34 - 0000215 ____A C:\Windows\system.ini
2011-11-21 23:23 - 2009-07-14 03:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2011-11-21 22:29 - 2011-11-20 00:45 - 4303424 ____R (Swearware) C:\Users\Daddy\Desktop\ComboFix.exe
2011-11-21 22:18 - 2011-11-21 22:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5E7B5DCA-C3B3-4A99-9D3D-680C7A78E055}
2011-11-21 22:18 - 2011-11-21 22:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{1C3D6565-DAD5-43F7-8C4F-E40F215061BB}
2011-11-21 01:17 - 2011-11-21 01:17 - 0022093 ____A C:\Users\Daddy\Desktop\ComboFix.txt
2011-11-21 01:16 - 2009-07-14 04:20 - 0000000 __RHD C:\users\Default
2011-11-21 01:16 - 2009-07-14 04:20 - 0000000 ___RD C:\users\Public
2011-11-21 00:59 - 2011-11-20 23:56 - 0000000 ____D C:\Windows\ERDNT
2011-11-20 00:44 - 2011-11-20 00:44 - 0001572 ____A C:\Users\Daddy\Desktop\aswMBR.txt
2011-11-20 00:44 - 2011-11-20 00:44 - 0000512 ____A C:\Users\Daddy\Desktop\MBR.dat
2011-11-20 00:39 - 2011-11-20 00:39 - 1916416 ____A (AVAST Software) C:\Users\Daddy\Desktop\aswMBR.exe
2011-11-19 23:21 - 2011-11-19 23:21 - 0011304 ____A C:\Users\Daddy\Desktop\Attach.txt
2011-11-19 23:21 - 2011-11-19 21:48 - 0029164 ____A C:\Users\Daddy\Desktop\DDS.txt
2011-11-19 23:10 - 2011-11-19 23:10 - 0002355 ____A C:\Users\Daddy\Desktop\GMER.txt
2011-11-19 22:09 - 2011-11-19 22:09 - 0001530 ____A C:\Users\Daddy\Desktop\Post.txt
2011-11-19 22:05 - 2011-11-19 22:05 - 0000887 ____A C:\Users\Daddy\Desktop\mbam-log-2011-11-19 (22-05-18).txt
2011-11-19 20:58 - 2011-11-19 20:58 - 0000000 ____A C:\Users\Daddy\Desktop\gmer.log
2011-11-19 20:47 - 2011-11-19 20:47 - 0607260 ____R (Swearware) C:\Users\Daddy\Desktop\dds.scr
2011-11-19 20:43 - 2011-11-19 20:43 - 0071787 ____A C:\Users\Daddy\Desktop\8 Step Guide.docx
2011-11-19 20:34 - 2011-11-19 20:34 - 0302592 ____A C:\Users\Daddy\Desktop\7wxwoicb.exe
2011-11-19 20:17 - 2011-11-19 20:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{63345C7D-CA91-4DDE-9B6C-13DEAB8BDCC6}
2011-11-19 20:17 - 2011-11-19 20:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{02F99136-B844-4E35-9B64-951485D46D9C}
2011-11-19 19:24 - 2011-11-19 19:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D8435C12-1580-4EE8-B6B2-4D304241ECAE}
2011-11-19 19:24 - 2011-11-19 19:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BDFDC5D8-FF77-4040-A255-5F5E98FDE185}
2011-11-19 07:07 - 2011-11-19 07:07 - 0002259 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-11-19 07:06 - 2011-02-26 13:48 - 0000000 ____D C:\Program Files (x86)\Google
2011-11-19 02:08 - 2011-11-19 02:08 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2F578588-C781-431C-ADD9-0516BF9CAD46}
2011-11-19 02:08 - 2011-11-19 02:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D96D471F-F887-4943-BA8D-1BE6744B3711}
2011-11-18 07:32 - 2011-03-19 21:08 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\Skype
2011-11-18 02:17 - 2011-01-25 00:40 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\GanymedeNet
2011-11-18 00:51 - 2011-01-25 00:40 - 0000000 ____D C:\Program Files (x86)\Ganymede
2011-11-18 00:34 - 2011-07-31 14:37 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-11-18 00:34 - 2011-07-31 14:37 - 0000000 ____D C:\ProgramData\Skype Extras
2011-11-18 00:24 - 2011-03-19 21:20 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\skypePM
2011-11-18 00:04 - 2011-11-18 00:04 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D4DEB02B-6B22-4554-BE3D-380F4A674286}
2011-11-18 00:04 - 2011-11-18 00:03 - 0000000 ____D C:\Users\Daddy\AppData\Local\{220F4A37-1030-4E58-ACC9-EA1736633762}
2011-11-17 22:51 - 2011-11-19 01:17 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2011-11-17 22:51 - 2011-11-17 22:51 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2011-11-17 22:48 - 2011-11-17 22:48 - 0001107 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\ProgramData\Lavasoft
2011-11-17 22:48 - 2011-11-17 22:48 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2011-11-17 22:46 - 2011-11-17 22:46 - 0000000 ____D C:\Users\Daddy\Downloads\AdAware
2011-11-17 22:06 - 2011-11-17 22:06 - 0000000 ____D C:\Windows\Sun
2011-11-17 22:05 - 2011-04-23 15:18 - 0000000 ____D C:\Users\All Users\STOPzilla!
2011-11-17 22:05 - 2011-04-23 15:18 - 0000000 ____D C:\ProgramData\STOPzilla!
2011-11-17 22:02 - 2011-11-17 22:02 - 0000000 ____D C:\Users\Daddy\AppData\Local\{81547243-F6A2-4239-9C23-E069E5E74095}
2011-11-17 22:02 - 2011-11-17 22:02 - 0000000 ____D C:\Users\Daddy\AppData\Local\{3FE19719-756B-404B-89D9-4B1082BC60D9}
2011-11-17 22:01 - 2011-11-17 22:01 - 0000344 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2011-11-17 21:58 - 2011-04-23 14:35 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 04:56 - 2011-11-17 04:56 - 0000016 ____A C:\Windows\System32\config\software.szfi
2011-11-17 02:12 - 2011-11-17 02:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C83F3967-5A6B-4CC4-A910-458C64F5BBCC}
2011-11-17 02:12 - 2011-11-17 02:11 - 0000000 ____D C:\Users\Daddy\AppData\Local\{49FE06D3-4FB6-4D17-97A3-09501CE0289A}
2011-11-17 01:16 - 2011-04-23 15:16 - 0605288 ____A (iS3, Inc.) C:\Users\Daddy\Downloads\STOPzilla_Setup.exe
2011-11-17 01:15 - 2011-11-17 01:13 - 0165252 ____A C:\TDSSKiller.2.6.19.0_17.11.2011_01.13.24_log.txt
2011-11-17 01:12 - 2011-11-17 01:12 - 1545858 ____A C:\Users\Daddy\Downloads\tdsskiller.zip
2011-11-17 01:12 - 2011-11-17 01:12 - 0000000 ____D C:\Users\Daddy\Downloads\TDSSKiller
2011-11-17 00:50 - 2011-11-17 00:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B7AF6830-B83F-4D30-A3AB-D0A07ED89A4B}
2011-11-17 00:50 - 2011-11-17 00:50 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A0C1B9FE-5C97-4CAD-B6B6-869C5B07B666}
2011-11-15 17:25 - 2011-11-15 17:25 - 0000000 ____D C:\Users\Daddy\AppData\Local\{31B81133-FD5A-4F7E-BCFC-0D0698FA715C}
2011-11-15 17:25 - 2011-11-15 17:25 - 0000000 ____D C:\Users\Daddy\AppData\Local\{181EA340-CA15-4186-8654-D6E91FC54FA1}
2011-11-15 17:20 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\NDF
2011-11-15 17:14 - 2011-11-15 17:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{867956E2-F466-4ECF-8F75-97504C719CB7}
2011-11-15 17:14 - 2011-11-15 17:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6AD1A3C3-EA33-4060-9BA2-8E405CB7076D}
2011-11-15 00:42 - 2011-11-15 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BC66E416-D557-428A-8DDF-AC62A68E7AD0}
2011-11-15 00:42 - 2011-11-15 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A939B63C-FF12-4D6B-9B06-77650BCC780E}
2011-11-14 19:43 - 2011-08-01 13:30 - 0000000 ____D C:\Users\Daddy\Documents\House
2011-11-14 19:23 - 2011-11-14 19:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C55EDE01-C58B-4BA6-BC8C-7F7D4CDDCC26}
2011-11-14 19:23 - 2011-11-14 19:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C49AA169-4690-4196-9A34-E0B1EA4657DB}
2011-11-14 02:24 - 2011-01-25 00:43 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\Spotify
2011-11-13 20:24 - 2011-01-25 00:43 - 0000000 ____D C:\Users\Daddy\AppData\Local\Spotify
2011-11-13 02:19 - 2011-11-13 01:50 - 0000000 ____A C:\Users\Daddy\Downloads\jxpiinstall.exe
2011-11-13 02:15 - 2011-11-13 02:15 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B260EFF4-0419-4833-9576-6648A05D0FF7}
2011-11-13 02:15 - 2011-11-13 02:15 - 0000000 ____D C:\Users\Daddy\AppData\Local\{90B51F54-335F-418D-A9BA-AC2010F8A5EC}
2011-11-13 01:48 - 2011-01-25 00:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-11-13 01:46 - 2011-11-13 01:46 - 14753912 ____A (Mozilla) C:\Users\Daddy\Downloads\Firefox Setup 8.0.exe
2011-11-13 01:41 - 2011-05-20 23:53 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-13 01:05 - 2011-11-13 01:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B4388EDC-CFA5-41B3-A1C2-40F2BA73CAD1}
2011-11-13 01:05 - 2011-11-13 01:05 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5F0B7321-5FFE-464E-B4A5-10382CFA2D46}
2011-11-12 19:49 - 2011-11-12 19:49 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-12 19:48 - 2011-11-12 19:47 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7670782F-5632-4DEA-B553-4479C38DE2A4}
2011-11-12 19:47 - 2011-11-12 19:47 - 0000000 ____D C:\Users\Daddy\AppData\Local\{68703C67-9D01-4F8C-9F4A-75E0C5AEFC5B}
2011-11-12 19:05 - 2011-03-10 22:03 - 0000000 ____D C:\Users\Mummy\AppData\Local\SoftThinks
2011-11-12 00:05 - 2011-11-12 00:05 - 0000000 ___HD C:\Users\All Users\CanonIJEGV
2011-11-12 00:05 - 2011-11-12 00:05 - 0000000 ___HD C:\ProgramData\CanonIJEGV
2011-11-12 00:01 - 2011-08-01 12:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\ElevatedDiagnostics
2011-11-11 23:56 - 2011-11-11 23:54 - 10260664 ____A C:\Users\Daddy\Downloads\MP980_GS_EN-US_V3.pdf
2011-11-11 23:52 - 2011-11-11 23:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{A3063E73-CECB-437F-A8B0-6F054BA57505}
2011-11-11 23:52 - 2011-11-11 23:52 - 0000000 ____D C:\Users\Daddy\AppData\Local\{91F1BC4B-9AAD-4E23-8B5B-35636FFC9A26}
2011-11-11 18:30 - 2009-07-14 05:45 - 0466184 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-11 03:56 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-11 03:00 - 2011-02-14 20:14 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-11-11 01:38 - 2011-11-11 01:38 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E788BC36-449E-4918-B6B0-50F123A4305E}
2011-11-10 15:06 - 2011-11-10 15:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{66A37168-9B2D-48E8-90EE-A349C7ACF0A2}
2011-11-10 15:06 - 2011-11-10 15:06 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6154443F-D3EF-4819-9FBD-06F2B7894590}
2011-11-10 14:54 - 2011-11-10 14:51 - 0000000 ____D C:\Users\Daddy\AppData\Local\{390B54B8-0CA0-42FF-9FD0-C7CA3BBA4578}
2011-11-06 23:14 - 2011-11-06 23:12 - 0000000 ____D C:\Users\Daddy\Documents\Photos
2011-11-06 23:12 - 2011-11-06 23:12 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E629B392-F9B7-4889-A277-E43D4BEE4961}
2011-11-04 20:41 - 2011-11-04 20:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{60AB8944-1C45-4416-803D-455132F4B967}
2011-11-04 20:41 - 2011-11-04 20:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2A95A727-8526-4BC1-A6E5-56EC93220E9F}
2011-11-03 12:06 - 2011-11-17 22:48 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2011-10-30 17:28 - 2011-10-30 17:28 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C36D71FA-30C7-4638-A0E8-DA1ADED7652B}
2011-10-30 17:28 - 2011-10-30 17:28 - 0000000 ____D C:\Users\Daddy\AppData\Local\{2B98BDD9-6857-4BC8-B3D0-8C828082DFDA}
2011-10-29 13:07 - 2011-10-29 13:06 - 0890266 ____A C:\Users\Callum\Documents\Callums bedroom furniture.docx
2011-10-29 13:06 - 2011-10-29 13:06 - 0000162 ___AH C:\Users\Callum\Documents\~$llums bedroom furniture.docx
2011-10-26 18:24 - 2011-10-26 18:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{AFE03083-33EA-4C4C-AC7E-BDE359EE15DA}
2011-10-26 18:24 - 2011-10-26 18:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{8083DF18-8708-456F-AC79-6D88497607C2}
2011-10-24 16:49 - 2011-10-24 16:48 - 0000000 ____D C:\Users\Mummy\AppData\Roaming\.minecraft
2011-10-23 03:02 - 2011-02-26 13:48 - 0000000 ____D C:\Users\Daddy\AppData\Local\Google
2011-10-23 02:03 - 2011-02-05 22:07 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2011-10-23 00:58 - 2011-10-23 00:58 - 0000000 ____D C:\Users\Daddy\AppData\Local\{B06B7393-ECB3-4084-9288-4C6E78C98BC2}
2011-10-23 00:58 - 2011-10-23 00:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0FC149A9-BA5E-407C-866A-CC30E4F44CAF}
2011-10-21 00:42 - 2011-10-21 00:42 - 0000000 ____D C:\Users\Daddy\AppData\Local\{DD6F7731-2C18-49D6-8FF5-A9CEDB1D40BD}
2011-10-21 00:42 - 2011-10-21 00:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0E3C0DF7-062C-4E28-8EFF-0566E0B4AC2F}
2011-10-18 19:18 - 2011-10-18 19:18 - 0000000 ____D C:\Users\Daddy\AppData\Local\{908DCA68-00CB-4D4C-A904-2D79F64756A0}
2011-10-17 18:35 - 2011-10-17 18:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CF6548E9-3322-43CC-BBCD-35E636B967E7}
2011-10-17 18:35 - 2011-10-17 18:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0065EBD5-8F37-4EB6-813A-1F3281A11DB4}
2011-10-16 20:32 - 2011-05-16 22:12 - 0000000 ____D C:\Users\Mummy\AppData\Roaming\Apple Computer
2011-10-16 20:32 - 2011-05-16 22:12 - 0000000 ____D C:\Users\Mummy\AppData\Local\Apple Computer
2011-10-16 20:32 - 2011-03-10 22:04 - 0000000 ____D C:\Users\Mummy\AppData\Local\VirtualStore
2011-10-16 16:33 - 2011-10-16 16:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7ADF336A-98A7-4268-A7F2-649575503E98}
2011-10-16 16:32 - 2011-10-16 16:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4CBE6909-F430-4BC7-826A-E2D59E282F7E}
2011-10-16 11:55 - 2011-01-25 00:32 - 0007605 ____A C:\Users\Daddy\AppData\Local\resmon.resmoncfg
2011-10-16 11:47 - 2011-02-14 19:28 - 0375407 ____A C:\Users\Callum\Documents\Callums Fish and Monsters.pptx
2011-10-16 00:08 - 2011-10-16 00:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6E2D225B-8F53-42B5-B33F-6FF8B22C4819}
2011-10-16 00:07 - 2011-10-16 00:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6D4830F4-60AA-4243-9457-69A17FB49D48}
2011-10-15 15:28 - 2011-10-15 15:28 - 0008974 ____A C:\Users\Mummy\Documents\Badgers Under 10 Fixture schedule 2011 (2) (version 1).xlsx
2011-10-14 16:17 - 2011-10-14 16:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{AA85C1AC-46F6-4F41-88E8-48F43C73B6FA}
2011-10-14 16:17 - 2011-10-14 16:17 - 0000000 ____D C:\Users\Daddy\AppData\Local\{1A980A4F-3402-4518-89EE-F15644AF5341}
2011-10-14 02:33 - 2011-01-17 07:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-14 02:04 - 2011-01-27 09:34 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-10-14 02:04 - 2011-01-27 09:34 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-10-13 23:23 - 2011-07-14 23:37 - 0000000 ____D C:\Users\Daddy\Documents\P
2011-10-13 23:18 - 2011-10-13 23:18 - 1642611 ____A C:\Users\Daddy\Downloads\james bond Dr No theme tune.mp3
2011-10-12 16:19 - 2011-10-12 16:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{EC00EAAB-7B62-4A15-93F2-826DA8EE9394}
2011-10-12 16:19 - 2011-10-12 16:19 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0B8F7E03-6B3A-4687-AF47-06AF6AFDD830}
2011-10-11 02:33 - 2011-10-11 02:33 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E86E6DBF-61C4-4A23-A78D-864CBA387A15}
2011-10-11 02:33 - 2011-10-11 02:32 - 0000000 ____D C:\Users\Daddy\AppData\Local\{4611D8A4-A3FA-4745-A5CA-A4B4E2FF1C17}
2011-10-10 22:28 - 2011-10-10 22:28 - 0014187 ____A C:\Users\Mummy\Documents\PiXL6 Meeting.docx
2011-10-09 18:10 - 2011-10-09 18:10 - 0000000 ____D C:\Users\Callum\AppData\Roaming\.minecraft
2011-10-09 18:06 - 2011-10-09 14:10 - 0012055 ____A C:\Users\Callum\Documents\Benvolio's diary.docx
2011-10-09 15:36 - 2011-10-09 15:36 - 0000000 ____D C:\Users\Daddy\AppData\Local\{E0352EA8-11B3-439C-9152-E9F825995114}
2011-10-09 15:36 - 2011-10-09 15:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{0B59C5F7-A429-4B75-9D7C-DD6363593E39}
2011-10-09 14:10 - 2011-10-09 14:10 - 0000162 ___AH C:\Users\Callum\Documents\~$nvolio's diary.docx
2011-10-09 01:41 - 2011-10-09 01:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{BE575EA3-62E5-45DA-8AC4-51ADAC688DD1}
2011-10-09 01:41 - 2011-10-09 01:41 - 0000000 ____D C:\Users\Daddy\AppData\Local\{5E3D2AD9-04B2-4C49-8215-E241DE1A3649}
2011-10-07 00:59 - 2011-10-07 00:59 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C68C8138-32F9-452A-92DD-B89A4DFDF1CB}
2011-10-07 00:59 - 2011-10-07 00:59 - 0000000 ____D C:\Users\Daddy\AppData\Local\{7706E8AD-21DE-45C9-8137-22133B4A07E7}
2011-10-03 02:18 - 2011-01-25 00:14 - 0000000 ____D C:\Program Files (x86)\Spotify
2011-10-01 06:24 - 2011-10-13 23:27 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-10-01 05:42 - 2011-10-13 23:27 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-10-01 04:21 - 2011-10-13 23:27 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-10-01 03:59 - 2011-10-13 23:27 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-29 17:24 - 2011-11-11 01:51 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-29 05:09 - 2011-11-11 01:51 - 3141120 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-28 20:12 - 2011-03-10 22:04 - 0000000 ____D C:\Users\Mummy\AppData\Roaming\Adobe
2011-09-26 03:27 - 2011-09-26 03:26 - 0000000 ____D C:\Users\Daddy\Documents\Work
2011-09-26 02:42 - 2011-01-17 06:58 - 0000000 ____D C:\Users\All Users\Adobe
2011-09-26 02:42 - 2011-01-17 06:58 - 0000000 ____D C:\ProgramData\Adobe
2011-09-26 02:41 - 2011-01-24 20:50 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\Adobe
2011-09-26 02:38 - 2011-09-26 02:38 - 0002066 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-09-26 02:38 - 2011-02-20 19:22 - 0000000 ____D C:\Users\Daddy\AppData\Local\Adobe
2011-09-26 02:38 - 2011-01-17 06:58 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-09-26 02:36 - 2011-09-26 02:36 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-09-26 02:36 - 2011-09-26 02:36 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-09-25 14:36 - 2011-01-24 20:30 - 0000000 ____D C:\Users\Daddy\AppData\LocalLow
2011-09-25 00:20 - 2011-09-25 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{DCB3B23B-C495-491A-BFF1-2A353C8347E1}
2011-09-25 00:20 - 2011-09-25 00:20 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CC2F58B5-D079-404E-9D37-6E55283ED68E}
2011-09-22 23:00 - 2011-02-08 20:06 - 0000000 ____D C:\Users\Daddy\AppData\Roaming\ICAClient
2011-09-21 21:55 - 2011-09-21 21:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D58A7D49-A28D-45AB-AADE-6B41D88BCBB3}
2011-09-21 21:54 - 2011-09-21 21:54 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CC24DD29-11B0-4F33-9502-A7F2DE018F91}
2011-09-20 20:05 - 2011-09-20 20:03 - 0014822 ____A C:\Users\Mummy\Documents\Tudor Money.docx
2011-09-20 17:13 - 2011-01-24 23:58 - 0000000 ____D C:\Users\Callum\AppData\LocalLow
2011-09-20 17:12 - 2011-09-20 17:12 - 0000000 ____D C:\Program Files (x86)\alotappbar
2011-09-20 17:12 - 2011-03-10 22:03 - 0000000 ____D C:\Users\Mummy\AppData\LocalLow
2011-09-16 20:35 - 2011-09-16 20:35 - 0000000 ____D C:\Users\Daddy\AppData\Local\{238543A1-7523-4D24-8568-89F91A05B666}
2011-09-16 20:35 - 2011-09-16 20:34 - 0000000 ____D C:\Users\Daddy\AppData\Local\{FAB9D85D-1D3B-48A0-8E76-7D33A86B9986}
2011-09-13 01:08 - 2011-09-13 01:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{482E6F4B-EA2E-4786-882E-9DD1F431C845}
2011-09-13 01:07 - 2011-09-13 01:07 - 0000000 ____D C:\Users\Daddy\AppData\Local\{76026A56-BB38-468D-922B-15B48816F950}
2011-09-11 00:14 - 2011-09-11 00:13 - 0000000 ____D C:\Users\Daddy\AppData\Local\{C9B4E8F6-AD8E-41FB-8031-83242A68A516}
2011-09-11 00:13 - 2011-09-11 00:13 - 0000000 ____D C:\Users\Daddy\AppData\Local\{34188E65-8DBA-4C1B-BA68-F6F4F1A8443D}
2011-09-10 23:15 - 2011-09-10 23:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{CF895EAD-C062-4BD4-A52B-E1AE9341FD50}
2011-09-10 23:14 - 2011-09-10 23:14 - 0000000 ____D C:\Users\Daddy\AppData\Local\{96D888BD-8AD6-438D-A240-0C354826028D}
2011-09-08 00:57 - 2011-09-08 00:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{6D7557BA-E2A5-4E5D-B84F-DAD1E37D9B2C}
2011-09-08 00:57 - 2011-09-08 00:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\{021813A8-7659-4BB5-9FFF-382B120E7EB8}
2011-09-08 00:24 - 2011-09-08 00:24 - 0000000 ____D C:\Users\Daddy\AppData\Local\{96E37450-3BA4-4F31-BD5D-2F5009E21938}
2011-09-08 00:24 - 2011-09-08 00:23 - 0000000 ____D C:\Users\Daddy\AppData\Local\{028D76D2-EB8C-48E8-A09F-0FA231437D28}
2011-09-08 00:13 - 2011-09-07 20:02 - 0391601 ____A C:\Users\Callum\Documents\Tudor Cover Page.pptx
2011-09-07 20:02 - 2011-09-07 20:02 - 0000165 ___AH C:\Users\Callum\Documents\~$Tudor Cover Page.pptx
2011-09-07 19:54 - 2011-09-07 19:54 - 0000000 ____D C:\Users\Callum\AppData\Local\Microsoft Help
2011-09-06 21:45 - 2011-02-05 22:07 - 0254400 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-09-06 21:45 - 2011-02-05 22:06 - 0199304 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2011-09-06 21:45 - 2011-02-05 22:06 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-09-06 21:38 - 2011-10-16 20:29 - 0601944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-09-06 21:38 - 2011-02-05 22:07 - 0301912 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-09-06 21:36 - 2011-02-05 22:07 - 0065368 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2011-09-06 21:36 - 2011-02-05 22:07 - 0058200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-09-06 21:36 - 2011-02-05 22:07 - 0042328 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-09-06 21:36 - 2011-02-05 22:07 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-09-06 18:57 - 2011-09-06 18:57 - 0000000 ____D C:\Users\Daddy\Documents\LEGO Creations
2011-09-06 18:57 - 2011-09-06 18:57 - 0000000 ____D C:\Users\Daddy\AppData\Local\LEGO Software
2011-09-06 18:47 - 2011-09-06 18:47 - 0002397 ____A C:\Users\Public\Desktop\LEGO Universe.lnk
2011-09-06 18:47 - 2011-09-06 18:47 - 0000000 ____D C:\Program Files (x86)\LEGO Software
2011-09-06 18:38 - 2011-09-06 18:38 - 0000000 ____D C:\Users\Daddy\AppData\Local\Chromium
2011-09-04 18:01 - 2011-09-04 18:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{D24F64EE-66FE-4323-A84A-D9ACD02FA391}
2011-09-04 18:01 - 2011-09-04 18:01 - 0000000 ____D C:\Users\Daddy\AppData\Local\{76F8FFF6-6235-47A3-A986-F149038DB671}
2011-09-04 14:44 - 2011-09-04 14:44 - 0000000 ____D C:\Users\Mummy\Documents\LEGO Creations
2011-09-04 14:44 - 2011-09-04 14:44 - 0000000 ____D C:\Users\Mummy\AppData\Local\LEGO Software
2011-09-04 14:36 - 2011-09-04 14:36 - 0000000 ____D C:\Users\Mummy\AppData\Local\Chromium
2011-09-04 14:35 - 2011-09-04 14:35 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 49%
Total physical RAM: 3958.68 MB
Available physical RAM: 1987.43 MB
Total Pagefile: 7915.48 MB
Available Pagefile: 5614.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:306.23 GB) NTFS ==>[System with boot components]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB
Partition 4 Primary 1016 KB 465 GB

Disk: 0
Partition 4
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==========================================================

Last Boot: 2011-12-02 18:27

======================= End Of Log ==========================

 

[Broni]

I have some questions.
Look at your drive C. 4 partitions are listed:

Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB
Partition 4 Primary 1016 KB 465 GB

Partition 1 is your recovery partition.
Did you split your hard drive into Partition 2 (I'd assume containing Windows) and Partition 3 (for data?)?
I'd assume you have no idea what Partition 4 is?

 

[frh]

Disk Partitions

Hello Broni.

I have done nothing to the disk partitions since I purchased the machine.

The Disk Management entry for the C: drive shows the following:

Volume Layout Type File System Status Capacity Free Space % Free Fault Tolerance Overhead
Simple Basic Healthy (OEM Partition) 100MB 100MB 100% No 0%
Simple Basic Healthy (Active, Primary Partition 1MB 1MB 100% No 0%
OS (C Simple Basic NTFS Healthy (Boot, Page File, Crash Dump, Primary Partition)451.01GB 306.21 GB 68% No 0%
RecoverySimple Basic NTFS Healthy (System, Primary Partition) 14.65GB 7.30GB 50% No 0%

 

[Broni]

Let's try one more thing before we'll deal with that hidden partition.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

 

[frh]

Hi Broni,

Scan results for TDSS:

***Infected MBR detected
Repair succeeded

I have done a few searches in all the browsers I have installed (Firefox, IE8, Safari, Chrome), and so far I see none of the previous symptoms.

Thanks.

 

[Broni]

Very good

Give me fresh Bootkit Remover log.

 

[frh]

Hi Broni.

I spoke too soon :/

Not long after the FixTDSS procedure and whilst browsing, I got a blue screen. I tried a system repair twice, which failed:

Prob event name: StartupRepairOffline
Prob Sig 01: 6.1.7600.16385
02: ditto
O3 unknown
04 157 (on second run showed as 21200625)
05 AutoFailover
06 1 (on second run showed as 3)
07 0x109
Os version 6.1.7600.2.0.0.256.1
Locale ID 1033

From the dump log, which I can only access via windows command prompt, I isolated this:

Root cause found:
Unknown Bugcheck: Bugcheck 109. Parameters = 0xa3a039d89b5a7519, 0xb3b7465eedd8ab9b, 0xfffff80000bac5cc, 0x1

What now?

Thanks.

 

[Broni]

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot

exit

Restart computer.

 

[frh]

Hi Broni,

I followed your fixmbr/fixboot instructions. After each a "success" message was displayed.

On restart windows begins to load, however there is a brief flash of a blue screen, and a divert to the repair screen. Startup Repair fails. I did try a restore to earlier system backup earlier today. This also failed.

Thanks.

 

[Broni]

Did you try Safe Mode?

 

[frh]

Same problem with Safe Mode.

 

[Broni]

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[frh]

HI Broni,

I made the bootable CD as per your instructions.

When I attempted to boot the machine using the CD, it showed the REATOGO-X-PE load-bar, then an XP splash screen. Before any desktop was displayed there was a boot screen, advising a check for viruses and the performance of CHKDSK /F.

I tried again, and after the load bar filled the machine powered off. I have tried to get into the system repair options and again the machine powered off.

Looking desperate now ............

Thanks.

 

[frh]

I have tried again after leaving the machine off for a little while. It is now attempting to boot from the CD again .......

 

[frh]

As before; blue screen after trying to boot from CD. At least it has stopped powering off ........

 

[Broni]

We may have some hard drive problem.

Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic)
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Pa...rivesUSandCanada/SoftwareUtilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

 

[frh]

Hi Broni,

I went for the DOS version of DLG; I assume this was the correct thing to do?

I booted from the disk. I immediately got a "NO CRIVE FOUND ERROR/STATUS CODE: 0120" message.

I don't know how relevant it is, but yesterday I managed to use the Dell Recovery disk utility to back up data from the hard drive to an external USB drive. I.e. the drive is there and recognisable to some extent.

I see from forums that others have had similar boot issues after running FixTDSS. Is it possible that this is the problem for me?

Thanks.

 

[Broni]

The drive may be still accessible to backup data but it may be damaged enough to not be able to boot.
This is what WD says about error 120: http://support.wdc.com/techinfo/general/errorcodes.asp

An unknown error has occurred during testing. This may be an anomaly. Check connections and retest. If the error repeats, replace the drive.