Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all my media files have been prefix "locked "


  • This topic is locked This topic is locked
30 replies to this topic

#1 oash

oash

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 04 June 2012 - 01:32 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ddl at 18:43:58 on 2012-06-04
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.4094.2062 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\ehome\ehsched.exe
C:\Windows\eHome\EhTray.exe
C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Windows\ehome\ehPrivJob.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://bbc.co.uk/news
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [<NO NAME>]
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{602DFB57-279A-4F05-8D1E-10C35E0B29E6} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-5-9 584224]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-12 2271608]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-5-22 935480]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys --> C:\Windows\system32\Drivers\hcw95bda.sys [?]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys --> C:\Windows\system32\DRIVERS\hcw95rc.sys [?]
R3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-2 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-2 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-04 17:34:44 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{405506E9-6AE2-4762-85C5-405426A7D80C}\mpengine.dll
2012-06-04 06:40:45 -------- d-----w- C:\Users\ddl\AppData\Local\{799BA284-A904-47C9-BB73-E48E0E3DB8A9}
2012-06-04 06:40:16 -------- d-----w- C:\Users\ddl\AppData\Local\{77AC4CA4-8DB7-48B4-A46E-EAB410797A6A}
2012-06-03 15:08:25 -------- d-----w- C:\Program Files (x86)\Veetle
2012-06-03 14:10:02 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-03 14:00:01 -------- d-----w- C:\Users\ddl\AppData\Local\{7512FEFA-BA17-4625-9519-1D11E9046ED3}
2012-06-03 13:59:22 -------- d-----w- C:\Users\ddl\AppData\Local\{A3C08CF5-3D15-4A66-8B63-DC5991EA54C8}
2012-06-03 13:20:02 -------- d-----w- C:\Users\ddl\AppData\Local\{A43FC5CC-9FEA-47CD-B4D8-A1ECB0C0C289}
2012-06-03 13:19:41 -------- d-----w- C:\Users\ddl\AppData\Local\{EBBDF952-67F7-4956-96BC-ACB4899BBB31}
2012-06-03 09:54:20 -------- d-----w- C:\Users\ddl\AppData\Local\{AC3030E6-0362-4754-AF4C-00E60720932F}
2012-06-02 17:57:13 -------- d-----w- C:\Users\ddl\AppData\Local\{69889B0F-5B5B-4149-818D-3B6136C0CC1B}
2012-06-02 17:56:50 -------- d-----w- C:\Users\ddl\AppData\Local\{86F8E2D6-B88A-42FA-A8E5-E90488591BCB}
2012-06-02 05:56:23 -------- d-----w- C:\Users\ddl\AppData\Local\{B9B89179-4EEC-49D6-B280-092147D96E79}
2012-06-01 17:55:48 -------- d-----w- C:\Users\ddl\AppData\Local\{ADAA67F3-CE55-4B98-BE33-BAEE29A57D3E}
2012-06-01 17:55:27 -------- d-----w- C:\Users\ddl\AppData\Local\{104EB5E4-A594-429F-946A-BAF5FE131243}
2012-06-01 05:54:32 -------- d-----w- C:\Users\ddl\AppData\Local\{C8BE0492-07D9-4508-BE66-531C9E3C9AEA}
2012-06-01 05:54:16 -------- d-----w- C:\Users\ddl\AppData\Local\{18BF1534-91DA-4ADB-B430-1280135CC998}
2012-05-31 05:52:06 -------- d-----w- C:\Users\ddl\AppData\Local\{2FE1A225-E8E6-4A2E-848A-D85872D37C99}
2012-05-31 05:51:38 -------- d-----w- C:\Users\ddl\AppData\Local\{82C899B2-BAFB-49E2-8511-DEB6D0668D4B}
2012-05-30 06:22:01 -------- d-----w- C:\Users\ddl\AppData\Local\{092B8C02-6595-4379-B97C-D5A7F59545B0}
2012-05-30 06:21:39 -------- d-----w- C:\Users\ddl\AppData\Local\{E26F4176-EDC5-4C55-AC25-AC7019335656}
2012-05-29 18:21:13 -------- d-----w- C:\Users\ddl\AppData\Local\{1F7A223C-5610-4D04-A916-DF6F821E2378}
2012-05-29 18:20:51 -------- d-----w- C:\Users\ddl\AppData\Local\{366446D1-DA5C-45FC-A3CF-6802FFB30829}
2012-05-29 12:44:39 -------- d-----w- C:\ProgramData\F4D55F1700002E2900012294B4EB2331
2012-05-29 06:20:26 -------- d-----w- C:\Users\ddl\AppData\Local\{684CC374-5782-44EC-B91D-1A0C69668CCE}
2012-05-29 06:20:04 -------- d-----w- C:\Users\ddl\AppData\Local\{2144AE6A-77E3-47A2-A99C-C3E0DF7FC1DC}
2012-05-28 18:19:37 -------- d-----w- C:\Users\ddl\AppData\Local\{2BAEE65A-0460-4BEF-A50A-206CED349A9F}
2012-05-28 18:19:11 -------- d-----w- C:\Users\ddl\AppData\Local\{4926463D-87F6-44A0-B2AB-A6CAE1ABA0E1}
2012-05-28 06:18:08 -------- d-----w- C:\Users\ddl\AppData\Local\{B40A3B7A-8557-483B-AD3A-517919041709}
2012-05-28 06:17:45 -------- d-----w- C:\Users\ddl\AppData\Local\{CF3EC9D0-CD9A-424C-8312-7C8D7D345B9E}
2012-05-28 06:14:38 -------- d-----w- C:\Users\ddl\AppData\Local\{AA900D0D-67E7-429F-BC95-76DA44A54310}
2012-05-27 14:02:07 -------- d-----w- C:\Users\ddl\AppData\Local\{A357610F-3968-46E4-86B1-44021259857F}
2012-05-27 02:01:12 -------- d-----w- C:\Users\ddl\AppData\Local\{4034A991-CE79-4DB6-A3BE-96E453FB3723}
2012-05-26 14:00:01 -------- d-----w- C:\Users\ddl\AppData\Local\{C5562BC8-F6CD-4E23-A9D9-81A091780176}
2012-05-26 13:59:26 -------- d-----w- C:\Users\ddl\AppData\Local\{8426FA54-B60D-430B-89DE-3470837853D6}
2012-05-25 21:05:00 -------- d-----w- C:\Users\ddl\AppData\Local\{477FA25D-28AD-4D9A-A02A-850E3389BEF6}
2012-05-25 09:04:13 -------- d-----w- C:\Users\ddl\AppData\Local\{6CB9859F-4068-4587-803A-63616D1F17BD}
2012-05-24 21:03:33 -------- d-----w- C:\Users\ddl\AppData\Local\{6CC86798-72DC-4DD7-8447-88604926B8C4}
2012-05-24 09:02:59 -------- d-----w- C:\Users\ddl\AppData\Local\{AD937A5D-D590-468C-AD05-BC5760B65799}
2012-05-23 21:02:15 -------- d-----w- C:\Users\ddl\AppData\Local\{2158B895-6FC4-4B68-87EF-C4B0AC5A8A13}
2012-05-23 09:01:28 -------- d-----w- C:\Users\ddl\AppData\Local\{EF6A6D54-FCD1-4A74-B5B1-325EB9B09B4D}
2012-05-22 21:00:44 -------- d-----w- C:\Users\ddl\AppData\Local\{E059F670-3405-4264-845F-2A87032AA07A}
2012-05-22 21:00:23 -------- d-----w- C:\Users\ddl\AppData\Local\{99AFA9A2-80DB-49FA-8166-C37903A8D10D}
2012-05-22 15:37:33 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-05-22 15:37:31 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-05-22 15:37:30 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-05-22 15:36:51 -------- d--h--w- C:\ProgramData\Common Files
2012-05-22 15:36:47 126912 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-05-22 15:36:47 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-05-22 08:59:43 -------- d-----w- C:\Users\ddl\AppData\Local\{FBAD4069-F1E1-44D2-85D3-86C3F21BB625}
2012-05-22 08:59:26 -------- d-----w- C:\Users\ddl\AppData\Local\{D7CB3816-A4D3-4189-9F86-990A4109B4F2}
2012-05-21 20:59:00 -------- d-----w- C:\Users\ddl\AppData\Local\{063ED37A-1A3E-4306-BFED-DA2C6C65DD7F}
2012-05-21 20:58:39 -------- d-----w- C:\Users\ddl\AppData\Local\{954D52D7-9635-443B-9764-9A5BF3670F76}
2012-05-21 08:58:04 -------- d-----w- C:\Users\ddl\AppData\Local\{496620DF-7E9B-467C-9FE7-E183DB67445C}
2012-05-21 08:57:34 -------- d-----w- C:\Users\ddl\AppData\Local\{992E37EB-0891-482B-9A78-742DF9C5D3D0}
2012-05-20 20:57:08 -------- d-----w- C:\Users\ddl\AppData\Local\{300C6699-2820-4164-A2DD-728E2DB5230B}
2012-05-20 20:56:46 -------- d-----w- C:\Users\ddl\AppData\Local\{376932C7-6E30-4630-ABA3-D37C139DEF09}
2012-05-20 08:56:21 -------- d-----w- C:\Users\ddl\AppData\Local\{15279620-DDD2-4225-A35C-4F6E4BBF71B6}
2012-05-20 08:55:59 -------- d-----w- C:\Users\ddl\AppData\Local\{F4336E3D-CBB8-4064-A49E-1C558C8A58CE}
2012-05-20 06:31:52 -------- d-----w- C:\Program Files\Soluto
2012-05-19 20:55:33 -------- d-----w- C:\Users\ddl\AppData\Local\{E15D0E40-6271-4B10-B484-138F913390BF}
2012-05-19 08:54:55 -------- d-----w- C:\Users\ddl\AppData\Local\{E8060CF5-800C-4DD4-9BBE-F1ED48A982D5}
2012-05-18 20:54:13 -------- d-----w- C:\Users\ddl\AppData\Local\{0C6E2556-A924-4B4F-AEBB-9751DB81BB28}
2012-05-18 08:53:35 -------- d-----w- C:\Users\ddl\AppData\Local\{852EE4BD-D643-470F-B8BA-A8A9C08D67D3}
2012-05-17 20:52:54 -------- d-----w- C:\Users\ddl\AppData\Local\{CB71D791-E611-480D-8E8E-45A7069E9400}
2012-05-17 08:52:16 -------- d-----w- C:\Users\ddl\AppData\Local\{E8A8C231-881E-4819-9363-0B0C5245B970}
2012-05-16 20:51:31 -------- d-----w- C:\Users\ddl\AppData\Local\{15A6F82F-C8B1-4CDB-9930-F141DF111CBC}
2012-05-16 08:50:46 -------- d-----w- C:\Users\ddl\AppData\Local\{9BB6DFC9-9CBA-4DD6-9585-864397F0BEA8}
2012-05-15 20:50:03 -------- d-----w- C:\Users\ddl\AppData\Local\{6B50EFA2-8C33-41D3-A8E8-4FAB5C6DAEB3}
2012-05-15 20:49:39 -------- d-----w- C:\Users\ddl\AppData\Local\{38A3118B-A858-4B6A-8362-E52A6DF57F5D}
2012-05-15 14:03:46 -------- d-----w- C:\Ace of Spades
2012-05-15 08:49:12 -------- d-----w- C:\Users\ddl\AppData\Local\{14BB72AC-DB76-4239-8B11-A75A7F47FB9D}
2012-05-15 08:48:45 -------- d-----w- C:\Users\ddl\AppData\Local\{C9446335-B377-4D7E-B13A-CFF6EB70476F}
2012-05-14 20:48:21 -------- d-----w- C:\Users\ddl\AppData\Local\{0BF2A8E4-0EEC-4474-A15F-F1958E51A7EA}
2012-05-14 20:48:06 -------- d-----w- C:\Users\ddl\AppData\Local\{6FA42BC9-5A4C-4908-BF70-247DA591EDE2}
2012-05-14 08:09:56 -------- d-----w- C:\Users\ddl\AppData\Local\{803E4BD4-AFA4-45F1-AC03-B02039D4259E}
2012-05-13 20:09:16 -------- d-----w- C:\Users\ddl\AppData\Local\{BF5D5570-436A-4913-96A3-9E3633BE75C9}
2012-05-13 08:08:03 -------- d-----w- C:\Users\ddl\AppData\Local\{F5186304-DA3A-48CA-A49C-1AD6E7692713}
2012-05-13 08:07:46 -------- d-----w- C:\Users\ddl\AppData\Local\{C286A2CC-7ABB-4358-97D5-F75A74B2A8AC}
2012-05-13 08:04:35 -------- d-----w- C:\Users\ddl\AppData\Local\{EBDCBADB-BF49-4261-ADE9-AC055B9C416B}
2012-05-12 19:10:03 -------- d-----w- C:\Users\ddl\AppData\Local\{C7BB02ED-60A5-43F9-BBF7-80B0F3CCD025}
2012-05-12 07:09:28 -------- d-----w- C:\Users\ddl\AppData\Local\{4C405497-5678-4AF3-9C25-A2B2A61D6A09}
2012-05-12 06:06:21 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 06:06:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 06:06:19 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 06:06:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 06:06:18 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 06:06:18 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 06:06:02 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 06:06:02 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 06:05:33 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 06:05:32 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 06:05:31 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 06:05:31 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 05:49:10 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 19:08:53 -------- d-----w- C:\Users\ddl\AppData\Local\{68256100-0DD1-413A-B832-2E9F13CDAB79}
2012-05-11 07:08:17 -------- d-----w- C:\Users\ddl\AppData\Local\{0832A779-40AF-4CDC-BA81-5592E028238B}
2012-05-10 19:07:40 -------- d-----w- C:\Users\ddl\AppData\Local\{E487706D-5F85-4638-8CEC-F834D133F45E}
2012-05-10 07:07:00 -------- d-----w- C:\Users\ddl\AppData\Local\{EF520486-82A8-48A3-9EDF-C05FF67ADC96}
2012-05-09 19:06:26 -------- d-----w- C:\Users\ddl\AppData\Local\{BDB74A9E-1AEE-4930-848C-8C87050A7E8D}
2012-05-09 07:05:53 -------- d-----w- C:\Users\ddl\AppData\Local\{AF5DDD76-3E14-4A29-AC35-760E6AE0AE87}
2012-05-08 19:04:42 -------- d-----w- C:\Users\ddl\AppData\Local\{3AA45C68-1871-4B9C-A473-A00CE7871AC0}
2012-05-08 19:04:16 -------- d-----w- C:\Users\ddl\AppData\Local\{4F4AEB9C-843A-4226-A78B-062D2F980207}
2012-05-08 05:45:24 -------- d-----w- C:\Users\ddl\AppData\Local\{7508A778-6C08-40BC-A366-143575E9B236}
2012-05-08 05:44:52 -------- d-----w- C:\Users\ddl\AppData\Local\{CB4BD4EE-0CAC-457F-93F6-965159FE764A}
2012-05-07 06:08:25 -------- d-----w- C:\Users\ddl\AppData\Local\{4792171A-4171-4C2D-9F1B-0F013E6C408F}
2012-05-06 18:07:43 -------- d-----w- C:\Users\ddl\AppData\Local\{BFE6E7E3-6D59-41BF-A76E-EAEECF655CAF}
2012-05-06 06:07:06 -------- d-----w- C:\Users\ddl\AppData\Local\{4327064F-9BDA-4A0A-887B-3E82504D09F8}
2012-05-05 18:06:31 -------- d-----w- C:\Users\ddl\AppData\Local\{408B4C28-6213-4E16-9836-30F41015D84A}
.
==================== Find3M ====================
.
2012-05-09 20:56:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-05-05 14:19:38 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 14:19:37 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 14:18:59 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 17:40:52 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 18:45:01.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:51 AM

Posted 04 June 2012 - 01:42 PM

this appears to be the latest ransomware variant

what "name" is being used by the infection?

what have you tried to so so far (don't try and rename the files, leave them as they are for now)

what is the extension that the files have been given?

can you show some examples

Edited by CatByte, 04 June 2012 - 01:43 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 oash

oash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 04 June 2012 - 02:01 PM

this appears to be the latest ransomware variant

what "name" is being used by the infection? Don't see a name

what have you tried to so so far (don't try and rename the files, leave them as they are for now)
nothing - tried renaming one file without success

what is the extension that the files have been given?
examples:
JPG image file file called "dave at mothers day" is now called "locked-dave at mothers day.JPG.rfzs" and is type RFZS (all types seem to be 4 random letters)
mkv file called "The talented Mr Ripley.1999.720p.x264-.mkv" is now "locked-The telented Mr Ripley.1999.720p.x264-.mkv.rqhd" and is a type RQHD file

can you show some examples



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:51 AM

Posted 04 June 2012 - 02:06 PM

OK

Please try running the following decryptor:

http://support.kaspersky.com/faq/?qid=208286527

download the file and follow the instructions, please let me know if that works to decrypt the files,

then please do the following:



download Farbar Recovery Scan Tool and save it to a flash drive.

(you need the 64bit version)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Edited by CatByte, 04 June 2012 - 02:06 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 oash

oash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 04 June 2012 - 11:59 PM

Thanks for your help.
Running the 64 bit version Kaspersky Rannoh decryptor : Scan in progress overnight but alas:
0 objects processed 0 objects Found and 0 objects decrypted.

havent done the second thing you recommended as this hasn't worked yet.

dave.

#6 oash

oash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 05 June 2012 - 12:17 AM

Sorry - needed to click on both original and affected file - its running ok now - will let you know how it goes!

#7 oash

oash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 05 June 2012 - 01:14 AM

Oh Catbyte - it appears to be working. Slow but sure - thanks - will let you know...

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:51 AM

Posted 05 June 2012 - 06:10 PM

:thumbup2:

keep me posted

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 oash

oash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 06 June 2012 - 02:30 AM

Fantastic 332543 objects 51646 Found 51623 decrypted!
Thanks so much - all seems well I have run microsoft security essential full scan Trojan:Win32/Ramnit quarantined - do I still need to take the Farbar step you mention?

Thanks sooo much for your help my precious family videos are saved - thanks to you.
Dave

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:51 AM

Posted 06 June 2012 - 03:12 PM

yes, please do

ramnit is a polymorphic file infector and can be disasterous if it takes hold of your PC

we need to make sure it was an isolated file

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 oash

oash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 08 June 2012 - 07:44 AM

Hello Catbyte
I managed to get farbar on a stick and run it but cannot enter the bios as it demands a password that I do not know.
F8 key? do you mean F2? F8 seem to have no effect on startup.

Ran the farbar any way results below - thanks again - no ill effects - all seems well.

Scan result of Farbar Recovery Scan Tool Version: 05-06-2012
Ran by ddl at 08-06-2012 13:17:56
Running from O:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKU\bob.ddl-PC\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-02] (Google Inc.)
HKU\bob.ddl-PC\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [274224 2011-07-13] (BitTorrent, Inc.)
HKU\charlie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-02] (Google Inc.)
HKU\charlie\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [274224 2011-07-13] (BitTorrent, Inc.)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-02] (Google Inc.)
HKU\Guest\...\Run: [Facebook Update] "C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-08 12:02 - 2012-06-08 12:02 - 0109608 ____A C:\Users\charlie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-08 12:02 - 2012-06-08 12:02 - 0000000 ____D C:\Users\charlie\AppData\Local\VirtualStore
2012-06-08 12:02 - 2012-06-08 12:02 - 0000000 ____D C:\Users\charlie\AppData\Local\Google
2012-06-08 12:02 - 2012-06-08 12:02 - 0000000 ____D C:\Users\charlie\AppData\Local\Apple Computer
2012-06-08 09:55 - 2012-06-08 09:55 - 0000000 ____D C:\Users\ddl\AppData\Local\Adobe
2012-06-08 08:05 - 2012-06-08 08:05 - 0179200 ____A C:\Windows\Installer\53bc3f5.msi
2012-06-08 08:04 - 2012-06-08 08:04 - 0461312 ____A C:\Windows\Installer\53bc3ec.msi
2012-06-08 08:04 - 2012-06-08 08:04 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-08 08:04 - 2012-06-08 08:04 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-08 08:04 - 2012-06-08 08:04 - 0000000 ____D C:\Windows\Installer\{1111706F-666A-4037-7777-210328764D10}
2012-06-08 08:04 - 2012-06-08 08:04 - 0000000 ____D C:\Program Files (x86)\Oracle
2012-06-08 08:04 - 2012-04-04 18:47 - 0772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-08 08:04 - 2012-04-04 18:47 - 0227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-08 08:03 - 2012-06-08 08:03 - 17379840 ____A C:\Windows\Installer\53bc3e8.msi
2012-06-07 12:06 - 2012-06-07 12:06 - 0109608 ____A C:\Users\ddl\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-07 11:29 - 2012-06-07 11:29 - 0011371 ____A C:\Users\ddl\Documents\close halifax save acc.docx
2012-06-07 11:04 - 2012-06-07 11:12 - 0000000 ___RD C:\Family videos
2012-06-07 11:01 - 2012-06-07 11:02 - 0000000 ___RD C:\Family photos
2012-06-05 06:52 - 2012-06-05 06:52 - 7467666 ____A C:\Users\bob.ddl-PC\Downloads\John Mayer - Slow dancing in a burning room [acoustic studio version w download].mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 5754623 ____A C:\Users\bob.ddl-PC\Downloads\Lights - Fall Back Down (Acoustic EP) - Rancid Cover.mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 5280146 ____A C:\Users\bob.ddl-PC\Downloads\Experimental draft 1.mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 43780952 ____A C:\Users\bob.ddl-PC\Downloads\Minecraft_Beta_Cracked_v1.7.3.zip
2012-06-05 06:52 - 2012-06-05 06:52 - 3065706 ____A C:\Users\bob.ddl-PC\Downloads\Waiting on the world to change.mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 2573924 ____A C:\Users\bob.ddl-PC\Documents\Doc2.jpg.docx
2012-06-05 06:52 - 2012-06-05 06:52 - 17616849 ____A C:\Users\bob.ddl-PC\Downloads\John Mayer - Waiting on the World to Change (Cover).mp4
2012-06-05 06:52 - 2012-06-05 06:52 - 1712038 ____A C:\Users\bob.ddl-PC\Documents\CAMPOUT.docx
2012-06-05 06:52 - 2012-06-05 06:52 - 1263473 ____A C:\Users\bob.ddl-PC\Downloads\John Mayer NEW WORLD PREMIERE _Something Like Olivia_ Hotel Cafe.mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 0380124 ____A C:\Users\bob.ddl-PC\Downloads\Pokemon Red (UE) [S][!].zip
2012-06-05 06:52 - 2012-06-05 06:52 - 0226203 ____A C:\Users\bob.ddl-PC\Documents\Music Tech presentation charlie.pptx
2012-06-05 06:52 - 2012-06-05 06:52 - 0178953 ____A C:\Users\bob.ddl-PC\Downloads\Pokemon.zip
2012-06-05 06:52 - 2012-06-05 06:52 - 0055834 ____A C:\Users\bob.ddl-PC\Downloads\[isoHunt] JACK JOHNSON - DISCOGRAPHY [CHANNEL NEO].torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0030267 ____A C:\Users\bob.ddl-PC\Downloads\[isoHunt] James_Bond_(10)_the_Spy_Who_Loved_(ipod)_(jdeproductions).5219706.TPB.torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0028968 ____A C:\Users\bob.ddl-PC\Documents\CFCs.docx
2012-06-05 06:52 - 2012-06-05 06:52 - 0016247 ____A C:\Users\bob.ddl-PC\Downloads\Tobias lock- CV.docx
2012-06-05 06:52 - 2012-06-05 06:52 - 0013826 ____A C:\Users\bob.ddl-PC\Downloads\Minecraft_Beta_1.7.3_Cracked_[Full_Installer].6525100.TPB.torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0010753 ____A C:\Users\bob.ddl-PC\Downloads\[isoHunt] John Mayer - The Village Sessions.torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0005533 ____A C:\Users\bob.ddl-PC\Documents\super mario theme tune (acoustic version).wlmp
2012-06-05 06:52 - 2012-06-05 06:52 - 0003400 ____A C:\Users\bob.ddl-PC\Downloads\Terraria_Full_Game_1.0.5_(No_Crack_Required).6534597.TPB.torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0002048 ____A C:\Users\bob.ddl-PC\Documents\Default.rdp
2012-06-05 06:46 - 2012-06-05 06:46 - 267578227 ____A C:\Users\bob.ddl-PC\Desktop\VID00074.MP4
2012-06-05 06:46 - 2012-06-05 06:46 - 0011682 ____A C:\Users\bob.ddl-PC\Desktop\Why should we be governed.docx
2012-06-05 06:45 - 2012-06-05 06:46 - 265173918 ____A C:\Users\bob.ddl-PC\Desktop\VID00073.MP4
2012-06-05 06:45 - 2012-06-05 06:45 - 9168083 ____A C:\Users\bob.ddl-PC\Desktop\John Mayer - Say.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 8605864 ____A C:\Users\bob.ddl-PC\Desktop\Noah_And_The_Whale_-_5_Years_Time_[topinweb_com].mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 7167997 ____A C:\Users\bob.ddl-PC\Desktop\ed sheeran finished.wma
2012-06-05 06:45 - 2012-06-05 06:45 - 7167997 ____A C:\Users\bob.ddl-PC\Desktop\ed sheeran finished.mp3.wma
2012-06-05 06:45 - 2012-06-05 06:45 - 4747264 ____A C:\Users\bob.ddl-PC\Desktop\Tracy_Chapman_-_Fast_Car_[topinweb_com].mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 4611353 ____A C:\Users\bob.ddl-PC\Desktop\Seal - Kiss From A Rose.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 4370498 ____A C:\Users\bob.ddl-PC\Desktop\01 - Better People.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 42482799 ____A C:\Users\bob.ddl-PC\Desktop\Charlie Lock Christmas concert.wmv
2012-06-05 06:45 - 2012-06-05 06:45 - 4207063 ____A C:\Users\bob.ddl-PC\Desktop\SLOW DANCING.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 4200126 ____A C:\Users\bob.ddl-PC\Desktop\John mayer - Message in a bottle.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 3986770 ____A C:\Users\bob.ddl-PC\Desktop\10 Hallelujah.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 39052170 ____A C:\Users\bob.ddl-PC\Desktop\CoD4MW-1.6-1.7-PatchSetup.zip
2012-06-05 06:45 - 2012-06-05 06:45 - 3850845 ____A C:\Users\bob.ddl-PC\Desktop\12 Heaven Is a Halfpipe.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 3512160 ____A C:\Users\bob.ddl-PC\Desktop\MOV01145.MP4
2012-06-05 06:45 - 2012-06-05 06:45 - 3203509 ____A C:\Users\bob.ddl-PC\Desktop\09 All Star.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 296333611 ____A C:\Users\bob.ddl-PC\Desktop\CoD4MW-1.6-PatchSetup.zip
2012-06-05 06:45 - 2012-06-05 06:45 - 264995409 ____A C:\Users\bob.ddl-PC\Desktop\Age of Empires 2_Age of Kings.rar
2012-06-05 06:45 - 2012-06-05 06:45 - 1545958 ____A C:\Users\bob.ddl-PC\Desktop\DSC01150.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 1543567 ____A C:\Users\bob.ddl-PC\Desktop\DSC01149.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 1401731 ____A C:\Users\bob.ddl-PC\Desktop\DSC01146.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 1048576 ____A C:\Users\bob.ddl-PC\Desktop\Pokemon Red (UE) [S][!].gb
2012-06-05 06:45 - 2012-06-05 06:45 - 0972540 ____A C:\Users\bob.ddl-PC\Desktop\DSC01148.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 0709423 ____A C:\Users\bob.ddl-PC\Desktop\RSBot-259.jar
2012-06-05 06:45 - 2012-06-05 06:45 - 0421165 ____A C:\Users\bob.ddl-PC\Desktop\APPFORM.docx
2012-06-05 06:45 - 2012-06-05 06:45 - 0313191 ____A C:\Users\bob.ddl-PC\Desktop\amtv- midi.cpr
2012-06-05 06:45 - 2012-06-05 06:45 - 0313191 ____A C:\Users\bob.ddl-PC\Desktop\amtv- midi - Copy.cpr
2012-06-05 06:45 - 2012-06-05 06:45 - 0160776 ____A C:\Users\bob.ddl-PC\Desktop\forbbiden planet kl.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 0155989 ____A C:\Users\bob.ddl-PC\Desktop\263586_10150230232398481_584628480_7243578_5055282_n.zip
2012-06-05 06:45 - 2012-06-05 06:45 - 0121649 ____A C:\Users\bob.ddl-PC\Desktop\campout place.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 0079888 ____A C:\Users\bob.ddl-PC\Desktop\forbbiden planet.cpr
2012-06-05 06:45 - 2012-06-05 06:45 - 0053195 ____A C:\Users\bob.ddl-PC\Desktop\prom ).jpg
2012-06-05 06:45 - 2012-06-05 06:45 - 0053195 ____A C:\Users\bob.ddl-PC\Desktop\263586_10150230232398481_584628480_7243578_5055282_n.jpg
2012-06-05 06:45 - 2012-06-05 06:45 - 0050847 ____A C:\Users\bob.ddl-PC\Desktop\AS Music History and analysis Haydn Drumroll.docx
2012-06-05 06:45 - 2012-06-05 06:45 - 0050836 ____A C:\Users\bob.ddl-PC\Desktop\prom.jpg
2012-06-05 06:45 - 2012-06-05 06:45 - 0032812 ____A C:\Users\bob.ddl-PC\Desktop\Pokemon Red.sav
2012-06-05 06:45 - 2012-06-05 06:45 - 0032812 ____A C:\Users\bob.ddl-PC\Desktop\Pokemon Red (UE) [S][!].sav
2012-06-05 06:45 - 2012-06-05 06:45 - 0029653 ____A C:\Users\bob.ddl-PC\Desktop\giant croc.jpg
2012-06-05 06:45 - 2012-06-05 06:45 - 0014802 ____A C:\Users\bob.ddl-PC\Desktop\Homework AS Music kl.docx
2012-06-05 06:45 - 2012-06-05 06:45 - 0013604 ____A C:\Users\bob.ddl-PC\Desktop\Pokemon Red1.sgm
2012-06-05 06:45 - 2012-06-05 06:45 - 0012913 ____A C:\Users\bob.ddl-PC\Desktop\Homework as music.docx
2012-06-05 06:45 - 2012-06-05 06:45 - 0008973 ____A C:\Users\bob.ddl-PC\Desktop\README.txt
2012-06-05 06:45 - 2012-06-05 06:45 - 0006945 ____A C:\Users\bob.ddl-PC\Desktop\Cheats.doc
2012-06-05 06:45 - 2012-06-05 06:45 - 0001465 ____A C:\Users\bob.ddl-PC\Desktop\GamersHell.url
2012-06-05 06:45 - 2012-06-05 06:45 - 0001240 ____A C:\Users\bob.ddl-PC\Desktop\espionage.txt
2012-06-05 06:45 - 2012-06-05 06:45 - 0001012 ____A C:\Users\bob.ddl-PC\Desktop\GH3D.txt
2012-06-05 06:45 - 2012-06-05 06:45 - 0000775 ____A C:\Users\bob.ddl-PC\Desktop\cocoa nut barrage.txt
2012-06-05 06:45 - 2012-06-05 06:45 - 0000713 ____A C:\Users\bob.ddl-PC\Desktop\Sony Ericsson W700i Walkman - Titanium Gold Unlocked Mobile Phone 7311270037928 eBay.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000637 ____A C:\Users\bob.ddl-PC\Desktop\Bicycle Engine Kit 48cc two stroke 2012 American Model available mid february !! eBay.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000613 ____A C:\Users\bob.ddl-PC\Desktop\Pasante Gentle Light Lube 10ml sachets Lubricants Postal Condoms.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000591 ____A C:\Users\bob.ddl-PC\Desktop\g scooter petrol big 50cc mini moto eBay.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000588 ____A C:\Users\bob.ddl-PC\Desktop\Preloved mini motorbike for sale or swap for sale in London, Great London, UK.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000558 ____A C:\Users\bob.ddl-PC\Desktop\SouthOrd 9pc Slimline (Euro) Lock pick-set.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000555 ____A C:\Users\bob.ddl-PC\Desktop\Call of Duty 4 Private-Servers.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000542 ____A C:\Users\bob.ddl-PC\Desktop\Sony Ericsson W205 - (grade C) Mobile Phone - Unlocked - Except Three (7311271197461) eBay.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000515 ____A C:\Users\bob.ddl-PC\Desktop\How to Make an RSBot Script.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000324 ____A C:\Users\bob.ddl-PC\Desktop\Teach Guitar Lesson Plans and printable Handouts.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000056 ____A C:\Users\bob.ddl-PC\Desktop\All My Latest Stuff.URL
2012-06-05 05:43 - 2012-06-06 06:33 - 14008068 ____A C:\RannohDecryptor.1.1.0.0_05.06.2012_05.43.55_log.txt
2012-06-04 23:34 - 2012-06-05 05:43 - 0002788 ____A C:\RannohDecryptor.1.1.0.0_04.06.2012_23.34.09_log.txt
2012-06-04 23:32 - 2012-06-04 23:33 - 0002436 ____A C:\RannohDecryptor.1.1.0.0_04.06.2012_23.32.00_log.txt
2012-06-04 23:30 - 2012-06-04 23:30 - 0448816 ____A (Kaspersky Lab ZAO) C:\Users\ddl\Desktop\rannohdecryptor.exe
2012-06-04 19:25 - 2012-06-04 19:25 - 0001442 ____A C:\Users\ddl\Desktop\ARK.TXT
2012-06-04 18:52 - 2011-07-16 22:21 - 0302592 ____A C:\Users\ddl\Desktop\gmer.exe
2012-06-04 18:51 - 2012-06-04 18:51 - 0294216 ____A C:\Users\ddl\Desktop\gmer.zip
2012-06-04 18:48 - 2012-06-04 18:48 - 0029244 ____A C:\Users\ddl\Desktop\DDS.txt
2012-06-04 18:48 - 2012-06-04 18:48 - 0012531 ____A C:\Users\ddl\Desktop\Attach.txt
2012-06-04 12:31 - 2012-06-04 13:11 - 0167064 ____A C:\Windows\ntbtlog.txt
2012-06-03 14:47 - 2012-06-03 14:47 - 0010396 ____A C:\Users\ddl\Documents\Hi guys.docx
2012-06-02 17:12 - 2012-06-02 17:12 - 0010260 ____A C:\Users\ddl\Documents\Shelley Dobbs was very helpful and patient with me and my anxiety.docx
2012-05-29 18:10 - 2012-05-29 18:10 - 0002169 ____A C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2012-05-29 13:44 - 2012-06-01 15:38 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\Tfhi
2012-05-29 13:44 - 2012-05-29 13:56 - 0000000 ____D C:\Users\All Users\F4D55F1700002E2900012294B4EB2331
2012-05-29 12:51 - 2012-06-05 06:47 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\PowerISO
2012-05-24 11:32 - 2012-05-24 11:32 - 0000000 ____D C:\Users\charlie\AppData\Roaming\HP
2012-05-22 16:40 - 2012-05-22 16:47 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\windows iso's
2012-05-22 16:40 - 2012-05-22 16:40 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\PowerISO
2012-05-22 16:37 - 2012-06-03 14:55 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-05-22 16:36 - 2012-06-03 14:55 - 0000000 ____D C:\Program Files (x86)\PowerISO
2012-05-22 16:36 - 2012-04-19 04:57 - 0126912 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-05-15 12:14 - 2012-06-05 06:52 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\audio drivers
2012-05-15 12:10 - 2012-06-05 06:52 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\Feeder Generation Freakshow 2012 320 kbps
2012-05-15 12:04 - 2012-06-05 06:52 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\John Mayer - Born and Raised (2012)
2012-05-15 02:48 - 2012-06-05 06:52 - 34627360 ____A C:\Users\bob.ddl-PC\Downloads\vlcmediaplayer-setup (1).exe
2012-05-14 22:57 - 2012-05-14 22:57 - 0000486 ____A C:\Users\bob.ddl-PC\Desktop\Home - Play.com (UK) - Free Delivery.website
2012-05-14 22:16 - 2012-06-05 06:52 - 2906176 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Downloads\R80459.EXE
2012-05-14 22:16 - 2012-05-14 22:17 - 0002873 ____A C:\Users\bob.ddl-PC\Desktop\Dell Driver Download Manager.lnk
2012-05-14 22:16 - 2012-05-14 22:16 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\Dell
2012-05-14 22:14 - 2012-06-05 06:45 - 8884664 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R91928.EXE
2012-05-14 22:14 - 2012-06-05 06:45 - 7411096 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R94481.EXE
2012-05-14 22:14 - 2012-06-05 06:45 - 2906176 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R80459.EXE
2012-05-14 22:14 - 2012-06-05 06:45 - 25277376 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R69382.EXE
2012-05-14 21:19 - 2012-06-05 06:52 - 4935680 ____A C:\Users\bob.ddl-PC\Downloads\3com_3crusb10075_drv6332 (1).exe
2012-05-14 21:01 - 2012-06-05 06:52 - 4935680 ____A C:\Users\bob.ddl-PC\Downloads\3com_3crusb10075_drv6332.exe
2012-05-14 20:58 - 2012-06-05 06:52 - 0580608 ____A C:\Users\bob.ddl-PC\Downloads\setup_770356.exe
2012-05-13 03:01 - 2012-05-13 03:01 - 20343808 ___RA C:\Windows\Installer\161a2fc7.msp
2012-05-12 07:06 - 2012-03-30 12:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 07:06 - 2012-03-03 07:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 07:06 - 2012-03-03 06:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 07:05 - 2012-03-31 07:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 07:05 - 2012-03-31 05:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 07:05 - 2012-03-31 05:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 07:05 - 2012-03-31 04:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 06:49 - 2012-03-17 08:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys


============ 3 Months Modified Files and Folders =============

2012-06-08 13:17 - 2012-06-08 13:17 - 0000000 ____D C:\FRST
2012-06-08 13:17 - 2012-04-03 06:54 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-08 13:17 - 2009-07-14 05:51 - 0880542 ____A C:\Windows\setupact.log
2012-06-08 13:16 - 2010-10-01 22:26 - 0000000 ____D C:\Users\ddl\AppData\Roaming\uTorrent
2012-06-08 13:07 - 2010-10-02 10:20 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-08 12:02 - 2012-06-08 12:02 - 0109608 ____A C:\Users\charlie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-08 12:02 - 2012-06-08 12:02 - 0000000 ____D C:\Users\charlie\AppData\Local\VirtualStore
2012-06-08 12:02 - 2012-06-08 12:02 - 0000000 ____D C:\Users\charlie\AppData\Local\Google
2012-06-08 12:02 - 2012-06-08 12:02 - 0000000 ____D C:\Users\charlie\AppData\Local\Apple Computer
2012-06-08 12:02 - 2011-02-13 12:55 - 0000000 ____D C:\Users\charlie\AppData\Roaming\uTorrent
2012-06-08 12:02 - 2010-10-02 10:20 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-08 09:55 - 2012-06-08 09:55 - 0000000 ____D C:\Users\ddl\AppData\Local\Adobe
2012-06-08 09:48 - 2010-10-01 21:46 - 1855713 ____A C:\Windows\WindowsUpdate.log
2012-06-08 08:58 - 2009-07-14 08:23 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-06-08 08:19 - 2011-10-26 10:46 - 0002048 ___AH C:\Users\ddl\Documents\Default.rdp
2012-06-08 08:18 - 2011-09-22 07:15 - 0000489 ____A C:\Users\ddl\Desktop\Torrent list - Demonoid.website
2012-06-08 08:18 - 2010-10-02 10:20 - 0000000 ____D C:\Users\ddl\AppData\Local\Google
2012-06-08 08:05 - 2012-06-08 08:05 - 0179200 ____A C:\Windows\Installer\53bc3f5.msi
2012-06-08 08:04 - 2012-06-08 08:04 - 0461312 ____A C:\Windows\Installer\53bc3ec.msi
2012-06-08 08:04 - 2012-06-08 08:04 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-08 08:04 - 2012-06-08 08:04 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-08 08:04 - 2012-06-08 08:04 - 0000000 ____D C:\Windows\Installer\{1111706F-666A-4037-7777-210328764D10}
2012-06-08 08:04 - 2012-06-08 08:04 - 0000000 ____D C:\Program Files (x86)\Oracle
2012-06-08 08:04 - 2010-10-01 22:21 - 0000000 ____D C:\Users\ddl\AppData\LocalLow
2012-06-08 08:03 - 2012-06-08 08:03 - 17379840 ____A C:\Windows\Installer\53bc3e8.msi
2012-06-08 08:03 - 2010-10-02 17:47 - 0000000 ____D C:\Program Files (x86)\Java
2012-06-08 08:00 - 2011-11-06 11:41 - 0000000 ____D C:\Users\ddl\Documents\frequent
2012-06-07 12:07 - 2011-01-30 12:51 - 0000000 ___HD C:\Users\All Users\Soluto
2012-06-07 12:06 - 2012-06-07 12:06 - 0109608 ____A C:\Users\ddl\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-07 11:52 - 2011-07-13 10:27 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Local\VirtualStore
2012-06-07 11:51 - 2011-07-13 16:30 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Local\Apps\2.0
2012-06-07 11:50 - 2011-06-17 20:13 - 0000000 ____D C:\Users\ddl\AppData\Local\Windows Live
2012-06-07 11:50 - 2010-10-01 22:21 - 0000000 ____D C:\Users\ddl\AppData\Local\VirtualStore
2012-06-07 11:48 - 2010-10-02 10:20 - 0000000 ____D C:\Program Files (x86)\Google
2012-06-07 11:47 - 2010-10-02 23:09 - 0000000 ____D C:\Program Files\Java
2012-06-07 11:29 - 2012-06-07 11:29 - 0011371 ____A C:\Users\ddl\Documents\close halifax save acc.docx
2012-06-07 11:12 - 2012-06-07 11:04 - 0000000 ___RD C:\Family videos
2012-06-07 11:02 - 2012-06-07 11:01 - 0000000 ___RD C:\Family photos
2012-06-07 11:02 - 2009-07-14 06:13 - 0721264 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-07 07:49 - 2009-07-14 05:45 - 0016128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 07:49 - 2009-07-14 05:45 - 0016128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 07:41 - 2009-07-14 06:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-07 07:40 - 2010-07-30 12:22 - 3219787776 __ASH C:\hiberfil.sys
2012-06-06 06:33 - 2012-06-05 05:43 - 14008068 ____A C:\RannohDecryptor.1.1.0.0_05.06.2012_05.43.55_log.txt
2012-06-05 06:59 - 2009-07-14 04:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-06-05 06:57 - 2011-07-13 10:27 - 0000000 ____D C:\users\bob.ddl-PC
2012-06-05 06:53 - 2012-03-07 22:38 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\The Ricky Gervais Show Season 1 & 2 + Extras (Meet Karl Pilkington, A Guide To... etc)
2012-06-05 06:52 - 2012-06-05 06:52 - 7467666 ____A C:\Users\bob.ddl-PC\Downloads\John Mayer - Slow dancing in a burning room [acoustic studio version w download].mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 5754623 ____A C:\Users\bob.ddl-PC\Downloads\Lights - Fall Back Down (Acoustic EP) - Rancid Cover.mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 5280146 ____A C:\Users\bob.ddl-PC\Downloads\Experimental draft 1.mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 43780952 ____A C:\Users\bob.ddl-PC\Downloads\Minecraft_Beta_Cracked_v1.7.3.zip
2012-06-05 06:52 - 2012-06-05 06:52 - 3065706 ____A C:\Users\bob.ddl-PC\Downloads\Waiting on the world to change.mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 2573924 ____A C:\Users\bob.ddl-PC\Documents\Doc2.jpg.docx
2012-06-05 06:52 - 2012-06-05 06:52 - 17616849 ____A C:\Users\bob.ddl-PC\Downloads\John Mayer - Waiting on the World to Change (Cover).mp4
2012-06-05 06:52 - 2012-06-05 06:52 - 1712038 ____A C:\Users\bob.ddl-PC\Documents\CAMPOUT.docx
2012-06-05 06:52 - 2012-06-05 06:52 - 1263473 ____A C:\Users\bob.ddl-PC\Downloads\John Mayer NEW WORLD PREMIERE _Something Like Olivia_ Hotel Cafe.mp3
2012-06-05 06:52 - 2012-06-05 06:52 - 0380124 ____A C:\Users\bob.ddl-PC\Downloads\Pokemon Red (UE) [S][!].zip
2012-06-05 06:52 - 2012-06-05 06:52 - 0226203 ____A C:\Users\bob.ddl-PC\Documents\Music Tech presentation charlie.pptx
2012-06-05 06:52 - 2012-06-05 06:52 - 0178953 ____A C:\Users\bob.ddl-PC\Downloads\Pokemon.zip
2012-06-05 06:52 - 2012-06-05 06:52 - 0055834 ____A C:\Users\bob.ddl-PC\Downloads\[isoHunt] JACK JOHNSON - DISCOGRAPHY [CHANNEL NEO].torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0030267 ____A C:\Users\bob.ddl-PC\Downloads\[isoHunt] James_Bond_(10)_the_Spy_Who_Loved_(ipod)_(jdeproductions).5219706.TPB.torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0028968 ____A C:\Users\bob.ddl-PC\Documents\CFCs.docx
2012-06-05 06:52 - 2012-06-05 06:52 - 0016247 ____A C:\Users\bob.ddl-PC\Downloads\Tobias lock- CV.docx
2012-06-05 06:52 - 2012-06-05 06:52 - 0013826 ____A C:\Users\bob.ddl-PC\Downloads\Minecraft_Beta_1.7.3_Cracked_[Full_Installer].6525100.TPB.torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0010753 ____A C:\Users\bob.ddl-PC\Downloads\[isoHunt] John Mayer - The Village Sessions.torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0005533 ____A C:\Users\bob.ddl-PC\Documents\super mario theme tune (acoustic version).wlmp
2012-06-05 06:52 - 2012-06-05 06:52 - 0003400 ____A C:\Users\bob.ddl-PC\Downloads\Terraria_Full_Game_1.0.5_(No_Crack_Required).6534597.TPB.torrent
2012-06-05 06:52 - 2012-06-05 06:52 - 0002048 ____A C:\Users\bob.ddl-PC\Documents\Default.rdp
2012-06-05 06:52 - 2012-05-15 12:14 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\audio drivers
2012-06-05 06:52 - 2012-05-15 12:10 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\Feeder Generation Freakshow 2012 320 kbps
2012-06-05 06:52 - 2012-05-15 12:04 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\John Mayer - Born and Raised (2012)
2012-06-05 06:52 - 2012-05-15 02:48 - 34627360 ____A C:\Users\bob.ddl-PC\Downloads\vlcmediaplayer-setup (1).exe
2012-06-05 06:52 - 2012-05-14 22:16 - 2906176 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Downloads\R80459.EXE
2012-06-05 06:52 - 2012-05-14 21:19 - 4935680 ____A C:\Users\bob.ddl-PC\Downloads\3com_3crusb10075_drv6332 (1).exe
2012-06-05 06:52 - 2012-05-14 21:01 - 4935680 ____A C:\Users\bob.ddl-PC\Downloads\3com_3crusb10075_drv6332.exe
2012-06-05 06:52 - 2012-05-14 20:58 - 0580608 ____A C:\Users\bob.ddl-PC\Downloads\setup_770356.exe
2012-06-05 06:52 - 2012-05-07 22:47 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\Matt Costa - Unfamiliar Faces (2008)(Incl. Bonus Tracks)(Indie Folk Rock)(VBR-MP3)
2012-06-05 06:52 - 2012-05-07 22:43 - 0000000 ____D C:\Users\bob.ddl-PC\Downloads\Pete Murray - Feeler
2012-06-05 06:52 - 2012-03-14 14:56 - 0425984 ____A C:\Users\bob.ddl-PC\Downloads\pbsvnew.dll
2012-06-05 06:52 - 2012-02-18 05:49 - 0000000 ____D C:\Users\bob.ddl-PC\Documents\Skyrim
2012-06-05 06:52 - 2012-02-16 00:11 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\The World of Karl Pilkington - Karl Pilkington ; Stephen Merchant ; Ricky Gervais
2012-06-05 06:52 - 2012-02-15 01:09 - 0000000 ____D C:\Users\bob.ddl-PC\Documents\GTA San Andreas User Files
2012-06-05 06:52 - 2011-08-12 17:45 - 0000000 ____D C:\Users\bob.ddl-PC\Documents\rsbot 2
2012-06-05 06:52 - 2011-07-16 11:39 - 0000000 ____D C:\Users\bob.ddl-PC\Documents\VisualBoyAdvance-1.8.0-beta3
2012-06-05 06:52 - 2011-07-13 16:21 - 46824293 ____A (minecraftinstall.net ) C:\Users\bob.ddl-PC\Downloads\Minecraft_Beta_Cracked_v1.7.3.exe
2012-06-05 06:51 - 2011-12-28 18:57 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\The Ricky Gervais Guide To... Season 1 & 2
2012-06-05 06:51 - 2011-11-20 00:09 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\The Office (UK) Series 1 + 2 Christmas Specials And Extras
2012-06-05 06:48 - 2011-12-27 00:32 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\The Expendables (R5) (G1, PSP, iPod, iPod Touch, iPhone, Zune)
2012-06-05 06:47 - 2012-05-29 12:51 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\PowerISO
2012-06-05 06:47 - 2011-12-29 18:24 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Newton Faulkner -Rebuilt By Humans - 2009
2012-06-05 06:47 - 2011-12-27 00:33 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Sum41-Underclass_Hero-(Retail)-2007-HHI
2012-06-05 06:47 - 2011-09-05 23:25 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\pics
2012-06-05 06:47 - 2011-08-11 14:36 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\rsbot scripts
2012-06-05 06:47 - 2011-08-09 11:06 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Room for Squares
2012-06-05 06:46 - 2012-06-05 06:46 - 267578227 ____A C:\Users\bob.ddl-PC\Desktop\VID00074.MP4
2012-06-05 06:46 - 2012-06-05 06:46 - 0011682 ____A C:\Users\bob.ddl-PC\Desktop\Why should we be governed.docx
2012-06-05 06:46 - 2012-06-05 06:45 - 265173918 ____A C:\Users\bob.ddl-PC\Desktop\VID00073.MP4
2012-06-05 06:46 - 2012-02-15 00:53 - 0065536 ____A C:\Users\bob.ddl-PC\Desktop\vorbisFile.dll
2012-06-05 06:46 - 2012-01-30 22:15 - 1974352 ____A (None) C:\Users\bob.ddl-PC\Desktop\VisualBoyAdvance.exe
2012-06-05 06:46 - 2011-12-29 18:24 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Newton Faulkner - Hand Built By Robots (music by Darren)
2012-06-05 06:46 - 2011-09-05 23:27 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\movies
2012-06-05 06:46 - 2011-07-14 12:47 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\minecraft
2012-06-05 06:45 - 2012-06-05 06:45 - 9168083 ____A C:\Users\bob.ddl-PC\Desktop\John Mayer - Say.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 8605864 ____A C:\Users\bob.ddl-PC\Desktop\Noah_And_The_Whale_-_5_Years_Time_[topinweb_com].mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 7167997 ____A C:\Users\bob.ddl-PC\Desktop\ed sheeran finished.wma
2012-06-05 06:45 - 2012-06-05 06:45 - 7167997 ____A C:\Users\bob.ddl-PC\Desktop\ed sheeran finished.mp3.wma
2012-06-05 06:45 - 2012-06-05 06:45 - 4747264 ____A C:\Users\bob.ddl-PC\Desktop\Tracy_Chapman_-_Fast_Car_[topinweb_com].mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 4611353 ____A C:\Users\bob.ddl-PC\Desktop\Seal - Kiss From A Rose.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 4370498 ____A C:\Users\bob.ddl-PC\Desktop\01 - Better People.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 42482799 ____A C:\Users\bob.ddl-PC\Desktop\Charlie Lock Christmas concert.wmv
2012-06-05 06:45 - 2012-06-05 06:45 - 4207063 ____A C:\Users\bob.ddl-PC\Desktop\SLOW DANCING.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 4200126 ____A C:\Users\bob.ddl-PC\Desktop\John mayer - Message in a bottle.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 3986770 ____A C:\Users\bob.ddl-PC\Desktop\10 Hallelujah.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 39052170 ____A C:\Users\bob.ddl-PC\Desktop\CoD4MW-1.6-1.7-PatchSetup.zip
2012-06-05 06:45 - 2012-06-05 06:45 - 3850845 ____A C:\Users\bob.ddl-PC\Desktop\12 Heaven Is a Halfpipe.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 3512160 ____A C:\Users\bob.ddl-PC\Desktop\MOV01145.MP4
2012-06-05 06:45 - 2012-06-05 06:45 - 3203509 ____A C:\Users\bob.ddl-PC\Desktop\09 All Star.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 296333611 ____A C:\Users\bob.ddl-PC\Desktop\CoD4MW-1.6-PatchSetup.zip
2012-06-05 06:45 - 2012-06-05 06:45 - 264995409 ____A C:\Users\bob.ddl-PC\Desktop\Age of Empires 2_Age of Kings.rar
2012-06-05 06:45 - 2012-06-05 06:45 - 1545958 ____A C:\Users\bob.ddl-PC\Desktop\DSC01150.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 1543567 ____A C:\Users\bob.ddl-PC\Desktop\DSC01149.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 1401731 ____A C:\Users\bob.ddl-PC\Desktop\DSC01146.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 1048576 ____A C:\Users\bob.ddl-PC\Desktop\Pokemon Red (UE) [S][!].gb
2012-06-05 06:45 - 2012-06-05 06:45 - 0972540 ____A C:\Users\bob.ddl-PC\Desktop\DSC01148.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 0709423 ____A C:\Users\bob.ddl-PC\Desktop\RSBot-259.jar
2012-06-05 06:45 - 2012-06-05 06:45 - 0421165 ____A C:\Users\bob.ddl-PC\Desktop\APPFORM.docx
2012-06-05 06:45 - 2012-06-05 06:45 - 0313191 ____A C:\Users\bob.ddl-PC\Desktop\amtv- midi.cpr
2012-06-05 06:45 - 2012-06-05 06:45 - 0313191 ____A C:\Users\bob.ddl-PC\Desktop\amtv- midi - Copy.cpr
2012-06-05 06:45 - 2012-06-05 06:45 - 0160776 ____A C:\Users\bob.ddl-PC\Desktop\forbbiden planet kl.mp3
2012-06-05 06:45 - 2012-06-05 06:45 - 0155989 ____A C:\Users\bob.ddl-PC\Desktop\263586_10150230232398481_584628480_7243578_5055282_n.zip
2012-06-05 06:45 - 2012-06-05 06:45 - 0121649 ____A C:\Users\bob.ddl-PC\Desktop\campout place.JPG
2012-06-05 06:45 - 2012-06-05 06:45 - 0079888 ____A C:\Users\bob.ddl-PC\Desktop\forbbiden planet.cpr
2012-06-05 06:45 - 2012-06-05 06:45 - 0053195 ____A C:\Users\bob.ddl-PC\Desktop\prom ).jpg
2012-06-05 06:45 - 2012-06-05 06:45 - 0053195 ____A C:\Users\bob.ddl-PC\Desktop\263586_10150230232398481_584628480_7243578_5055282_n.jpg
2012-06-05 06:45 - 2012-06-05 06:45 - 0050847 ____A C:\Users\bob.ddl-PC\Desktop\AS Music History and analysis Haydn Drumroll.docx
2012-06-05 06:45 - 2012-06-05 06:45 - 0050836 ____A C:\Users\bob.ddl-PC\Desktop\prom.jpg
2012-06-05 06:45 - 2012-06-05 06:45 - 0032812 ____A C:\Users\bob.ddl-PC\Desktop\Pokemon Red.sav
2012-06-05 06:45 - 2012-06-05 06:45 - 0032812 ____A C:\Users\bob.ddl-PC\Desktop\Pokemon Red (UE) [S][!].sav
2012-06-05 06:45 - 2012-06-05 06:45 - 0029653 ____A C:\Users\bob.ddl-PC\Desktop\giant croc.jpg
2012-06-05 06:45 - 2012-06-05 06:45 - 0014802 ____A C:\Users\bob.ddl-PC\Desktop\Homework AS Music kl.docx
2012-06-05 06:45 - 2012-06-05 06:45 - 0013604 ____A C:\Users\bob.ddl-PC\Desktop\Pokemon Red1.sgm
2012-06-05 06:45 - 2012-06-05 06:45 - 0012913 ____A C:\Users\bob.ddl-PC\Desktop\Homework as music.docx
2012-06-05 06:45 - 2012-06-05 06:45 - 0008973 ____A C:\Users\bob.ddl-PC\Desktop\README.txt
2012-06-05 06:45 - 2012-06-05 06:45 - 0006945 ____A C:\Users\bob.ddl-PC\Desktop\Cheats.doc
2012-06-05 06:45 - 2012-06-05 06:45 - 0001465 ____A C:\Users\bob.ddl-PC\Desktop\GamersHell.url
2012-06-05 06:45 - 2012-06-05 06:45 - 0001240 ____A C:\Users\bob.ddl-PC\Desktop\espionage.txt
2012-06-05 06:45 - 2012-06-05 06:45 - 0001012 ____A C:\Users\bob.ddl-PC\Desktop\GH3D.txt
2012-06-05 06:45 - 2012-06-05 06:45 - 0000775 ____A C:\Users\bob.ddl-PC\Desktop\cocoa nut barrage.txt
2012-06-05 06:45 - 2012-06-05 06:45 - 0000713 ____A C:\Users\bob.ddl-PC\Desktop\Sony Ericsson W700i Walkman - Titanium Gold Unlocked Mobile Phone 7311270037928 eBay.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000637 ____A C:\Users\bob.ddl-PC\Desktop\Bicycle Engine Kit 48cc two stroke 2012 American Model available mid february !! eBay.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000613 ____A C:\Users\bob.ddl-PC\Desktop\Pasante Gentle Light Lube 10ml sachets Lubricants Postal Condoms.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000591 ____A C:\Users\bob.ddl-PC\Desktop\g scooter petrol big 50cc mini moto eBay.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000588 ____A C:\Users\bob.ddl-PC\Desktop\Preloved mini motorbike for sale or swap for sale in London, Great London, UK.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000558 ____A C:\Users\bob.ddl-PC\Desktop\SouthOrd 9pc Slimline (Euro) Lock pick-set.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000555 ____A C:\Users\bob.ddl-PC\Desktop\Call of Duty 4 Private-Servers.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000542 ____A C:\Users\bob.ddl-PC\Desktop\Sony Ericsson W205 - (grade C) Mobile Phone - Unlocked - Except Three (7311271197461) eBay.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000515 ____A C:\Users\bob.ddl-PC\Desktop\How to Make an RSBot Script.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000324 ____A C:\Users\bob.ddl-PC\Desktop\Teach Guitar Lesson Plans and printable Handouts.website
2012-06-05 06:45 - 2012-06-05 06:45 - 0000056 ____A C:\Users\bob.ddl-PC\Desktop\All My Latest Stuff.URL
2012-06-05 06:45 - 2012-05-14 22:14 - 8884664 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R91928.EXE
2012-06-05 06:45 - 2012-05-14 22:14 - 7411096 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R94481.EXE
2012-06-05 06:45 - 2012-05-14 22:14 - 2906176 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R80459.EXE
2012-06-05 06:45 - 2012-05-14 22:14 - 25277376 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R69382.EXE
2012-06-05 06:45 - 2012-03-14 14:29 - 39968152 ____A (Activision ) C:\Users\bob.ddl-PC\Desktop\CoD4MW-1.6-1.7-PatchSetup.exe
2012-06-05 06:45 - 2012-02-15 00:53 - 0188416 ____A (Creative Technology Ltd) C:\Users\bob.ddl-PC\Desktop\eax.dll
2012-06-05 06:45 - 2012-02-05 21:47 - 7806976 ____A C:\Users\bob.ddl-PC\Desktop\f6d4050ea-1.03.13.exe
2012-06-05 06:45 - 2011-12-26 23:41 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\John Mayer All Albums by MusicmindedNL
2012-06-05 06:45 - 2011-09-11 20:20 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\John Mayer Trio - Try!
2012-06-05 06:45 - 2011-08-09 11:13 - 2555949 ____A (Microsoft Corporation) C:\Users\bob.ddl-PC\Desktop\empires2.exe
2012-06-05 06:45 - 2011-07-13 16:30 - 4690656 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R99254.EXE
2012-06-05 06:45 - 2011-07-13 16:30 - 4640840 ____A (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\bob.ddl-PC\Desktop\R128346.EXE
2012-06-05 06:45 - 2011-07-13 16:30 - 34888064 ____A C:\Users\bob.ddl-PC\Desktop\INTEL_MULTI-DEVICE_A18_R257684.exe
2012-06-05 06:45 - 2007-10-04 08:14 - 4498779 ____A C:\Users\bob.ddl-PC\Desktop\iw3sp.exe
2012-06-05 06:44 - 2012-03-16 13:32 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\John Mayer - The Village Sessions
2012-06-05 06:44 - 2011-12-30 01:20 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\John Mayer - Inside Wants Out
2012-06-05 06:44 - 2011-12-27 00:35 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\James Bond Complete Collection (iPod.Zune.PSP)
2012-06-05 06:37 - 2011-09-11 20:19 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Jack_Johnson-Sleep_Through_The_Static-(Deluxe_Edition)-2CD-2008-EON
2012-06-05 06:36 - 2011-10-19 17:27 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Jack Johnson-Brushfire Fairytales
2012-06-05 06:36 - 2011-09-11 20:19 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Foo Fighters - Greatest Hits 320 kbps {vigoni} {PURE RG}
2012-06-05 06:36 - 2011-09-05 23:26 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\france
2012-06-05 06:36 - 2011-08-19 11:34 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Heavier Things
2012-06-05 06:36 - 2011-07-16 22:46 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Images
2012-06-05 06:35 - 2011-12-29 14:34 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Ed Sheeran - + 2011
2012-06-05 06:35 - 2011-10-19 17:27 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Ed Sheeran - + (Plus) [iTunes Deluxe Edition @320kbps] [PR!M3]
2012-06-05 06:35 - 2011-08-19 11:39 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Continuum
2012-06-05 06:31 - 2012-02-21 00:23 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Call of duty 4 [PC-DVD] [English]
2012-06-05 06:24 - 2012-01-02 01:52 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Back to the future Trilogy (iPod,Zune.PSP)
2012-06-05 06:24 - 2011-08-19 11:37 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Battle Studies
2012-06-05 06:23 - 2012-01-02 01:54 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Austin Powers Pack (PSP + Ipod touch + Zune)
2012-06-05 06:22 - 2011-12-28 18:32 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\American Pie Collection 1-7 (PSP + Ipod touch + Zune)
2012-06-05 06:21 - 2011-08-09 11:13 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\Age of Empires 2_Age of Kings
2012-06-05 06:20 - 2011-07-15 01:48 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\vlc
2012-06-05 06:20 - 2011-07-13 15:41 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\uTorrent
2012-06-05 06:17 - 2009-11-09 16:57 - 0000000 ____D C:\Setup
2012-06-05 06:16 - 2010-10-02 19:00 - 0000000 ____D C:\Images
2012-06-05 06:16 - 2010-10-01 23:44 - 0000000 ___HD C:\Users\All Users\WEBREG
2012-06-05 06:16 - 2009-11-09 17:27 - 0000000 ____D C:\Readme
2012-06-05 06:16 - 2009-11-09 17:27 - 0000000 ____D C:\Patches
2012-06-05 06:16 - 2009-11-09 17:26 - 0000000 ____D C:\launcher
2012-06-05 06:15 - 2010-10-02 18:59 - 0000000 ____D C:\Audio
2012-06-05 06:15 - 2009-11-09 17:26 - 0000000 ____D C:\EReg
2012-06-05 05:43 - 2012-06-04 23:34 - 0002788 ____A C:\RannohDecryptor.1.1.0.0_04.06.2012_23.34.09_log.txt
2012-06-04 23:33 - 2012-06-04 23:32 - 0002436 ____A C:\RannohDecryptor.1.1.0.0_04.06.2012_23.32.00_log.txt
2012-06-04 23:30 - 2012-06-04 23:30 - 0448816 ____A (Kaspersky Lab ZAO) C:\Users\ddl\Desktop\rannohdecryptor.exe
2012-06-04 19:25 - 2012-06-04 19:25 - 0001442 ____A C:\Users\ddl\Desktop\ARK.TXT
2012-06-04 18:51 - 2012-06-04 18:51 - 0294216 ____A C:\Users\ddl\Desktop\gmer.zip
2012-06-04 18:48 - 2012-06-04 18:48 - 0029244 ____A C:\Users\ddl\Desktop\DDS.txt
2012-06-04 18:48 - 2012-06-04 18:48 - 0012531 ____A C:\Users\ddl\Desktop\Attach.txt
2012-06-04 13:11 - 2012-06-04 12:31 - 0167064 ____A C:\Windows\ntbtlog.txt
2012-06-04 11:51 - 2011-11-26 18:03 - 0086921 ____A C:\Users\ddl\Documents\bookmark.htm
2012-06-04 07:38 - 2010-10-01 22:40 - 0027000 ____A C:\Windows\PFRO.log
2012-06-03 14:57 - 2010-10-01 22:20 - 0000000 ____D C:\users\ddl
2012-06-03 14:57 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-06-03 14:55 - 2012-05-22 16:37 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-03 14:55 - 2012-05-22 16:36 - 0000000 ____D C:\Program Files (x86)\PowerISO
2012-06-03 14:55 - 2011-01-29 11:56 - 0000000 ____D C:\Program Files\WinRAR
2012-06-03 14:55 - 2010-10-11 16:37 - 0000000 ____D C:\users\charlie
2012-06-03 14:55 - 2010-10-03 16:10 - 0000000 ___HD C:\users\Guest
2012-06-03 14:55 - 2010-10-01 23:41 - 0000000 ____D C:\Windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}
2012-06-03 14:55 - 2010-10-01 23:34 - 0000000 ____D C:\Users\ddl\AppData\Roaming\vlc
2012-06-03 14:55 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\NDF
2012-06-03 14:55 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\AppCompat
2012-06-03 14:54 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\registration
2012-06-03 14:52 - 2009-11-09 16:57 - 0000000 ____D C:\Docs
2012-06-03 14:52 - 2008-11-03 22:13 - 0000000 ____D C:\Intel
2012-06-03 14:47 - 2012-06-03 14:47 - 0010396 ____A C:\Users\ddl\Documents\Hi guys.docx
2012-06-02 20:02 - 2011-07-13 15:08 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\.minecraft
2012-06-02 17:12 - 2012-06-02 17:12 - 0010260 ____A C:\Users\ddl\Documents\Shelley Dobbs was very helpful and patient with me and my anxiety.docx
2012-06-01 15:38 - 2012-05-29 13:44 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\Tfhi
2012-05-29 18:10 - 2012-05-29 18:10 - 0002169 ____A C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2012-05-29 13:56 - 2012-05-29 13:44 - 0000000 ____D C:\Users\All Users\F4D55F1700002E2900012294B4EB2331
2012-05-29 13:52 - 2012-01-30 22:15 - 0018349 ____A C:\Users\bob.ddl-PC\Desktop\locked-COPYING.kjby
2012-05-24 11:32 - 2012-05-24 11:32 - 0000000 ____D C:\Users\charlie\AppData\Roaming\HP
2012-05-22 16:52 - 2011-07-13 10:27 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\LocalLow
2012-05-22 16:47 - 2012-05-22 16:40 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\windows iso's
2012-05-22 16:40 - 2012-05-22 16:40 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\PowerISO
2012-05-14 22:57 - 2012-05-14 22:57 - 0000486 ____A C:\Users\bob.ddl-PC\Desktop\Home - Play.com (UK) - Free Delivery.website
2012-05-14 22:17 - 2012-05-14 22:16 - 0002873 ____A C:\Users\bob.ddl-PC\Desktop\Dell Driver Download Manager.lnk
2012-05-14 22:16 - 2012-05-14 22:16 - 0000000 ____D C:\Users\bob.ddl-PC\AppData\Roaming\Dell
2012-05-13 03:28 - 2010-10-28 09:51 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 03:28 - 2009-07-14 05:45 - 0413368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 03:05 - 2010-10-05 16:27 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-13 03:05 - 2010-10-01 22:52 - 0000000 ____D C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}
2012-05-13 03:05 - 2010-10-01 22:35 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-13 03:02 - 2010-10-28 09:51 - 0000000 ____D C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
2012-05-13 03:01 - 2012-05-13 03:01 - 20343808 ___RA C:\Windows\Installer\161a2fc7.msp
2012-05-13 03:01 - 2009-07-14 08:24 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-05 15:19 - 2012-04-03 06:54 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 15:19 - 2011-06-02 14:12 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-05 15:18 - 2012-04-14 17:19 - 8769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-01 03:01 - 2012-05-01 03:01 - 0000000 ____D C:\Windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}
2012-05-01 03:01 - 2012-05-01 03:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-01 03:01 - 2011-01-27 19:05 - 0726386 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-01 03:01 - 2011-01-27 19:05 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-01 03:01 - 2011-01-27 19:04 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-30 14:38 - 2012-04-30 14:38 - 5011456 ___RA C:\Windows\Installer\161a3047.msp
2012-04-30 13:32 - 2012-04-30 13:31 - 0000000 ____D C:\Users\bob.ddl-PC\Desktop\JACK JOHNSON - DISCOGRAPHY [CHANNEL NEO]
2012-04-28 21:44 - 2012-04-28 21:44 - 9586176 ___RA C:\Windows\Installer\161a3062.msp
2012-04-28 21:44 - 2012-04-28 21:44 - 9101824 ___RA C:\Windows\Installer\161a307c.msp
2012-04-28 21:43 - 2012-04-28 21:43 - 8459264 ___RA C:\Windows\Installer\161a2ff9.msp
2012-04-22 15:21 - 2012-04-22 15:21 - 0016442 ____A C:\Users\ddl\Documents\Letter of Support for Bletsoe 29022012.docx
2012-04-19 23:32 - 2011-02-18 06:55 - 0000000 ____D C:\users\Del and Barb
2012-04-19 04:57 - 2012-05-22 16:36 - 0126912 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-04-17 23:17 - 2009-07-14 06:08 - 0032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-13 16:23 - 2012-04-13 16:23 - 0000000 ____D C:\Windows\Installer\{50816F92-1652-4A7C-B9BC-48F682742C4B}
2012-04-13 16:23 - 2012-04-13 16:23 - 0000000 ____D C:\Windows\en
2012-04-13 16:22 - 2012-04-13 16:22 - 0000000 ____D C:\Windows\Installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
2012-04-13 16:21 - 2012-04-13 16:21 - 0000000 ____D C:\Windows\Installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
2012-04-13 16:20 - 2012-04-13 16:20 - 0000000 ____D C:\Windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
2012-04-13 16:20 - 2011-06-17 20:20 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-13 16:19 - 2012-04-13 16:19 - 0000000 ____D C:\Windows\Installer\{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}
2012-04-13 16:19 - 2012-04-13 16:19 - 0000000 ____A C:\Windows\Installer\wix{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}.SchedServiceConfig.rmi
2012-04-13 16:19 - 2011-06-17 20:18 - 0000000 ____D C:\Program Files\Windows Live
2012-04-13 16:18 - 2011-06-17 20:15 - 0199124 ____A C:\Windows\DirectX.log
2012-04-13 16:17 - 2012-04-13 16:17 - 5124096 ___RA C:\Windows\Installer\727db.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 3105792 ___RA C:\Windows\Installer\72794.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 2146304 ___RA C:\Windows\Installer\72802.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 1829376 ___RA C:\Windows\Installer\727a3.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0635904 ___RA C:\Windows\Installer\727e7.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0625664 ___RA C:\Windows\Installer\727bc.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0509952 ___RA C:\Windows\Installer\727f1.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0468480 ___RA C:\Windows\Installer\727cb.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0276480 ___RA C:\Windows\Installer\72781.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0065536 ____A C:\Windows\Installer\72827.msi
2012-04-13 16:17 - 2012-04-13 16:17 - 0060416 ___RA C:\Windows\Installer\7280d.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0030720 ___RA C:\Windows\Installer\72822.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0029184 ___RA C:\Windows\Installer\727ae.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0024576 ___RA C:\Windows\Installer\7283c.msp
2012-04-13 16:17 - 2012-04-13 16:17 - 0023552 ___RA C:\Windows\Installer\72818.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 9553408 ____A C:\Windows\Installer\725ec.msi
2012-04-13 16:16 - 2012-04-13 16:16 - 6363136 ____A C:\Windows\Installer\72744.msi
2012-04-13 16:16 - 2012-04-13 16:16 - 5868544 ___RA C:\Windows\Installer\726b4.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 5535744 ___RA C:\Windows\Installer\72696.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 4426240 ___RA C:\Windows\Installer\72616.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 3734016 ___RA C:\Windows\Installer\7271a.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 3312128 ___RA C:\Windows\Installer\7267b.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 2957312 ___RA C:\Windows\Installer\726d3.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 2932224 ___RA C:\Windows\Installer\7262f.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 14624256 ___RA C:\Windows\Installer\72709.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 1139712 ___RA C:\Windows\Installer\7264a.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 0715264 ___RA C:\Windows\Installer\72657.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 0205824 ___RA C:\Windows\Installer\7272c.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 0136704 ___RA C:\Windows\Installer\72639.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 0039936 ___RA C:\Windows\Installer\725dc.msp
2012-04-13 16:16 - 2012-04-13 16:16 - 0026112 ____A C:\Windows\Installer\725cb.msi
2012-04-12 07:59 - 2011-10-13 19:45 - 0000000 ____D C:\Program Files (x86)\HTC
2012-04-11 22:03 - 2011-10-25 19:18 - 0000000 ____D C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
2012-04-06 10:47 - 2011-10-13 19:54 - 0000000 ____D C:\Users\ddl\Documents\My Photos
2012-04-05 03:00 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-04 22:38 - 2012-04-04 22:38 - 3620864 ___RA C:\Windows\Installer\161a302d.msp
2012-04-04 22:38 - 2012-04-04 22:38 - 2831360 ___RA C:\Windows\Installer\161a3096.msp
2012-04-04 18:47 - 2012-06-08 08:04 - 0772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 18:47 - 2012-06-08 08:04 - 0227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 18:33 - 2012-03-27 21:08 - 0045607 ____A C:\Users\charlie\Documents\Charlie E R Lock cv.docx
2012-04-04 14:32 - 2012-04-04 14:32 - 16613376 ___RA C:\Windows\Installer\9edd3af.msp
2012-04-04 09:57 - 2012-04-04 09:57 - 15234048 ____A C:\Windows\Installer\1e0e0e.msi
2012-04-04 09:57 - 2011-10-13 19:46 - 0000000 ____D C:\Windows\Installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}
2012-04-04 09:57 - 2010-10-02 12:47 - 0178984 ____A C:\Windows\DPINST.LOG
2012-04-04 09:56 - 2012-04-04 09:56 - 0032256 ____A C:\Windows\Installer\1e0dec.msi
2012-03-31 09:43 - 2012-03-31 09:43 - 0000000 ____D C:\Users\ddl\AppData\Roaming\dvdcss
2012-03-31 07:05 - 2012-05-12 07:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 05:39 - 2012-05-12 07:05 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 05:39 - 2012-05-12 07:05 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 04:10 - 2012-05-12 07:05 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 12:35 - 2012-05-12 07:06 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 00:28 - 2012-03-27 00:28 - 5009920 ___RA C:\Windows\Installer\b03dde7.msp
2012-03-26 19:21 - 2012-03-26 19:21 - 7622656 ____A C:\Windows\Installer\45623ea.msi
2012-03-23 14:59 - 2012-03-23 14:59 - 7899648 ___RA C:\Windows\Installer\b03ddcd.msp
2012-03-20 20:44 - 2010-10-24 22:25 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 20:44 - 2010-03-25 21:30 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 17:02 - 2012-03-20 17:02 - 0025600 ____A C:\Windows\Installer\10eb77b.msi
2012-03-17 08:58 - 2012-05-12 06:49 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 02:24 - 2012-03-15 02:24 - 1795584 ___RA C:\Windows\Installer\161a3013.msp
2012-03-14 14:47 - 2012-03-14 14:47 - 0000000 ____D C:\Windows\Installer\{931C37FC-594D-43A9-B10F-A2F2B1F03498}
2012-03-14 14:47 - 2012-03-14 14:02 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-14 14:46 - 2012-03-14 14:46 - 31356928 ____A C:\Windows\Installer\1612f00.msi
2012-03-14 14:45 - 2012-03-14 14:45 - 0000000 ____D C:\Windows\Installer\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}
2012-03-14 14:44 - 2012-03-14 14:44 - 287711232 ____A C:\Windows\Installer\1612ef9.msi
2012-03-14 14:02 - 2012-03-14 14:02 - 0000331 ____A C:\Windows\game.ini
2012-03-14 14:02 - 2012-03-14 14:02 - 0000000 ____D C:\Windows\Installer\{E48469CC-635E-4FD5-A122-1497C286D217}
2012-03-14 13:57 - 2012-03-14 13:57 - 0000000 ____D C:\Program Files (x86)\Activision
2012-03-14 11:54 - 2011-05-26 17:01 - 0001896 ____A C:\Windows\System32\.rsp
2012-03-14 11:54 - 2011-05-26 17:01 - 0001479 ____A C:\Windows\System32\.lck
2012-03-11 13:56 - 2011-09-03 10:47 - 0000593 ____A C:\Users\ddl\Desktop\All Sports Schedule, Free Sports Streams, Football, Soccer, Basketball, American Football, NFL, Cricket, Baseball, Boxing, Golf.website
2012-03-11 13:56 - 2011-09-03 09:02 - 0000452 ____A C:\Users\ddl\Desktop\Soccer Highlights Latest Football Highlights Soccer Videos.website

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 53%
Total physical RAM: 4094.18 MB
Available physical RAM: 1901.05 MB
Total Pagefile: 8186.54 MB
Available Pagefile: 5827.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:455.69 GB) (Free:168.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (The Big One) (Fixed) (Total:1863.01 GB) (Free:403.68 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.07 GB) NTFS
6 Drive h: (Media Storm) (Fixed) (Total:465.76 GB) (Free:81.51 GB) NTFS
7 Drive i: (Locky) (Fixed) (Total:465.76 GB) (Free:95.27 GB) NTFS
13 Drive o: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1863 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 465 GB 1024 KB
Disk 7 Online 465 GB 1024 KB
Disk 8 Online 958 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 70 MB 31 KB
Partition 2 Primary 10 GB 71 MB
Partition 3 Primary 455 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 455 GB Healthy System (partition with boot components)

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D The Big One NTFS Partition 1863 GB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 6
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 I Locky NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 7
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 H Media Storm NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 8:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 957 MB 32 KB

======================================================================================================

Disk: 8
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 O FAT Removable 957 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 00:16

======================= End Of Log ==========================

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:51 AM

Posted 08 June 2012 - 01:48 PM

Hi,

It appears you don't have the rec0very environment pre-installed on the machine, you would need the installation disk to access it,

but let's try a different tool first

Please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



next

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 oash

oash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 10 June 2012 - 12:57 PM

combofix.txt file attached
thanks.

Attached Files



#14 oash

oash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 10 June 2012 - 01:20 PM

I have turned off my MSE real time protection for this next stage too:
ESET online scanner starts as per your instructions
Step 2 out of 4:
"Can not get update. Is proxy configured?" error message
in large red text - and goes no further

it offers to click back
I click back:
also My disabled Microsoft security defender software was detected. It says this might affect the performance and the quality of the scan.

i have quit the ESET and turned back on my MSE real time protection.

thanks

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:51 AM

Posted 10 June 2012 - 02:00 PM

Hi,

delete the browser history and cookies, reboot and give it another try with ESET


NEXT


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DirLook::
c:\users\bob.ddl-PC\AppData\Roaming\Tfhi
c:\programdata\F4D55F1700002E2900012294B4EB2331

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users