Jump to content

JackSlate

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Everything posted by JackSlate

  1. JackSlate
    Maniac, Thank you for your reply. After reading your post and sleeping on it, I decided to do a factory restore on the computer. After two days of installing windows updates and getting all of my files and programs back on the computer, Malwarebytes found no infections. I believe that I am now OK. Thanks again.
  2. JackSlate
    Hello All, I am looking for some help. Just got back from vacation, did not update virus definitions and jumped on the internet. Got a bogus virus warning pop up, started the task manager and killed everything without clicking the screen. Later I noticed that Microsoft Security Essentials was not running and I was not able to turn it back on. Ran Malwarebytes and found that I had trojan.small, trojan.sirefef and rootkit.0access. I followed the prompts to remove them and restart the computer. Ran Malwarebytes again and found the same three problems. I spent most the day researching the culprits and landed here. I ran TDSSKiller and was only notified of none unsigned files which were considered suspicious but action was not recommended. Farbar Recovery Scan Tool and mbam logs pasted below. Thanks in advance for any and all help. Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 17-06-2012 02 Ran by SYSTEM at 17-06-2012 18:51:23 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated) HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [hpqSRMon] [x] HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard) HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [] [x] HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-06-24] (NVIDIA Corporation) HKLM\...\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" [660136 2010-02-04] () HKLM\...\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" [16040 2010-02-04] () HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.) HKLM\...\Run: [TurboKey] C:\Program Files\Race The World \turbokey.exe [81920 2009-12-18] () HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [FPPhotoMiddleWare] C:\Program Files\Fisher-Price\Kid-Tough Digital Studio Software\Util\Kid-Tough Digital Studio Software Middleware.exe [62872 2011-05-24] (Fisher-Price) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Jack\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.) HKU\Jack\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.) HKU\Jack\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.) HKU\Jack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\Jennifer\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company) HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Jennifer\AppData\Local\Temp\E_S5AF.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION) HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S8159.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION) HKU\Jennifer\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-06-01] (Adobe Systems Incorporated) HKU\Jennifer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Jack\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.) HKU\Jack\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.) HKU\Jack\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.) HKU\Jack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\Jennifer\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company) HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Jennifer\AppData\Local\Temp\E_S5AF.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION) HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S8159.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION) HKU\Jennifer\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-06-01] (Adobe Systems Incorporated) HKU\Jennifer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Documents and Settings\Jack\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Jack\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) ================================ Services (Whitelisted) ================== 2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) 2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) 2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.exe [193816 2012-02-20] (Microsoft Corporation.) 3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe [240408 2012-02-20] (Microsoft Corporation.) 3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) 3 DFSR; C:\Windows\System32\DFSR.exe [2092544 2009-04-10] (Microsoft Corporation) 2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation) 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 3 hkmsvc; C:\Windows\System32\kmsvc.dll [68096 2008-01-20] (Microsoft Corporation) 2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) 2 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [4916568 2010-11-19] (LeapFrog Enterprises, Inc.) 2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [94208 2009-04-28] (Lexmark International, Inc.) 2 lxdn_device; C:\Windows\system32\lxdncoms.exe -service [594600 2007-12-05] ( ) 2 McciCMService; "C:\Program Files\Common Files\Motive\McciCMService.exe" [303104 2009-08-12] (Motive Communications, Inc.) 2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] () 2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] () 2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] () 2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x] ========================== Drivers (Whitelisted) ============= 3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) 3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2009-07-30] (LeapFrog) 3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) 3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.) 3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.) 3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2007-11-01] (Conexant Systems, Inc.) 4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH) 2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-18] (Conexant) 3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [12032 2007-02-16] (NVIDIA Corporation) 3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2008-01-20] (Microsoft Corporation) 3 SaiK0D14; C:\Windows\System32\DRIVERS\SaiK0D14.sys [130568 2009-09-07] (Saitek) 3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-07] (Saitek) 3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-07] (Saitek) 3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.) 3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect) 3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.) 3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.) 3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.) 3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.) 1 eabfiltr; [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-17 12:31 - 2012-06-17 12:31 - 00000000 ____D C:\FRST 2012-06-17 12:28 - 2012-06-17 12:31 - 00874644 ____A C:\Users\Jack\Downloads\FRST.exe 2012-06-17 12:28 - 2012-06-17 12:31 - 00874644 ____A C:\Documents and Settings\Jack\Downloads\FRST.exe 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-17 12:11 - 2012-06-17 12:33 - 00007957 ____A C:\Windows\WindowsUpdate.log 2012-06-17 12:08 - 2012-06-17 12:08 - 3152863232 __ASH C:\hiberfil.sys 2012-06-17 12:08 - 2012-06-17 12:08 - 00318344 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-17 12:08 - 2012-06-17 12:08 - 00000948 ____A C:\Windows\PFRO.log 2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Users\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt 2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Documents and Settings\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt 2012-06-17 10:50 - 2012-06-17 12:06 - 00002322 ____A C:\Windows\ntbtlog.txt 2012-06-17 10:44 - 2012-06-17 10:45 - 00125318 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_14.44.04_log.txt 2012-06-17 09:09 - 2012-06-17 09:11 - 00127064 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_13.09.44_log.txt 2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Users\All Users\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\DriverCure 2012-06-17 06:32 - 2012-06-17 06:32 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys 2012-06-16 19:47 - 2012-06-16 19:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-06-16 19:47 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-16 11:40 - 2012-06-16 11:40 - 00000000 ____D C:\Program Files\Auslogics 2012-06-16 11:32 - 2012-06-16 11:32 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-16 04:12 - 2012-06-16 04:12 - 00000000 ____D C:\Program Files\Dropbox 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2012-06-16 03:57 - 2012-06-16 03:57 - 00000000 ____D C:\Program Files\iPod 2012-06-15 23:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-15 23:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-15 23:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-15 23:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-15 23:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-15 23:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-15 23:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-15 23:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-15 23:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-15 23:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-15 23:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-15 23:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-15 23:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-15 23:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos.htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (2).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (1).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos.htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (2).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (1).htm 2012-06-15 17:41 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-15 17:41 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-06-15 17:41 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-06-15 17:41 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-06-15 17:40 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-15 11:15 - 2012-06-17 09:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe 2012-06-15 11:15 - 2012-06-17 09:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Jack\Desktop\TDSSKiller.exe 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\My Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\My Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\Documents\Lead Letter.docx 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\Application Data\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\Application Data\SPL146.tmp 2012-05-19 04:18 - 2012-05-19 04:19 - 00000000 ____D C:\Program Files\QuickTime 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\Public\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk ============ 3 Months Modified Files and Folders =============== 2012-06-17 12:33 - 2012-06-17 12:11 - 00007957 ____A C:\Windows\WindowsUpdate.log 2012-06-17 12:31 - 2012-06-17 12:31 - 00000000 ____D C:\FRST 2012-06-17 12:31 - 2012-06-17 12:28 - 00874644 ____A C:\Users\Jack\Downloads\FRST.exe 2012-06-17 12:31 - 2012-06-17 12:28 - 00874644 ____A C:\Documents and Settings\Jack\Downloads\FRST.exe 2012-06-17 12:30 - 2006-11-02 02:33 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-17 12:25 - 2012-01-14 17:52 - 00000000 ___RD C:\Users\Jack\Dropbox 2012-06-17 12:25 - 2012-01-14 17:52 - 00000000 ___RD C:\Documents and Settings\Jack\Dropbox 2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Users\Jack\Application Data\Dropbox 2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Dropbox 2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\Dropbox 2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\Dropbox 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-17 12:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows 2012-06-17 12:10 - 2010-02-05 04:27 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-17 12:08 - 2012-06-17 12:08 - 3152863232 __ASH C:\hiberfil.sys 2012-06-17 12:08 - 2012-06-17 12:08 - 00318344 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-17 12:08 - 2012-06-17 12:08 - 00000948 ____A C:\Windows\PFRO.log 2012-06-17 12:08 - 2008-04-27 11:38 - 3466776576 __ASH C:\pagefile.sys 2012-06-17 12:08 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-17 12:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-17 12:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Users\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt 2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Documents and Settings\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt 2012-06-17 12:06 - 2012-06-17 10:50 - 00002322 ____A C:\Windows\ntbtlog.txt 2012-06-17 10:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles 2012-06-17 10:45 - 2012-06-17 10:44 - 00125318 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_14.44.04_log.txt 2012-06-17 09:11 - 2012-06-17 09:09 - 00127064 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_13.09.44_log.txt 2012-06-17 09:08 - 2012-06-15 11:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe 2012-06-17 09:08 - 2012-06-15 11:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Jack\Desktop\TDSSKiller.exe 2012-06-17 09:08 - 2010-12-31 21:14 - 00002254 ____A C:\Users\Jack\Desktop\eula.txt 2012-06-17 09:08 - 2010-12-31 21:14 - 00002254 ____A C:\Documents and Settings\Jack\Desktop\eula.txt 2012-06-17 08:47 - 2010-02-05 04:27 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-17 08:37 - 2012-04-03 18:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-17 07:34 - 2008-06-23 00:31 - 00000000 __SHD C:\System Volume Information 2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Users\All Users\SpeedyPC Software 2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software 2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\All Users\SpeedyPC Software 2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software 2012-06-17 07:31 - 2006-11-02 03:18 - 00000000 ___RD C:\Program Files 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\DriverCure 2012-06-17 07:25 - 2006-11-02 03:18 - 00000000 ___HD C:\ProgramData 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\nvModes.dat 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\nvModes.001 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\Application Data\nvModes.dat 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\Application Data\nvModes.001 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\nvModes.dat 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\nvModes.001 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\Application Data\nvModes.dat 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\Application Data\nvModes.001 2012-06-17 06:32 - 2012-06-17 06:32 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys 2012-06-17 05:51 - 2008-04-27 11:43 - 00000012 ____A C:\Windows\bthservsdp.dat 2012-06-17 05:51 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\Local Settings\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\Local Settings\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-16 19:47 - 2012-06-16 19:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-06-16 19:47 - 2011-02-20 13:06 - 00000000 ____D C:\Users\Jack\Desktop\digitalmaintenance 2012-06-16 19:47 - 2011-02-20 13:06 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\digitalmaintenance 2012-06-16 19:46 - 2011-02-12 14:51 - 00001945 ____A C:\Windows\epplauncher.mif 2012-06-16 19:37 - 2009-06-04 06:17 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-06-16 19:25 - 2008-06-22 16:51 - 00000000 ____D C:\users\Jack 2012-06-16 18:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent 2012-06-16 18:05 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\LiveKernelReports 2012-06-16 11:40 - 2012-06-16 11:40 - 00000000 ____D C:\Program Files\Auslogics 2012-06-16 11:34 - 2012-04-03 18:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-06-16 11:34 - 2011-05-18 04:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-06-16 11:32 - 2012-06-16 11:32 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-16 05:24 - 2011-10-18 17:36 - 00000000 ____D C:\Users\Jack\Desktop\freemusic 2012-06-16 05:24 - 2011-10-18 17:36 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\freemusic 2012-06-16 04:12 - 2012-06-16 04:12 - 00000000 ____D C:\Program Files\Dropbox 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2012-06-16 03:58 - 2010-09-10 13:38 - 00000000 ____D C:\Program Files\iTunes 2012-06-16 03:57 - 2012-06-16 03:57 - 00000000 ____D C:\Program Files\iPod 2012-06-16 03:57 - 2008-12-25 07:02 - 00000000 ____D C:\Program Files\Common Files\Apple 2012-06-16 03:48 - 2012-01-14 17:52 - 00000916 ____A C:\Users\Jack\Desktop\Dropbox.lnk 2012-06-16 03:48 - 2012-01-14 17:52 - 00000916 ____A C:\Documents and Settings\Jack\Desktop\Dropbox.lnk 2012-06-15 23:47 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache 2012-06-15 23:39 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2012-06-15 23:05 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Users\All Users\Lx_cats 2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Users\All Users\Application Data\Lx_cats 2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats 2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lx_cats 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos.htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (2).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (1).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos.htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (2).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (1).htm 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-05 10:06 - 2009-01-06 11:10 - 00000052 ____A C:\Windows\System32\DOErrors.log 2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Users\Jennifer\My Documents\Book Party Letter.docx 2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Users\Jennifer\Documents\Book Party Letter.docx 2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Documents and Settings\Jennifer\My Documents\Book Party Letter.docx 2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Documents and Settings\Jennifer\Documents\Book Party Letter.docx 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 13:24 - 2006-11-02 03:18 - 00000000 ___SD C:\Windows\Downloaded Program Files 2012-05-24 11:15 - 2010-01-07 15:07 - 00000000 ____D C:\Program Files\CCleaner 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\My Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\My Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\Documents\Lead Letter.docx 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\Application Data\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\Application Data\SPL146.tmp 2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk 2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Users\All Users\Desktop\Safari.lnk 2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Documents and Settings\Public\Desktop\Safari.lnk 2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk 2012-05-19 04:20 - 2009-03-20 15:00 - 00000000 ____D C:\Program Files\Safari 2012-05-19 04:19 - 2012-05-19 04:18 - 00000000 ____D C:\Program Files\QuickTime 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\Public\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2012-05-17 15:11 - 2012-06-15 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-17 14:48 - 2012-06-15 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-17 14:45 - 2012-06-15 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-17 14:36 - 2012-06-15 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-17 14:35 - 2012-06-15 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-17 14:35 - 2012-06-15 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-17 14:33 - 2012-06-15 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-17 14:31 - 2012-06-15 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-17 14:29 - 2012-06-15 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-17 14:29 - 2012-06-15 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-17 14:27 - 2012-06-15 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-17 14:25 - 2012-06-15 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-17 14:24 - 2012-06-15 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-17 14:20 - 2012-06-15 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-15 11:51 - 2012-06-15 17:40 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Users\Jennifer\Application Data\wklnhst.dat 2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Users\Jennifer\AppData\Roaming\wklnhst.dat 2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Documents and Settings\Jennifer\Application Data\wklnhst.dat 2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Documents and Settings\Jennifer\AppData\Roaming\wklnhst.dat 2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Users\Jennifer\My Documents\New Folder 2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Users\Jennifer\Documents\New Folder 2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Documents and Settings\Jennifer\My Documents\New Folder 2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Documents and Settings\Jennifer\Documents\New Folder 2012-05-08 23:34 - 2009-12-23 22:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-08 23:33 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal 2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help 2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Microsoft Help 2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2012-05-08 23:00 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer 2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Users\Jennifer\My Documents\Hostess Letter.docx 2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Users\Jennifer\Documents\Hostess Letter.docx 2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Documents and Settings\Jennifer\My Documents\Hostess Letter.docx 2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Documents and Settings\Jennifer\Documents\Hostess Letter.docx 2012-05-04 18:57 - 2012-05-04 18:57 - 04126880 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2012-05-01 06:03 - 2012-06-15 17:41 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-28 06:41 - 2012-04-28 06:41 - 00011513 ____A C:\Users\Jack\Desktop\.40spreadsheet.xlsx 2012-04-28 06:41 - 2012-04-28 06:41 - 00011513 ____A C:\Documents and Settings\Jack\Desktop\.40spreadsheet.xlsx 2012-04-23 08:00 - 2012-06-15 17:41 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 08:00 - 2012-06-15 17:41 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 08:00 - 2012-06-15 17:41 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Users\Jennifer\My Documents\New Recruit Letter.docx 2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Users\Jennifer\Documents\New Recruit Letter.docx 2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Documents and Settings\Jennifer\My Documents\New Recruit Letter.docx 2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Documents and Settings\Jennifer\Documents\New Recruit Letter.docx 2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Users\Jennifer\My Documents\Jackson PFAPA Chart.xlr 2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Users\Jennifer\Documents\Jackson PFAPA Chart.xlr 2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Documents and Settings\Jennifer\My Documents\Jackson PFAPA Chart.xlr 2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Documents and Settings\Jennifer\Documents\Jackson PFAPA Chart.xlr 2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx 2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts 2012-04-18 16:05 - 2012-04-18 16:05 - 00168825 ____A C:\Users\Jack\Downloads\photo.JPG 2012-04-18 16:05 - 2012-04-18 16:05 - 00168825 ____A C:\Documents and Settings\Jack\Downloads\photo.JPG 2012-04-18 03:54 - 2012-04-18 03:54 - 00792391 ____A C:\Users\Jack\Desktop\countydetectivescontract11to13.pdf 2012-04-18 03:54 - 2012-04-18 03:54 - 00792391 ____A C:\Documents and Settings\Jack\Desktop\countydetectivescontract11to13.pdf 2012-04-18 03:52 - 2012-03-21 08:52 - 00011880 ____A C:\Users\Jack\Desktop\BCDAO.docx 2012-04-18 03:52 - 2012-03-21 08:52 - 00011880 ____A C:\Documents and Settings\Jack\Desktop\BCDAO.docx 2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Users\Jennifer\My Documents\Thirty One Fashion Show.docx 2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Users\Jennifer\Documents\Thirty One Fashion Show.docx 2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Documents and Settings\Jennifer\My Documents\Thirty One Fashion Show.docx 2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Documents and Settings\Jennifer\Documents\Thirty One Fashion Show.docx 2012-04-07 18:51 - 2012-04-03 21:04 - 00015299 ____A C:\Users\Jack\Desktop\Jack Slattery.docx 2012-04-07 18:51 - 2012-04-03 21:04 - 00015299 ____A C:\Documents and Settings\Jack\Desktop\Jack Slattery.docx 2012-04-04 11:56 - 2012-06-16 19:47 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 00:16 - 2012-05-08 22:24 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-04-03 00:16 - 2012-05-08 22:24 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Users\Jack\Application Data\PrimoPDF 2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Users\Jack\AppData\Roaming\PrimoPDF 2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\PrimoPDF 2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\PrimoPDF 2012-03-31 12:44 - 2011-12-08 11:38 - 00000000 ____D C:\Users\Jack\Desktop\ebay pictures 2012-03-31 12:44 - 2011-12-08 11:38 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\ebay pictures 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 04:39 - 2012-05-08 22:25 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 05:39 - 2012-05-08 22:25 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Users\All Users\ThumbnailCache4R 2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Users\All Users\Application Data\ThumbnailCache4R 2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Documents and Settings\All Users\ThumbnailCache4R 2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R 2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Users\Jennifer\My Documents\Come Celebrate Cinc.docx 2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Users\Jennifer\Documents\Come Celebrate Cinc.docx 2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Documents and Settings\Jennifer\My Documents\Come Celebrate Cinc.docx 2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Documents and Settings\Jennifer\Documents\Come Celebrate Cinc.docx 2012-03-20 15:28 - 2012-05-08 22:25 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys ZeroAccess: C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ ZeroAccess: C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ZeroAccess: C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ZeroAccess: C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ZeroAccess: C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-06-04 06:17] - [2012-06-16 19:37] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 17% Total physical RAM: 3006.31 MB Available physical RAM: 2472.23 MB Total Pagefile: 2727.86 MB Available Pagefile: 2551.38 MB Total Virtual: 2047.88 MB Available Virtual: 1989.43 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:137.28 GB) (Free:4.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:1.99 GB) NTFS 4 Drive f: () (Removable) (Total:30.21 GB) (Free:30.17 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 1528 KB Disk 1 Online 30 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 137 GB 32 KB Partition 2 Primary 12 GB 137 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 137 GB Healthy ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D HP_RECOVERY NTFS Partition 12 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 30 GB 32 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 30 GB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-17 12:23 ======================= End Of Log ========================== Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.17.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Jack :: SLATTERYLAPTOP [administrator] 6/17/2012 7:43:11 PM mbam-log-2012-06-17 (19-43-11).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 470819 Time elapsed: 2 hour(s), 5 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.