JackSlate
-
Posts
2 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JackSlate
-
-
Hello All,
I am looking for some help. Just got back from vacation, did not update virus definitions and jumped on the internet. Got a bogus virus warning pop up, started the task manager and killed everything without clicking the screen. Later I noticed that Microsoft Security Essentials was not running and I was not able to turn it back on. Ran Malwarebytes and found that I had trojan.small, trojan.sirefef and rootkit.0access. I followed the prompts to remove them and restart the computer. Ran Malwarebytes again and found the same three problems. I spent most the day researching the culprits and landed here. I ran TDSSKiller and was only notified of none unsigned files which were considered suspicious but action was not recommended. Farbar Recovery Scan Tool and mbam logs pasted below. Thanks in advance for any and all help.
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 17-06-2012 02
Ran by SYSTEM at 17-06-2012 18:51:23
Running from F:\
Windows Vista Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpqSRMon] [x]
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" [660136 2010-02-04] ()
HKLM\...\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" [16040 2010-02-04] ()
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [TurboKey] C:\Program Files\Race The World \turbokey.exe [81920 2009-12-18] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [FPPhotoMiddleWare] C:\Program Files\Fisher-Price\Kid-Tough Digital Studio Software\Util\Kid-Tough Digital Studio Software Middleware.exe [62872 2011-05-24] (Fisher-Price)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Jack\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.)
HKU\Jack\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Jack\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Jack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Jennifer\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company)
HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Jennifer\AppData\Local\Temp\E_S5AF.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S8159.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\Jennifer\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-06-01] (Adobe Systems Incorporated)
HKU\Jennifer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Jack\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.)
HKU\Jack\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Jack\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Jack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Jennifer\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company)
HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Jennifer\AppData\Local\Temp\E_S5AF.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S8159.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\Jennifer\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-06-01] (Adobe Systems Incorporated)
HKU\Jennifer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Documents and Settings\Jack\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Jack\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
================================ Services (Whitelisted) ==================
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.exe [193816 2012-02-20] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe [240408 2012-02-20] (Microsoft Corporation.)
3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
3 DFSR; C:\Windows\System32\DFSR.exe [2092544 2009-04-10] (Microsoft Corporation)
2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [68096 2008-01-20] (Microsoft Corporation)
2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.)
2 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [4916568 2010-11-19] (LeapFrog Enterprises, Inc.)
2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [94208 2009-04-28] (Lexmark International, Inc.)
2 lxdn_device; C:\Windows\system32\lxdncoms.exe -service [594600 2007-12-05] ( )
2 McciCMService; "C:\Program Files\Common Files\Motive\McciCMService.exe" [303104 2009-08-12] (Motive Communications, Inc.)
2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] ()
2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
========================== Drivers (Whitelisted) =============
3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2009-07-30] (LeapFrog)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)
3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2007-11-01] (Conexant Systems, Inc.)
4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-18] (Conexant)
3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [12032 2007-02-16] (NVIDIA Corporation)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2008-01-20] (Microsoft Corporation)
3 SaiK0D14; C:\Windows\System32\DRIVERS\SaiK0D14.sys [130568 2009-09-07] (Saitek)
3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-07] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-07] (Saitek)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.)
1 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-06-17 12:31 - 2012-06-17 12:31 - 00000000 ____D C:\FRST
2012-06-17 12:28 - 2012-06-17 12:31 - 00874644 ____A C:\Users\Jack\Downloads\FRST.exe
2012-06-17 12:28 - 2012-06-17 12:31 - 00874644 ____A C:\Documents and Settings\Jack\Downloads\FRST.exe
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-17 12:11 - 2012-06-17 12:33 - 00007957 ____A C:\Windows\WindowsUpdate.log
2012-06-17 12:08 - 2012-06-17 12:08 - 3152863232 __ASH C:\hiberfil.sys
2012-06-17 12:08 - 2012-06-17 12:08 - 00318344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-17 12:08 - 2012-06-17 12:08 - 00000948 ____A C:\Windows\PFRO.log
2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Users\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt
2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Documents and Settings\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt
2012-06-17 10:50 - 2012-06-17 12:06 - 00002322 ____A C:\Windows\ntbtlog.txt
2012-06-17 10:44 - 2012-06-17 10:45 - 00125318 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_14.44.04_log.txt
2012-06-17 09:09 - 2012-06-17 09:11 - 00127064 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_13.09.44_log.txt
2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\DriverCure
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\DriverCure
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\DriverCure
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\DriverCure
2012-06-17 06:32 - 2012-06-17 06:32 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2012-06-16 19:47 - 2012-06-16 19:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-16 19:47 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-16 11:40 - 2012-06-16 11:40 - 00000000 ____D C:\Program Files\Auslogics
2012-06-16 11:32 - 2012-06-16 11:32 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-16 04:12 - 2012-06-16 04:12 - 00000000 ____D C:\Program Files\Dropbox
2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk
2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2012-06-16 03:57 - 2012-06-16 03:57 - 00000000 ____D C:\Program Files\iPod
2012-06-15 23:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-15 23:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-15 23:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-15 23:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-15 23:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-15 23:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-15 23:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-15 23:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-15 23:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-15 23:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-15 23:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-15 23:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-15 23:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-15 23:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos.htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (2).htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (1).htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos.htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (2).htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (1).htm
2012-06-15 17:41 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-15 17:41 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-15 17:41 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-15 17:41 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-15 17:40 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-15 11:15 - 2012-06-17 09:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe
2012-06-15 11:15 - 2012-06-17 09:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Jack\Desktop\TDSSKiller.exe
2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\My Documents\Lead Letter.docx
2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\Documents\Lead Letter.docx
2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\My Documents\Lead Letter.docx
2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\Documents\Lead Letter.docx
2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\SPL146.tmp
2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\Application Data\SPL146.tmp
2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\SPL146.tmp
2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\Application Data\SPL146.tmp
2012-05-19 04:18 - 2012-05-19 04:19 - 00000000 ____D C:\Program Files\QuickTime
2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\Public\Desktop\QuickTime Player.lnk
2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
============ 3 Months Modified Files and Folders ===============
2012-06-17 12:33 - 2012-06-17 12:11 - 00007957 ____A C:\Windows\WindowsUpdate.log
2012-06-17 12:31 - 2012-06-17 12:31 - 00000000 ____D C:\FRST
2012-06-17 12:31 - 2012-06-17 12:28 - 00874644 ____A C:\Users\Jack\Downloads\FRST.exe
2012-06-17 12:31 - 2012-06-17 12:28 - 00874644 ____A C:\Documents and Settings\Jack\Downloads\FRST.exe
2012-06-17 12:30 - 2006-11-02 02:33 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-17 12:25 - 2012-01-14 17:52 - 00000000 ___RD C:\Users\Jack\Dropbox
2012-06-17 12:25 - 2012-01-14 17:52 - 00000000 ___RD C:\Documents and Settings\Jack\Dropbox
2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Users\Jack\Application Data\Dropbox
2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Dropbox
2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\Dropbox
2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\Dropbox
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-17 12:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows
2012-06-17 12:10 - 2010-02-05 04:27 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-17 12:08 - 2012-06-17 12:08 - 3152863232 __ASH C:\hiberfil.sys
2012-06-17 12:08 - 2012-06-17 12:08 - 00318344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-17 12:08 - 2012-06-17 12:08 - 00000948 ____A C:\Windows\PFRO.log
2012-06-17 12:08 - 2008-04-27 11:38 - 3466776576 __ASH C:\pagefile.sys
2012-06-17 12:08 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-17 12:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-17 12:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Users\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt
2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Documents and Settings\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt
2012-06-17 12:06 - 2012-06-17 10:50 - 00002322 ____A C:\Windows\ntbtlog.txt
2012-06-17 10:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2012-06-17 10:45 - 2012-06-17 10:44 - 00125318 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_14.44.04_log.txt
2012-06-17 09:11 - 2012-06-17 09:09 - 00127064 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_13.09.44_log.txt
2012-06-17 09:08 - 2012-06-15 11:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe
2012-06-17 09:08 - 2012-06-15 11:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Jack\Desktop\TDSSKiller.exe
2012-06-17 09:08 - 2010-12-31 21:14 - 00002254 ____A C:\Users\Jack\Desktop\eula.txt
2012-06-17 09:08 - 2010-12-31 21:14 - 00002254 ____A C:\Documents and Settings\Jack\Desktop\eula.txt
2012-06-17 08:47 - 2010-02-05 04:27 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-17 08:37 - 2012-04-03 18:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-17 07:34 - 2008-06-23 00:31 - 00000000 __SHD C:\System Volume Information
2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software
2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\All Users\SpeedyPC Software
2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
2012-06-17 07:31 - 2006-11-02 03:18 - 00000000 ___RD C:\Program Files
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\DriverCure
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\DriverCure
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\DriverCure
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\SpeedyPC Software
2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\DriverCure
2012-06-17 07:25 - 2006-11-02 03:18 - 00000000 ___HD C:\ProgramData
2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\nvModes.dat
2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\nvModes.001
2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\Application Data\nvModes.dat
2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\Application Data\nvModes.001
2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\nvModes.dat
2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\nvModes.001
2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\Application Data\nvModes.dat
2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\Application Data\nvModes.001
2012-06-17 06:32 - 2012-06-17 06:32 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2012-06-17 05:51 - 2008-04-27 11:43 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-06-17 05:51 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\Local Settings\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\Local Settings\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
2012-06-16 19:47 - 2012-06-16 19:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-16 19:47 - 2011-02-20 13:06 - 00000000 ____D C:\Users\Jack\Desktop\digitalmaintenance
2012-06-16 19:47 - 2011-02-20 13:06 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\digitalmaintenance
2012-06-16 19:46 - 2011-02-12 14:51 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-16 19:37 - 2009-06-04 06:17 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-16 19:25 - 2008-06-22 16:51 - 00000000 ____D C:\users\Jack
2012-06-16 18:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent
2012-06-16 18:05 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\LiveKernelReports
2012-06-16 11:40 - 2012-06-16 11:40 - 00000000 ____D C:\Program Files\Auslogics
2012-06-16 11:34 - 2012-04-03 18:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-16 11:34 - 2011-05-18 04:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-16 11:32 - 2012-06-16 11:32 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-16 05:24 - 2011-10-18 17:36 - 00000000 ____D C:\Users\Jack\Desktop\freemusic
2012-06-16 05:24 - 2011-10-18 17:36 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\freemusic
2012-06-16 04:12 - 2012-06-16 04:12 - 00000000 ____D C:\Program Files\Dropbox
2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk
2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2012-06-16 03:58 - 2010-09-10 13:38 - 00000000 ____D C:\Program Files\iTunes
2012-06-16 03:57 - 2012-06-16 03:57 - 00000000 ____D C:\Program Files\iPod
2012-06-16 03:57 - 2008-12-25 07:02 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-16 03:48 - 2012-01-14 17:52 - 00000916 ____A C:\Users\Jack\Desktop\Dropbox.lnk
2012-06-16 03:48 - 2012-01-14 17:52 - 00000916 ____A C:\Documents and Settings\Jack\Desktop\Dropbox.lnk
2012-06-15 23:47 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2012-06-15 23:39 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-15 23:05 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Users\All Users\Lx_cats
2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Users\All Users\Application Data\Lx_cats
2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats
2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lx_cats
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos.htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (2).htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (1).htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos.htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (2).htm
2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (1).htm
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-05 10:06 - 2009-01-06 11:10 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Users\Jennifer\My Documents\Book Party Letter.docx
2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Users\Jennifer\Documents\Book Party Letter.docx
2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Documents and Settings\Jennifer\My Documents\Book Party Letter.docx
2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Documents and Settings\Jennifer\Documents\Book Party Letter.docx
2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 13:24 - 2006-11-02 03:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2012-05-24 11:15 - 2010-01-07 15:07 - 00000000 ____D C:\Program Files\CCleaner
2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\My Documents\Lead Letter.docx
2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\Documents\Lead Letter.docx
2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\My Documents\Lead Letter.docx
2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\Documents\Lead Letter.docx
2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\SPL146.tmp
2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\Application Data\SPL146.tmp
2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\SPL146.tmp
2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\Application Data\SPL146.tmp
2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Users\All Users\Desktop\Safari.lnk
2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Documents and Settings\Public\Desktop\Safari.lnk
2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk
2012-05-19 04:20 - 2009-03-20 15:00 - 00000000 ____D C:\Program Files\Safari
2012-05-19 04:19 - 2012-05-19 04:18 - 00000000 ____D C:\Program Files\QuickTime
2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\Public\Desktop\QuickTime Player.lnk
2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2012-05-17 15:11 - 2012-06-15 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-15 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-15 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-15 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-15 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-15 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-15 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-15 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-15 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-15 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-15 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-15 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-15 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-15 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 11:51 - 2012-06-15 17:40 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Users\Jennifer\Application Data\wklnhst.dat
2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Documents and Settings\Jennifer\Application Data\wklnhst.dat
2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Documents and Settings\Jennifer\AppData\Roaming\wklnhst.dat
2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Users\Jennifer\My Documents\New Folder
2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Users\Jennifer\Documents\New Folder
2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Documents and Settings\Jennifer\My Documents\New Folder
2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Documents and Settings\Jennifer\Documents\New Folder
2012-05-08 23:34 - 2009-12-23 22:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-08 23:33 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Microsoft Help
2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-05-08 23:00 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Users\Jennifer\My Documents\Hostess Letter.docx
2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Users\Jennifer\Documents\Hostess Letter.docx
2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Documents and Settings\Jennifer\My Documents\Hostess Letter.docx
2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Documents and Settings\Jennifer\Documents\Hostess Letter.docx
2012-05-04 18:57 - 2012-05-04 18:57 - 04126880 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-05-01 06:03 - 2012-06-15 17:41 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-28 06:41 - 2012-04-28 06:41 - 00011513 ____A C:\Users\Jack\Desktop\.40spreadsheet.xlsx
2012-04-28 06:41 - 2012-04-28 06:41 - 00011513 ____A C:\Documents and Settings\Jack\Desktop\.40spreadsheet.xlsx
2012-04-23 08:00 - 2012-06-15 17:41 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:00 - 2012-06-15 17:41 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:00 - 2012-06-15 17:41 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Users\Jennifer\My Documents\New Recruit Letter.docx
2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Users\Jennifer\Documents\New Recruit Letter.docx
2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Documents and Settings\Jennifer\My Documents\New Recruit Letter.docx
2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Documents and Settings\Jennifer\Documents\New Recruit Letter.docx
2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Users\Jennifer\My Documents\Jackson PFAPA Chart.xlr
2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Users\Jennifer\Documents\Jackson PFAPA Chart.xlr
2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Documents and Settings\Jennifer\My Documents\Jackson PFAPA Chart.xlr
2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Documents and Settings\Jennifer\Documents\Jackson PFAPA Chart.xlr
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-18 16:05 - 2012-04-18 16:05 - 00168825 ____A C:\Users\Jack\Downloads\photo.JPG
2012-04-18 16:05 - 2012-04-18 16:05 - 00168825 ____A C:\Documents and Settings\Jack\Downloads\photo.JPG
2012-04-18 03:54 - 2012-04-18 03:54 - 00792391 ____A C:\Users\Jack\Desktop\countydetectivescontract11to13.pdf
2012-04-18 03:54 - 2012-04-18 03:54 - 00792391 ____A C:\Documents and Settings\Jack\Desktop\countydetectivescontract11to13.pdf
2012-04-18 03:52 - 2012-03-21 08:52 - 00011880 ____A C:\Users\Jack\Desktop\BCDAO.docx
2012-04-18 03:52 - 2012-03-21 08:52 - 00011880 ____A C:\Documents and Settings\Jack\Desktop\BCDAO.docx
2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Users\Jennifer\My Documents\Thirty One Fashion Show.docx
2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Users\Jennifer\Documents\Thirty One Fashion Show.docx
2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Documents and Settings\Jennifer\My Documents\Thirty One Fashion Show.docx
2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Documents and Settings\Jennifer\Documents\Thirty One Fashion Show.docx
2012-04-07 18:51 - 2012-04-03 21:04 - 00015299 ____A C:\Users\Jack\Desktop\Jack Slattery.docx
2012-04-07 18:51 - 2012-04-03 21:04 - 00015299 ____A C:\Documents and Settings\Jack\Desktop\Jack Slattery.docx
2012-04-04 11:56 - 2012-06-16 19:47 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:16 - 2012-05-08 22:24 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-03 00:16 - 2012-05-08 22:24 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Users\Jack\Application Data\PrimoPDF
2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Users\Jack\AppData\Roaming\PrimoPDF
2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\PrimoPDF
2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\PrimoPDF
2012-03-31 12:44 - 2011-12-08 11:38 - 00000000 ____D C:\Users\Jack\Desktop\ebay pictures
2012-03-31 12:44 - 2011-12-08 11:38 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\ebay pictures
2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-30 04:39 - 2012-05-08 22:25 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 05:39 - 2012-05-08 22:25 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Users\All Users\ThumbnailCache4R
2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Users\All Users\Application Data\ThumbnailCache4R
2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Documents and Settings\All Users\ThumbnailCache4R
2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Users\Jennifer\My Documents\Come Celebrate Cinc.docx
2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Users\Jennifer\Documents\Come Celebrate Cinc.docx
2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Documents and Settings\Jennifer\My Documents\Come Celebrate Cinc.docx
2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Documents and Settings\Jennifer\Documents\Come Celebrate Cinc.docx
2012-03-20 15:28 - 2012-05-08 22:25 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
ZeroAccess:
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@
ZeroAccess:
C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
ZeroAccess:
C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
ZeroAccess:
C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
ZeroAccess:
C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-06-04 06:17] - [2012-06-16 19:37] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 17%
Total physical RAM: 3006.31 MB
Available physical RAM: 2472.23 MB
Total Pagefile: 2727.86 MB
Available Pagefile: 2551.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1989.43 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:137.28 GB) (Free:4.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:1.99 GB) NTFS
4 Drive f: () (Removable) (Total:30.21 GB) (Free:30.17 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1528 KB
Disk 1 Online 30 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 137 GB 32 KB
Partition 2 Primary 12 GB 137 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 137 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D HP_RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 30 GB 32 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 30 GB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-17 12:23
======================= End Of Log ==========================
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.17.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jack :: SLATTERYLAPTOP [administrator]
6/17/2012 7:43:11 PM
mbam-log-2012-06-17 (19-43-11).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 470819
Time elapsed: 2 hour(s), 5 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
trojan.small, trojan.sirefef and rootkit.0access HELP!
in Resolved Malware Removal Logs
Posted
Maniac,
Thank you for your reply. After reading your post and sleeping on it, I decided to do a factory restore on the computer. After two days of installing windows updates and getting all of my files and programs back on the computer, Malwarebytes found no infections. I believe that I am now OK. Thanks again.