trojan.small, trojan.sirefef and rootkit.0access HELP!

[JackSlate]

Hello All,

I am looking for some help. Just got back from vacation, did not update virus definitions and jumped on the internet. Got a bogus virus warning pop up, started the task manager and killed everything without clicking the screen. Later I noticed that Microsoft Security Essentials was not running and I was not able to turn it back on. Ran Malwarebytes and found that I had trojan.small, trojan.sirefef and rootkit.0access. I followed the prompts to remove them and restart the computer. Ran Malwarebytes again and found the same three problems. I spent most the day researching the culprits and landed here. I ran TDSSKiller and was only notified of none unsigned files which were considered suspicious but action was not recommended. Farbar Recovery Scan Tool and mbam logs pasted below. Thanks in advance for any and all help.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 17-06-2012 02

Ran by SYSTEM at 17-06-2012 18:51:23

Running from F:\

Windows Vista Home Premium (X86) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated)

HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [hpqSRMon] [x]

HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)

HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [] [x]

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-06-24] (NVIDIA Corporation)

HKLM\...\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" [660136 2010-02-04] ()

HKLM\...\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" [16040 2010-02-04] ()

HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)

HKLM\...\Run: [TurboKey] C:\Program Files\Race The World \turbokey.exe [81920 2009-12-18] ()

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM\...\Run: [FPPhotoMiddleWare] C:\Program Files\Fisher-Price\Kid-Tough Digital Studio Software\Util\Kid-Tough Digital Studio Software Middleware.exe [62872 2011-05-24] (Fisher-Price)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)

HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\Jack\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.)

HKU\Jack\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\Jack\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)

HKU\Jack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKU\Jennifer\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company)

HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Jennifer\AppData\Local\Temp\E_S5AF.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION)

HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S8159.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION)

HKU\Jennifer\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-06-01] (Adobe Systems Incorporated)

HKU\Jennifer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)

HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\Jack\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.)

HKU\Jack\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\Jack\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)

HKU\Jack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKU\Jennifer\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company)

HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Jennifer\AppData\Local\Temp\E_S5AF.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION)

HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S8159.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION)

HKU\Jennifer\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-06-01] (Adobe Systems Incorporated)

HKU\Jennifer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Documents and Settings\Jack\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

Startup: C:\Users\Jack\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)

2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.exe [193816 2012-02-20] (Microsoft Corporation.)

3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe [240408 2012-02-20] (Microsoft Corporation.)

3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)

3 DFSR; C:\Windows\System32\DFSR.exe [2092544 2009-04-10] (Microsoft Corporation)

2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation)

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)

3 hkmsvc; C:\Windows\System32\kmsvc.dll [68096 2008-01-20] (Microsoft Corporation)

2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.)

2 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [4916568 2010-11-19] (LeapFrog Enterprises, Inc.)

2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [94208 2009-04-28] (Lexmark International, Inc.)

2 lxdn_device; C:\Windows\system32\lxdncoms.exe -service [594600 2007-12-05] ( )

2 McciCMService; "C:\Program Files\Common Files\Motive\McciCMService.exe" [303104 2009-08-12] (Motive Communications, Inc.)

2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] ()

2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] ()

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()

2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

========================== Drivers (Whitelisted) =============

3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)

3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2009-07-30] (LeapFrog)

3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)

3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)

3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)

3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2007-11-01] (Conexant Systems, Inc.)

4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH)

2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-18] (Conexant)

3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [12032 2007-02-16] (NVIDIA Corporation)

3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2008-01-20] (Microsoft Corporation)

3 SaiK0D14; C:\Windows\System32\DRIVERS\SaiK0D14.sys [130568 2009-09-07] (Saitek)

3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-07] (Saitek)

3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-07] (Saitek)

3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)

3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)

3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)

3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)

3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.)

3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.)

3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.)

3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.)

1 eabfiltr; [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-17 12:31 - 2012-06-17 12:31 - 00000000 ____D C:\FRST

2012-06-17 12:28 - 2012-06-17 12:31 - 00874644 ____A C:\Users\Jack\Downloads\FRST.exe

2012-06-17 12:28 - 2012-06-17 12:31 - 00874644 ____A C:\Documents and Settings\Jack\Downloads\FRST.exe

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-17 12:11 - 2012-06-17 12:33 - 00007957 ____A C:\Windows\WindowsUpdate.log

2012-06-17 12:08 - 2012-06-17 12:08 - 3152863232 __ASH C:\hiberfil.sys

2012-06-17 12:08 - 2012-06-17 12:08 - 00318344 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-17 12:08 - 2012-06-17 12:08 - 00000948 ____A C:\Windows\PFRO.log

2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Users\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt

2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Documents and Settings\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt

2012-06-17 10:50 - 2012-06-17 12:06 - 00002322 ____A C:\Windows\ntbtlog.txt

2012-06-17 10:44 - 2012-06-17 10:45 - 00125318 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_14.44.04_log.txt

2012-06-17 09:09 - 2012-06-17 09:11 - 00127064 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_13.09.44_log.txt

2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Users\All Users\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\DriverCure

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\DriverCure

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\DriverCure

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\DriverCure

2012-06-17 06:32 - 2012-06-17 06:32 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys

2012-06-16 19:47 - 2012-06-16 19:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-06-16 19:47 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-16 11:40 - 2012-06-16 11:40 - 00000000 ____D C:\Program Files\Auslogics

2012-06-16 11:32 - 2012-06-16 11:32 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-06-16 04:12 - 2012-06-16 04:12 - 00000000 ____D C:\Program Files\Dropbox

2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk

2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk

2012-06-16 03:57 - 2012-06-16 03:57 - 00000000 ____D C:\Program Files\iPod

2012-06-15 23:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-15 23:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-15 23:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-15 23:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-15 23:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-15 23:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-15 23:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-15 23:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-15 23:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-15 23:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-15 23:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-15 23:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-15 23:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-15 23:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos.htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (2).htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (1).htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos.htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (2).htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (1).htm

2012-06-15 17:41 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-06-15 17:41 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-06-15 17:41 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-06-15 17:41 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-06-15 17:40 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-15 11:15 - 2012-06-17 09:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe

2012-06-15 11:15 - 2012-06-17 09:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Jack\Desktop\TDSSKiller.exe

2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\My Documents\Lead Letter.docx

2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\Documents\Lead Letter.docx

2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\My Documents\Lead Letter.docx

2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\Documents\Lead Letter.docx

2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\SPL146.tmp

2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\Application Data\SPL146.tmp

2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\SPL146.tmp

2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\Application Data\SPL146.tmp

2012-05-19 04:18 - 2012-05-19 04:19 - 00000000 ____D C:\Program Files\QuickTime

2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk

2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\Public\Desktop\QuickTime Player.lnk

2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

============ 3 Months Modified Files and Folders ===============

2012-06-17 12:33 - 2012-06-17 12:11 - 00007957 ____A C:\Windows\WindowsUpdate.log

2012-06-17 12:31 - 2012-06-17 12:31 - 00000000 ____D C:\FRST

2012-06-17 12:31 - 2012-06-17 12:28 - 00874644 ____A C:\Users\Jack\Downloads\FRST.exe

2012-06-17 12:31 - 2012-06-17 12:28 - 00874644 ____A C:\Documents and Settings\Jack\Downloads\FRST.exe

2012-06-17 12:30 - 2006-11-02 02:33 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-17 12:25 - 2012-01-14 17:52 - 00000000 ___RD C:\Users\Jack\Dropbox

2012-06-17 12:25 - 2012-01-14 17:52 - 00000000 ___RD C:\Documents and Settings\Jack\Dropbox

2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Users\Jack\Application Data\Dropbox

2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Dropbox

2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\Dropbox

2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\Dropbox

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-17 12:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows

2012-06-17 12:10 - 2010-02-05 04:27 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-06-17 12:08 - 2012-06-17 12:08 - 3152863232 __ASH C:\hiberfil.sys

2012-06-17 12:08 - 2012-06-17 12:08 - 00318344 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-17 12:08 - 2012-06-17 12:08 - 00000948 ____A C:\Windows\PFRO.log

2012-06-17 12:08 - 2008-04-27 11:38 - 3466776576 __ASH C:\pagefile.sys

2012-06-17 12:08 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-06-17 12:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-06-17 12:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Users\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt

2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Documents and Settings\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt

2012-06-17 12:06 - 2012-06-17 10:50 - 00002322 ____A C:\Windows\ntbtlog.txt

2012-06-17 10:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles

2012-06-17 10:45 - 2012-06-17 10:44 - 00125318 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_14.44.04_log.txt

2012-06-17 09:11 - 2012-06-17 09:09 - 00127064 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_13.09.44_log.txt

2012-06-17 09:08 - 2012-06-15 11:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe

2012-06-17 09:08 - 2012-06-15 11:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Jack\Desktop\TDSSKiller.exe

2012-06-17 09:08 - 2010-12-31 21:14 - 00002254 ____A C:\Users\Jack\Desktop\eula.txt

2012-06-17 09:08 - 2010-12-31 21:14 - 00002254 ____A C:\Documents and Settings\Jack\Desktop\eula.txt

2012-06-17 08:47 - 2010-02-05 04:27 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-06-17 08:37 - 2012-04-03 18:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-06-17 07:34 - 2008-06-23 00:31 - 00000000 __SHD C:\System Volume Information

2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Users\All Users\SpeedyPC Software

2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software

2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\All Users\SpeedyPC Software

2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software

2012-06-17 07:31 - 2006-11-02 03:18 - 00000000 ___RD C:\Program Files

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\DriverCure

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\DriverCure

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\DriverCure

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\SpeedyPC Software

2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\DriverCure

2012-06-17 07:25 - 2006-11-02 03:18 - 00000000 ___HD C:\ProgramData

2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\nvModes.dat

2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\nvModes.001

2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\Application Data\nvModes.dat

2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\Application Data\nvModes.001

2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\nvModes.dat

2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\nvModes.001

2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\Application Data\nvModes.dat

2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\Application Data\nvModes.001

2012-06-17 06:32 - 2012-06-17 06:32 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys

2012-06-17 05:51 - 2008-04-27 11:43 - 00000012 ____A C:\Windows\bthservsdp.dat

2012-06-17 05:51 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\Local Settings\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\Local Settings\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

2012-06-16 19:47 - 2012-06-16 19:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-06-16 19:47 - 2011-02-20 13:06 - 00000000 ____D C:\Users\Jack\Desktop\digitalmaintenance

2012-06-16 19:47 - 2011-02-20 13:06 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\digitalmaintenance

2012-06-16 19:46 - 2011-02-12 14:51 - 00001945 ____A C:\Windows\epplauncher.mif

2012-06-16 19:37 - 2009-06-04 06:17 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe

2012-06-16 19:25 - 2008-06-22 16:51 - 00000000 ____D C:\users\Jack

2012-06-16 18:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent

2012-06-16 18:05 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\LiveKernelReports

2012-06-16 11:40 - 2012-06-16 11:40 - 00000000 ____D C:\Program Files\Auslogics

2012-06-16 11:34 - 2012-04-03 18:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-06-16 11:34 - 2011-05-18 04:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-06-16 11:32 - 2012-06-16 11:32 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-06-16 05:24 - 2011-10-18 17:36 - 00000000 ____D C:\Users\Jack\Desktop\freemusic

2012-06-16 05:24 - 2011-10-18 17:36 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\freemusic

2012-06-16 04:12 - 2012-06-16 04:12 - 00000000 ____D C:\Program Files\Dropbox

2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk

2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk

2012-06-16 03:58 - 2010-09-10 13:38 - 00000000 ____D C:\Program Files\iTunes

2012-06-16 03:57 - 2012-06-16 03:57 - 00000000 ____D C:\Program Files\iPod

2012-06-16 03:57 - 2008-12-25 07:02 - 00000000 ____D C:\Program Files\Common Files\Apple

2012-06-16 03:48 - 2012-01-14 17:52 - 00000916 ____A C:\Users\Jack\Desktop\Dropbox.lnk

2012-06-16 03:48 - 2012-01-14 17:52 - 00000916 ____A C:\Documents and Settings\Jack\Desktop\Dropbox.lnk

2012-06-15 23:47 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache

2012-06-15 23:39 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET

2012-06-15 23:05 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Users\All Users\Lx_cats

2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Users\All Users\Application Data\Lx_cats

2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats

2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lx_cats

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos.htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (2).htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (1).htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos.htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (2).htm

2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (1).htm

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-05 10:06 - 2009-01-06 11:10 - 00000052 ____A C:\Windows\System32\DOErrors.log

2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Users\Jennifer\My Documents\Book Party Letter.docx

2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Users\Jennifer\Documents\Book Party Letter.docx

2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Documents and Settings\Jennifer\My Documents\Book Party Letter.docx

2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Documents and Settings\Jennifer\Documents\Book Party Letter.docx

2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-01 13:24 - 2006-11-02 03:18 - 00000000 ___SD C:\Windows\Downloaded Program Files

2012-05-24 11:15 - 2010-01-07 15:07 - 00000000 ____D C:\Program Files\CCleaner

2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\My Documents\Lead Letter.docx

2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\Documents\Lead Letter.docx

2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\My Documents\Lead Letter.docx

2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\Documents\Lead Letter.docx

2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\SPL146.tmp

2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\Application Data\SPL146.tmp

2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\SPL146.tmp

2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\Application Data\SPL146.tmp

2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk

2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Users\All Users\Desktop\Safari.lnk

2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Documents and Settings\Public\Desktop\Safari.lnk

2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk

2012-05-19 04:20 - 2009-03-20 15:00 - 00000000 ____D C:\Program Files\Safari

2012-05-19 04:19 - 2012-05-19 04:18 - 00000000 ____D C:\Program Files\QuickTime

2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk

2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\Public\Desktop\QuickTime Player.lnk

2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2012-05-17 15:11 - 2012-06-15 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-05-17 14:48 - 2012-06-15 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-05-17 14:45 - 2012-06-15 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-05-17 14:36 - 2012-06-15 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-05-17 14:35 - 2012-06-15 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-05-17 14:35 - 2012-06-15 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-17 14:33 - 2012-06-15 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-05-17 14:31 - 2012-06-15 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-17 14:29 - 2012-06-15 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-05-17 14:29 - 2012-06-15 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-05-17 14:27 - 2012-06-15 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-05-17 14:25 - 2012-06-15 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-05-17 14:24 - 2012-06-15 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-05-17 14:20 - 2012-06-15 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-05-15 11:51 - 2012-06-15 17:40 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Users\Jennifer\Application Data\wklnhst.dat

2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Users\Jennifer\AppData\Roaming\wklnhst.dat

2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Documents and Settings\Jennifer\Application Data\wklnhst.dat

2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Documents and Settings\Jennifer\AppData\Roaming\wklnhst.dat

2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Users\Jennifer\My Documents\New Folder

2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Users\Jennifer\Documents\New Folder

2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Documents and Settings\Jennifer\My Documents\New Folder

2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Documents and Settings\Jennifer\Documents\New Folder

2012-05-08 23:34 - 2009-12-23 22:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2012-05-08 23:33 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal

2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help

2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Microsoft Help

2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

2012-05-08 23:00 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer

2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Users\Jennifer\My Documents\Hostess Letter.docx

2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Users\Jennifer\Documents\Hostess Letter.docx

2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Documents and Settings\Jennifer\My Documents\Hostess Letter.docx

2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Documents and Settings\Jennifer\Documents\Hostess Letter.docx

2012-05-04 18:57 - 2012-05-04 18:57 - 04126880 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe

2012-05-01 06:03 - 2012-06-15 17:41 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-28 06:41 - 2012-04-28 06:41 - 00011513 ____A C:\Users\Jack\Desktop\.40spreadsheet.xlsx

2012-04-28 06:41 - 2012-04-28 06:41 - 00011513 ____A C:\Documents and Settings\Jack\Desktop\.40spreadsheet.xlsx

2012-04-23 08:00 - 2012-06-15 17:41 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 08:00 - 2012-06-15 17:41 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 08:00 - 2012-06-15 17:41 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Users\Jennifer\My Documents\New Recruit Letter.docx

2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Users\Jennifer\Documents\New Recruit Letter.docx

2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Documents and Settings\Jennifer\My Documents\New Recruit Letter.docx

2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Documents and Settings\Jennifer\Documents\New Recruit Letter.docx

2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Users\Jennifer\My Documents\Jackson PFAPA Chart.xlr

2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Users\Jennifer\Documents\Jackson PFAPA Chart.xlr

2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Documents and Settings\Jennifer\My Documents\Jackson PFAPA Chart.xlr

2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Documents and Settings\Jennifer\Documents\Jackson PFAPA Chart.xlr

2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx

2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts

2012-04-18 16:05 - 2012-04-18 16:05 - 00168825 ____A C:\Users\Jack\Downloads\photo.JPG

2012-04-18 16:05 - 2012-04-18 16:05 - 00168825 ____A C:\Documents and Settings\Jack\Downloads\photo.JPG

2012-04-18 03:54 - 2012-04-18 03:54 - 00792391 ____A C:\Users\Jack\Desktop\countydetectivescontract11to13.pdf

2012-04-18 03:54 - 2012-04-18 03:54 - 00792391 ____A C:\Documents and Settings\Jack\Desktop\countydetectivescontract11to13.pdf

2012-04-18 03:52 - 2012-03-21 08:52 - 00011880 ____A C:\Users\Jack\Desktop\BCDAO.docx

2012-04-18 03:52 - 2012-03-21 08:52 - 00011880 ____A C:\Documents and Settings\Jack\Desktop\BCDAO.docx

2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Users\Jennifer\My Documents\Thirty One Fashion Show.docx

2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Users\Jennifer\Documents\Thirty One Fashion Show.docx

2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Documents and Settings\Jennifer\My Documents\Thirty One Fashion Show.docx

2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Documents and Settings\Jennifer\Documents\Thirty One Fashion Show.docx

2012-04-07 18:51 - 2012-04-03 21:04 - 00015299 ____A C:\Users\Jack\Desktop\Jack Slattery.docx

2012-04-07 18:51 - 2012-04-03 21:04 - 00015299 ____A C:\Documents and Settings\Jack\Desktop\Jack Slattery.docx

2012-04-04 11:56 - 2012-06-16 19:47 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-04-03 00:16 - 2012-05-08 22:24 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2012-04-03 00:16 - 2012-05-08 22:24 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Users\Jack\Application Data\PrimoPDF

2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Users\Jack\AppData\Roaming\PrimoPDF

2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\PrimoPDF

2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\PrimoPDF

2012-03-31 12:44 - 2011-12-08 11:38 - 00000000 ____D C:\Users\Jack\Desktop\ebay pictures

2012-03-31 12:44 - 2011-12-08 11:38 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\ebay pictures

2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-03-30 04:39 - 2012-05-08 22:25 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-03-29 05:39 - 2012-05-08 22:25 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Users\All Users\ThumbnailCache4R

2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Users\All Users\Application Data\ThumbnailCache4R

2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Documents and Settings\All Users\ThumbnailCache4R

2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R

2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Users\Jennifer\My Documents\Come Celebrate Cinc.docx

2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Users\Jennifer\Documents\Come Celebrate Cinc.docx

2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Documents and Settings\Jennifer\My Documents\Come Celebrate Cinc.docx

2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Documents and Settings\Jennifer\Documents\Come Celebrate Cinc.docx

2012-03-20 15:28 - 2012-05-08 22:25 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

ZeroAccess:

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@

ZeroAccess:

C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

ZeroAccess:

C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

ZeroAccess:

C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

ZeroAccess:

C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe

[2009-06-04 06:17] - [2012-06-16 19:37] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%

Total physical RAM: 3006.31 MB

Available physical RAM: 2472.23 MB

Total Pagefile: 2727.86 MB

Available Pagefile: 2551.38 MB

Total Virtual: 2047.88 MB

Available Virtual: 1989.43 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:137.28 GB) (Free:4.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:1.99 GB) NTFS

4 Drive f: () (Removable) (Total:30.21 GB) (Free:30.17 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 149 GB 1528 KB

Disk 1 Online 30 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 137 GB 32 KB

Partition 2 Primary 12 GB 137 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 137 GB Healthy

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D HP_RECOVERY NTFS Partition 12 GB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 30 GB 32 KB

======================================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT32 Removable 30 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-17 12:23

======================= End Of Log ==========================

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.17.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Jack :: SLATTERYLAPTOP [administrator]

6/17/2012 7:43:11 PM

mbam-log-2012-06-17 (19-43-11).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 470819

Time elapsed: 2 hour(s), 5 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

[Maniac]

Hello JackSlate and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Boot to System Recovery Options and run FRST. Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

[JackSlate]

Maniac,

Thank you for your reply. After reading your post and sleeping on it, I decided to do a factory restore on the computer. After two days of installing windows updates and getting all of my files and programs back on the computer, Malwarebytes found no infections. I believe that I am now OK. Thanks again.

[Maniac]

Glad everything is fine there!

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!