Inactive Problems with SIREFEF.AB

itLEAKED · Oct 13, 2012

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: PICKERS-MANAGER [administrator]

10/12/2012 11:08:16 PM
mbam-log-2012-10-12 (23-08-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242797
Time elapsed: 27 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (F:\RECYCLER\S-1-5-18\$7a63ae4b11cb9fc6b0235173aae086c4\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (F:\RECYCLER\S-1-5-21-515967899-1767777339-725345543-1003\$7a63ae4b11cb9fc6b0235173aae086c4\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
F:\RECYCLER\S-1-5-18\$7a63ae4b11cb9fc6b0235173aae086c4\n (Rootkit.0Access) -> Delete on reboot.
F:\RECYCLER\S-1-5-21-515967899-1767777339-725345543-1003\$7a63ae4b11cb9fc6b0235173aae086c4\n (Rootkit.0Access) -> Delete on reboot.
F:\RECYCLER\S-1-5-21-515967899-1767777339-725345543-1003(2)\$7a63ae4b11cb9fc6b0235173aae086c4\n (Rootkit.0Access) -> Quarantined and deleted successfully.
F:\WINDOWS\assembly\GAC\Desktop(2).ini (Trojan.0access) -> Quarantined and deleted successfully.
F:\WINDOWS\assembly\GAC\Desktop.ini (Rootkit.0access) -> Delete on reboot.

(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-13 02:41:55
Windows 5.1.2600 Service Pack 3
Running: 8g8w7iji.exe; Driver: F:\DOCUME~1\admin\LOCALS~1\Temp\afxdrkoc.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000276094fe4 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000276094fe4
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000276094fe4 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by admin at 10:04:47 on 2012-10-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1221 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
F:\WINDOWS\System32\svchost.exe -k imgsvc
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\msisear.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
F:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
"F:\WINDOWS\System32\svchost.exe" -k LocalServiceDns
F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://ca.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - f:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [Nyyfriydvo] "f:\documents and settings\admin\application data\neme\yzfog.exe"
mRun: [zBrowser Launcher] f:\program files\logitech\itouch\iTouch.exe
mRun: [MaxMenuMgr] "f:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [JMB36X Configure] f:\windows\system32\JMRaidTool.exe boot
mRun: [HDAudDeck] f:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [CarboniteSetupLite] "f:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [BrStsWnd] f:\program files\brownie\BrstsWnd.exe Autorun
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ATICCC] "f:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [Intuit SyncManager] f:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "f:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] f:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "f:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "f:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163261152796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164164878500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{1FC109AC-9A4B-4D6F-B252-F015FDA5314A} : NameServer = 192.168.0.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - f:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - f:\program files\common files\intuit\intu-res.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - f:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - f:\program files\turbotax 2011\ic2011pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - f:\progra~1\window~4\MpShHook.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - f:\windows\system32\rundll32.exe f:\windows\system32\advpack.dll,launchinfsectionex f:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\documents and settings\admin\application data\mozilla\firefox\profiles\sa6yerhj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - prefs.js: network.proxy.type - 0
FF - component: f:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: f:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: f:\documents and settings\admin\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: f:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: f:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: f:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: f:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: f:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: f:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: f:\program files\musicnotes\npmusicn.dll
FF - plugin: f:\program files\musicnotes\NPSibelius.dll
FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;f:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 FreeAgentGoNext Service;Seagate Service;f:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 W32Serv;Windows Search Scheduler;f:\windows\msisear.exe [2012-10-12 308224]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;f:\windows\system32\drivers\viahduaa.sys [2009-9-15 845184]
S1 cqgbqjuu;cqgbqjuu;\??\f:\windows\system32\drivers\cqgbqjuu.sys --> f:\windows\system32\drivers\cqgbqjuu.sys [?]
S1 cqhzefuw;cqhzefuw;\??\f:\windows\system32\drivers\cqhzefuw.sys --> f:\windows\system32\drivers\cqhzefuw.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cabcbf41688628;Google Update Service (gupdate1cabcbf41688628);f:\program files\google\update\GoogleUpdate.exe [2010-3-5 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250808]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\google\update\GoogleUpdate.exe [2010-3-5 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;f:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 114144]
S3 Netaapl;Apple Mobile Device Ethernet Service;f:\windows\system32\drivers\netaapl.sys [2010-11-18 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-13 08:04:30365056----a-w-f:\documents and settings\admin\bhxzbuegunpttzkdqsvtqwr.exe
2012-10-13 07:53:446980552----a-w-f:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95602e44-6645-42b4-bae5-17e7a74216e4}\mpengine.dll
2012-10-13 03:06:53--------d-----w-f:\documents and settings\admin\application data\Malwarebytes
2012-10-13 03:06:29--------d-----w-f:\documents and settings\all users\application data\Malwarebytes
2012-10-13 03:06:2622856----a-w-f:\windows\system32\drivers\mbam.sys
2012-10-13 03:06:26--------d-----w-f:\program files\Malwarebytes' Anti-Malware
2012-10-13 02:45:26--------d-----w-f:\documents and settings\admin\application data\FixZeroAccess
2012-10-13 01:45:06--------d-----w-f:\program files\Microsoft Security Client
2012-10-12 20:26:09308224----a-w-f:\windows\msisear.exe
2012-10-12 19:04:20--------d-----w-f:\program files\Spybot - Search & Destroy
2012-10-12 19:04:19--------d-----w-f:\program files\SpeedyPC Software
2012-10-12 19:04:19--------d-----w-f:\documents and settings\all users\application data\SpeedyPC Software
2012-10-12 17:35:13--------d-----w-f:\windows\system32\wbem\repository\FS
2012-10-12 17:35:13--------d-----w-f:\windows\system32\wbem\Repository
2012-10-11 22:12:02--------d-sha-r-F:\cmdcons
2012-10-11 22:00:2398816----a-w-f:\windows\sed.exe
2012-10-11 22:00:23518144----a-w-f:\windows\SWREG.exe
2012-10-11 22:00:23256000----a-w-f:\windows\PEV.exe
2012-10-11 22:00:23208896----a-w-f:\windows\MBR.exe
2012-10-11 21:59:15--------d-----w-F:\ComboFix
2012-10-11 21:49:28256904----a-w-f:\windows\system32\drivers\tmcomm.sys
2012-10-11 21:37:43--------d-----w-f:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-09-20 14:25:21--------d-----w-f:\program files\iPod
2012-09-20 14:25:16--------d-----w-f:\program files\iTunes
2012-09-20 14:25:16--------d-----w-f:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-19 22:50:22--------d-----w-f:\documents and settings\admin\application data\Neme
2012-09-19 22:50:22--------d-----w-f:\documents and settings\admin\application data\Kukoam
2012-09-19 22:50:22--------d-----w-f:\documents and settings\admin\application data\Ekem
.
==================== Find3M ====================
.
2012-10-08 22:20:37696760----a-w-f:\windows\system32\FlashPlayerApp.exe
2012-10-08 22:20:3673656----a-w-f:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 02:03:50193552----a-w-f:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53916992----a-w-f:\windows\system32\wininet.dll
2012-08-28 15:14:5343520----a-w-f:\windows\system32\licmgr10.dll
2012-08-28 15:14:521469440------w-f:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15385024----a-w-f:\windows\system32\html.iec
2012-08-24 13:53:22177664----a-w-f:\windows\system32\wintrust.dll
2012-08-21 17:01:2226840----a-w-f:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22106928----a-w-f:\windows\system32\GEARAspi.dll
2012-08-21 13:33:262148864----a-w-f:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:092027520----a-w-f:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Lexar___ rev.1100 -> Harddisk4\DR9 -> \Device\0000007a
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys USBSTOR.SYS hal.dll usbhub.sys USBPORT.SYS usbehci.sys
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk4\DR9[0x89CE9A38]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\00000083[0x89E239F8]
5 USBSTOR[0xBA3C0706] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\USBPDO-9[0x89CF13F0]
7 usbhub[0xB9636596] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\USBPDO-4[0x888AF030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
error: Read The parameter is incorrect.
.
============= FINISH: 10:11:34.48 ===============

Jay Pfoutz · Oct 13, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to get the 32-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

itLEAKED · Oct 13, 2012

When I tried to locate the Repair feature within the Advanced Boot Options there is nothing there and my boss is unaware as to the location of our Windows XP cd.
Am I out of luck until I can acquire that disc?

Jay Pfoutz · Oct 13, 2012

Sorry for that, I overlooked the fact you have Windows XP. Let's do the following instead:

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

itLEAKED · Oct 13, 2012

Ran ComboFix in 'normal'
Started, and wouldn't complete the scan after hour and a half
Rebooted into 'safe mode'
Started, again would not complete after hour and a half
Tried iexplore.exe, again with same results in both modes

How long should this scan typically take? Asking because of the coment within the cmd prompt about run time

Jay Pfoutz · Oct 14, 2012

40 minutes at the most usually.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

itLEAKED · Oct 17, 2012

When I got to run this application, it seems like it's going to work, then it doesn't do anything. I don't even get to the first window

Jay Pfoutz · Oct 17, 2012

Next trial run...

RogueKiller Scan

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

itLEAKED · Oct 18, 2012

Can't tell if the scan completed or not. Clicked on Delete and it went to hour glass for over 10 minutes, then program became unresponsive.

It did however make this log and Quarantine Dir:

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 10/18/2012 10:10:15

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] msisear.exe -- F:\WINDOWS\msisear.exe -> KILLED [TermProc]
[HIDDEN] msisear.exe -- F:\WINDOWS\msisear.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : F:\RECYCLER\S-1-5-18\$7a63ae4b11cb9fc6b0235173aae086c4\U --> FOUND
[ZeroAccess][FOLDER] U : F:\RECYCLER\S-1-5-21-515967899-1767777339-725345543-1003\$7a63ae4b11cb9fc6b0235173aae086c4\U --> FOUND
[ZeroAccess][FOLDER] L : F:\RECYCLER\S-1-5-18\$7a63ae4b11cb9fc6b0235173aae086c4\L --> FOUND
[ZeroAccess][FOLDER] L : F:\RECYCLER\S-1-5-21-515967899-1767777339-725345543-1003\$7a63ae4b11cb9fc6b0235173aae086c4\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9F156F2)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9F156F2)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9F15712)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9F1573C)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9F1C336)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9F1C302)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9F12864)

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> F:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JS-98NCB1 +++++
--- User ---
[MBR] 0b2d64725d2c468a38b655bcb09ee167
[BSP] 1bff3a84dd1bac7449d2e018771f1cdf : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] aa5b0088405d84d0cfc92b5410ed3861
[BSP] 1bff3a84dd1bac7449d2e018771f1cdf : Windows XP MBR Code [possible maxSST in 1!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 488376000 | Size: 10 Mo

+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] 25bc0c7e1936e0474ef5d29e443cf4f3
[BSP] ff64d61c08d73aa2b1fc0f963ee69984 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Jay Pfoutz · Oct 18, 2012

Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

Insert the flash drive with FRST on it
Locate the flash drive and run FSRT
The tool will start to run.

When the tool opens click Yes to disclaimer.
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

itLEAKED · Oct 19, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by SYSTEM at 19-10-2012 20:34:09
Running from G:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe [892928 2004-03-18] (Logitech Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] F:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [MaxMenuMgr] "F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-09-26] (Seagate LLC)
HKLM\...\Run: [Intuit SyncManager] F:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [623880 2008-11-18] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HDAudDeck] F:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 [30003200 2008-08-14] (VIA Technologies, Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [x]
HKLM\...\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime [61440 2005-08-06] (ATI Technologies Inc.)
HKLM\...\Run: [APSDaemon] "F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [MSC] "F:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\admin\...\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 6to4; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2005-08-06] ()
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 FreeAgentGoNext Service; "C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" [189736 2009-09-26] (Seagate Technology LLC)

itLEAKED · Oct 19, 2012

Farbar Recovery Scan Tool (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-19 20:28:06
Running from G:\

================== Search: "services.exe" ===================

C:\WINDOWS\system32\services.exe
[2003-03-31 08:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\system32\dllcache\services.exe
[2003-03-31 08:00] - [2009-02-06 07:11] - 0110592 ___AC (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\ServicePackFiles\i386\services.exe
[2006-11-12 03:10] - [2008-04-13 20:12] - 0108544 ___AC (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\erdnt\cache\services.exe
[2012-10-11 18:55] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-04-17 03:03] - [2008-04-13 20:12] - 0108544 ___AC (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2008-07-11 21:28] - [2004-08-04 04:56] - 0108032 ___AC (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-04-16 19:11] - [2009-02-06 07:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

=== End Of Search ===

Jay Pfoutz · Oct 20, 2012

The FRST.txt is incomplete. Would you re-post that log, please.

Jay Pfoutz · Oct 25, 2012

Hello, are you still with us? Please update us with the state of your situation, so we know how to continue from here.

We'd still like to help. Topic marked inactive, until your return.

itLEAKED · Oct 26, 2012

HKLM\...\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\admin\...\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 6to4; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2005-08-06] ()
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 FreeAgentGoNext Service; "C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" [189736 2009-09-26] (Seagate Technology LLC)
3 GoogleDesktopManager; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [1838592 2012-10-15] (Google)
2 gupdate1cabcbf41688628; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2010-03-05] (Google Inc.)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
2 W32Serv; C:\WINDOWS\msisear.exe [304128 2012-10-15] ()
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1273344 2005-08-03] (ATI Technologies Inc.)
2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
3 itchfltr; C:\Windows\System32\DRIVERS\itchfltr.sys [12953 2004-03-10] (Logitech, Inc.)
0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [43392 2006-07-05] (JMicron Technology Corp.)
3 L1e; C:\Windows\System32\DRIVERS\l1e51x86.sys [38400 2008-09-23] (Atheros Communications, Inc.)
3 LCcfltr; C:\Windows\System32\drivers\lccfltr.sys [14095 2004-03-03] (Logitech, Inc.)
3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [83712 2006-07-13] (Realtek Semiconductor Corporation )
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [845184 2008-07-25] (VIA Technologies, Inc.)
4 Abiosdsk; [x]
4 abp480n5; [x]
3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [x]
4 adpu160m; [x]
3 AEAudio; C:\Windows\System32\drivers\AEAudio.sys [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\F:\32788R22FWJFW\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
1 cqgbqjuu; \??\F:\WINDOWS\system32\drivers\cqgbqjuu.sys [x]
1 cqhzefuw; \??\F:\WINDOWS\system32\drivers\cqhzefuw.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 InCDFs; C:\Windows\System32\drivers\InCDFs.sys [x]
1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [x]
1 InCDRm; C:\Windows\System32\drivers\InCDRm.sys [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
3 MBAMProtector; \??\F:\WINDOWS\system32\drivers\mbam.sys [x]
3 MFE_RR; \??\F:\DOCUME~1\admin\LOCALS~1\Temp\mfe_rr.sys [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
2 PEVSystemStart; "F:\ComboFix\pev.3XE" EXEC /I "F:\ComboFix\HIDEC.3XE" "F:\ComboFix\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
2 RPSKT; C:\Windows\System32\DRIVERS\rp_skt32.sys [x]
3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-10-26 13:06 - 2012-10-26 13:09 - 55101172 ____A C:\FRI.TRS
2012-10-26 12:38 - 2012-10-26 12:38 - 76292096 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 26, 2012 12 36 PM).QBB
2012-10-26 12:38 - 2012-10-26 12:38 - 00042496 ____A C:\Documents and Settings\admin\My Documents\money notes 2012-1.xls
2012-10-26 12:37 - 2012-10-26 12:37 - 00042496 ____A C:\Documents and Settings\admin\My Documents\money notes 2012 update.xls
2012-10-26 12:12 - 2012-10-26 12:16 - 55100350 ____A C:\102620121216.TRS
2012-10-25 19:19 - 2012-10-25 19:19 - 00000000 ____D C:\Windows\LastGood
2012-10-25 16:10 - 2012-10-25 16:14 - 55089896 ____A C:\10252012414.TRS
2012-10-23 14:23 - 2012-10-23 14:56 - 55063452 ____A C:\10232012256.TRS
2012-10-23 14:23 - 2012-10-23 14:27 - 55063103 ____A C:\10232012227.TRS
2012-10-23 12:38 - 2012-10-23 12:38 - 00041984 ____A C:\Documents and Settings\admin\My Documents\money notes 2012 2.xls
2012-10-22 12:26 - 2012-10-22 15:21 - 55051886 ____A C:\10222012321.TRS
2012-10-22 12:26 - 2012-10-22 12:29 - 55050287 ____A C:\102220121229.TRS
2012-10-20 17:41 - 2012-10-20 17:41 - 76288000 ____N C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 20, 2012 05 39 PM).QBB
2012-10-20 17:20 - 2012-10-20 17:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-20 14:35 - 2012-10-20 17:42 - 55037694 ____A C:\10202012442.TRS
2012-10-20 14:35 - 2012-10-20 14:39 - 55034721 ____A C:\10202012139.TRS
2012-10-20 14:22 - 2012-10-20 14:33 - 55034054 ____A C:\10202012133.TRS
2012-10-19 20:18 - 2012-10-19 20:18 - 00000000 ____D C:\FRST
2012-10-19 14:42 - 2012-10-19 14:45 - 55015306 ____A C:\10192012245.TRS
2012-10-19 12:52 - 2012-10-19 12:52 - 76304384 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 19, 2012 12 50 PM).QBB
2012-10-18 19:50 - 2012-10-18 19:50 - 76292096 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 18, 2012 07 48 PM).QBB
2012-10-18 17:04 - 2012-10-18 17:09 - 55001990 ____A C:\10182012509.TRS
2012-10-18 10:10 - 2012-10-18 10:10 - 00002830 ____A C:\Documents and Settings\admin\Desktop\RKreport[1].txt
2012-10-18 10:09 - 2012-10-18 10:40 - 00000000 ____D C:\Documents and Settings\admin\Desktop\RK_Quarantine
2012-10-18 10:08 - 2012-10-18 10:08 - 01425920 ____A C:\Documents and Settings\admin\Desktop\RogueKiller.exe
2012-10-17 19:42 - 2012-10-17 19:42 - 00008844 ____A C:\Windows\System32\reset.log
2012-10-17 19:32 - 2012-10-17 19:48 - 00005404 ____A C:\Windows\bitssetup.log
2012-10-17 19:14 - 2004-06-11 19:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-10-17 19:11 - 2012-10-17 19:11 - 00000000 ____D C:\RegBackup
2012-10-17 17:06 - 2012-10-17 19:54 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-16 19:19 - 2012-10-16 19:19 - 00043062 ____A C:\Documents and Settings\admin\My Documents\UserImages.bmp
2012-10-16 19:18 - 2012-10-16 19:19 - 55378076 ____A C:\Documents and Settings\admin\My Documents\Tuesdays Backups.nrg
2012-10-16 18:40 - 2012-10-16 18:40 - 76283904 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 16, 2012 06 38 PM).QBB
2012-10-16 17:13 - 2012-10-16 17:15 - 00034816 ____A C:\Documents and Settings\admin\My Documents\Erikson's Adjusted Statement Oct 10 2012.xls
2012-10-16 17:12 - 2012-10-26 17:21 - 00000402 ____A C:\Windows\Tasks\ReclaimerUpdateXML_admin.job
2012-10-16 17:12 - 2012-10-26 12:22 - 00000406 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_admin.job
2012-10-16 17:12 - 2012-10-25 18:59 - 00000412 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_admin.job
2012-10-16 13:39 - 2012-08-21 13:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-16 13:38 - 2012-10-16 13:39 - 00000000 ____D C:\Program Files\iTunes
2012-10-16 13:38 - 2012-10-16 13:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-16 13:38 - 2012-10-16 13:38 - 00000000 ____D C:\Program Files\iPod
2012-10-16 13:36 - 2012-10-16 13:47 - 54980182 ____A C:\10162012147.TRS
2012-10-16 10:32 - 2012-10-25 23:54 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-10-16 10:22 - 2012-10-16 10:22 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-16 09:29 - 2012-10-16 09:37 - 00000000 ____D C:\Program Files\HijackThis
2012-10-16 08:46 - 2012-10-17 16:54 - 00000796 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-15 19:34 - 2012-10-15 19:38 - 54978149 ____A C:\10152012738.TRS
2012-10-15 19:10 - 2012-10-15 19:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ask
2012-10-15 19:09 - 2012-10-15 19:09 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-10-15 19:09 - 2012-10-15 19:09 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-10-15 19:09 - 2012-10-15 19:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-10-15 19:09 - 2012-10-15 19:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-10-15 17:17 - 2012-10-15 17:18 - 00000000 ___DC C:\Windows\ie8
2012-10-15 14:43 - 2012-10-15 14:46 - 54970023 ____A C:\10152012246.TRS
2012-10-15 13:22 - 2012-10-15 13:22 - 00304128 ____A () C:\Windows\msisear.exe
2012-10-15 12:22 - 2012-10-15 12:22 - 76288000 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 15, 2012 12 21 PM).QBB
2012-10-13 18:53 - 2012-10-13 18:53 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Intuit
2012-10-13 18:18 - 2012-10-13 18:18 - 00000000 ____D C:\ComboFix
2012-10-13 12:26 - 2012-10-13 12:26 - 00000000 ____D C:\Program Files\uTorrent
2012-10-13 12:25 - 2012-10-13 12:30 - 00000000 ____D C:\Documents and Settings\admin\Application Data\uTorrent
2012-10-13 02:46 - 2012-10-13 02:46 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2012-10-12 23:06 - 2012-10-17 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-12 23:06 - 2012-10-12 23:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-10-12 23:06 - 2012-10-12 23:06 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Malwarebytes
2012-10-12 22:45 - 2012-10-12 22:45 - 00000000 ____D C:\Documents and Settings\admin\Application Data\FixZeroAccess
2012-10-12 21:47 - 2012-10-12 21:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-10-12 21:46 - 2012-10-12 21:46 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-10-12 21:34 - 2012-10-12 21:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2012-10-12 21:34 - 2012-10-12 21:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2012-10-12 16:27 - 2012-10-12 16:27 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-10-12 16:26 - 2012-10-12 16:26 - 00308224 ____A () C:\Windows\msisear.ex
2012-10-12 15:04 - 2012-10-12 15:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-10-12 15:04 - 2012-10-12 15:04 - 00000000 ____D C:\Program Files\SpeedyPC Software
2012-10-12 15:04 - 2012-10-12 15:04 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-10-12 15:04 - 2012-10-12 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
2012-10-12 15:04 - 2012-10-12 15:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SpeedyPC Software
2012-10-12 15:04 - 2012-10-12 15:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2012-10-12 14:44 - 2012-10-12 14:44 - 00098304 ____A C:\Windows\Minidump\Mini101212-01.dmp
2012-10-12 14:05 - 2012-10-12 14:08 - 54932826 ____A C:\10122012208.TRS
2012-10-12 13:29 - 2012-10-12 13:29 - 00011419 ____A C:\Documents and Settings\admin\hs_err_pid4048.log
2012-10-11 19:10 - 2012-10-11 19:10 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
2012-10-11 18:12 - 2012-10-12 15:04 - 00000000 _RASD C:\cmdcons
2012-10-11 18:12 - 2006-11-12 03:12 - 00000210 ____A C:\Boot.bak
2012-10-11 18:12 - 2004-08-03 23:00 - 00260272 __RAS C:\cmldr
2012-10-11 18:00 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-11 18:00 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-11 18:00 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-11 18:00 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-11 18:00 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-11 18:00 - 2000-08-30 20:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-10-11 18:00 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-11 18:00 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-11 18:00 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-11 17:57 - 2012-10-13 12:50 - 00000000 ___AD C:\Qoobox
2012-10-11 17:57 - 2012-10-11 18:55 - 00000000 ____D C:\Windows\erdnt
2012-10-11 17:55 - 2012-10-11 17:55 - 00185585 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2012-10-11 17:55 - 2012-10-11 17:55 - 00177288 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2012-10-11 17:49 - 2012-06-05 03:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-10-11 17:47 - 2012-10-11 17:47 - 00000036 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2012-10-11 17:37 - 2012-10-12 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-10-11 17:29 - 2012-10-15 16:57 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2012-10-11 17:28 - 2012-10-11 17:28 - 00000000 ___SD C:\Documents and Settings\Administrator\PrivacIE
2012-10-11 17:28 - 2012-10-11 17:28 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2012-10-11 16:44 - 2012-10-11 16:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\DriverCure
2012-10-11 16:40 - 2012-10-13 14:24 - 00000000 __SHD C:\Windows\CSC
2012-10-11 14:54 - 2012-10-11 14:54 - 00049904 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-10-11 14:25 - 2012-10-11 14:43 - 00000168 ____A C:\Documents and Settings\All Users\Application Data\-1Nwbqw25s1wUfe
2012-10-11 13:01 - 2012-10-11 13:05 - 54918643 ____A C:\10112012105.TRS
2012-10-11 03:04 - 2012-10-11 03:04 - 00000000 ___DC C:\Windows\$NtUninstallKB2724197$
2012-10-11 03:02 - 2012-10-11 03:02 - 00005445 ____A C:\Windows\KB2756822.log
2012-10-11 03:02 - 2012-10-11 03:02 - 00000000 ___DC C:\Windows\$NtUninstallKB2756822$
2012-10-11 03:01 - 2012-10-11 03:01 - 00000000 ___DC C:\Windows\$NtUninstallKB2749655$
2012-10-11 03:01 - 2012-10-11 03:01 - 00000000 ___DC C:\Windows\$NtUninstallKB2661254-v2$
2012-10-10 11:33 - 2012-10-11 03:04 - 00015523 ____A C:\Windows\KB2724197.log
2012-10-10 11:33 - 2012-10-11 03:02 - 00014114 ____A C:\Windows\KB2749655.log
2012-10-10 11:33 - 2012-10-11 03:01 - 00014130 ____A C:\Windows\KB2661254-v2.log
2012-10-09 17:57 - 2012-10-09 17:58 - 76255232 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 09, 2012 05 56 PM).QBB
2012-10-09 12:02 - 2012-10-09 12:06 - 54891187 ____A C:\100920121206.TRS
2012-10-06 15:49 - 2012-10-06 15:52 - 54877801 ____A C:\10062012352.TRS
2012-10-06 13:35 - 2012-10-06 13:38 - 54875054 ____A C:\10062012138.TRS
2012-10-05 17:12 - 2012-10-05 17:16 - 54866090 ____A C:\10052012516.TRS
2012-10-05 12:05 - 2012-10-05 12:09 - 54859695 ____A C:\100520121209.TRS
2012-10-04 15:15 - 2012-10-04 17:38 - 54851988 ____A C:\10042012538.TRS
2012-10-04 15:15 - 2012-10-04 15:18 - 54849685 ____A C:\10042012318.TRS
2012-10-04 13:54 - 2012-10-04 13:55 - 75943936 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 04, 2012 01 53 PM).QBB
2012-10-04 12:03 - 2012-10-26 22:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-02 14:07 - 2012-10-02 14:12 - 54824472 ____A C:\10022012212.TRS
2012-09-29 18:06 - 2012-09-29 18:09 - 54927763 ____A C:\09292012609.TRS
2012-09-29 17:11 - 2012-09-29 17:15 - 54927041 ____A C:\09292012515.TRS
2012-09-28 15:40 - 2012-09-28 15:44 - 54905727 ____A C:\09282012344.TRS
2012-09-27 12:20 - 2012-09-27 12:24 - 54884899 ____A C:\092720121224.TRS

==================== 3 Months Modified Files ==================

2012-10-26 22:58 - 2006-11-11 12:07 - 01090362 ____A C:\Windows\WindowsUpdate.log
2012-10-26 22:58 - 2006-11-11 10:59 - 00032708 ____A C:\Windows\SchedLgU.Txt
2012-10-26 22:58 - 2006-11-11 10:59 - 00000278 __ASH C:\Documents and Settings\admin\ntuser.ini
2012-10-26 22:58 - 2006-11-11 10:56 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-26 22:58 - 2006-11-11 02:49 - 00000216 ____A C:\Windows\wiadebug.log
2012-10-26 22:58 - 2006-11-11 02:49 - 00000050 ____A C:\Windows\wiaservc.log
2012-10-26 22:20 - 2012-10-04 12:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-26 22:13 - 2010-03-05 20:05 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-26 20:48 - 2009-08-21 18:40 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{73F1D1BF-C82D-4515-A120-A29A8B0BB121}.job
2012-10-26 20:13 - 2010-03-05 20:05 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-26 17:21 - 2012-10-16 17:12 - 00000402 ____A C:\Windows\Tasks\ReclaimerUpdateXML_admin.job
2012-10-26 17:12 - 2005-03-19 13:05 - 00001634 ____A C:\Windows\TRS.INI
2012-10-26 13:45 - 2012-10-26 13:45 - 76279808 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 26, 2012 01 43 PM).QBB
2012-10-26 13:09 - 2012-10-26 13:06 - 55101172 ____A C:\FRI.TRS
2012-10-26 12:40 - 2012-01-05 14:29 - 00042496 ____A C:\Documents and Settings\admin\My Documents\money notes 2012.xls
2012-10-26 12:38 - 2012-10-26 12:38 - 76292096 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 26, 2012 12 36 PM).QBB
2012-10-26 12:38 - 2012-10-26 12:38 - 00042496 ____A C:\Documents and Settings\admin\My Documents\money notes 2012-1.xls
2012-10-26 12:37 - 2012-10-26 12:37 - 00042496 ____A C:\Documents and Settings\admin\My Documents\money notes 2012 update.xls
2012-10-26 12:22 - 2012-10-16 17:12 - 00000406 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_admin.job
2012-10-26 12:16 - 2012-10-26 12:12 - 55100350 ____A C:\102620121216.TRS
2012-10-25 23:54 - 2012-10-16 10:32 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-10-25 19:24 - 2010-03-05 19:58 - 00000286 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1767777339-725345543-1003.job
2012-10-25 19:24 - 2010-03-05 19:58 - 00000278 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1767777339-725345543-1003.job
2012-10-25 19:23 - 2003-03-31 08:00 - 00012598 ____A C:\Windows\System32\wpa.dbl
2012-10-25 19:19 - 2011-08-29 14:19 - 00117140 ____A C:\Windows\setupapi.log
2012-10-25 19:03 - 2006-11-11 02:48 - 00572980 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-25 18:59 - 2012-10-16 17:12 - 00000412 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_admin.job
2012-10-25 18:59 - 2009-10-06 14:09 - 00000236 ____A C:\Windows\Tasks\OGALogon.job
2012-10-25 18:59 - 2006-11-11 10:59 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-10-25 18:59 - 2006-11-11 10:59 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-10-25 18:59 - 2006-11-11 10:59 - 00000062 __ASH C:\Documents and Settings\admin\Local Settings\desktop.ini
2012-10-25 16:14 - 2012-10-25 16:10 - 55089896 ____A C:\10252012414.TRS
2012-10-25 08:27 - 2010-07-23 13:00 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-10-23 19:38 - 2007-04-16 12:24 - 00533040 ____A C:\Documents and Settings\admin\My Documents\docs backup.nri
2012-10-23 19:26 - 2011-12-06 21:23 - 00042487 ____A C:\Documents and Settings\admin\My Documents\ISO2_DVD.nri
2012-10-23 14:56 - 2012-10-23 14:23 - 55063452 ____A C:\10232012256.TRS
2012-10-23 14:27 - 2012-10-23 14:23 - 55063103 ____A C:\10232012227.TRS
2012-10-23 12:38 - 2012-10-23 12:38 - 00041984 ____A C:\Documents and Settings\admin\My Documents\money notes 2012 2.xls
2012-10-22 15:21 - 2012-10-22 12:26 - 55051886 ____A C:\10222012321.TRS
2012-10-22 12:29 - 2012-10-22 12:26 - 55050287 ____A C:\102220121229.TRS
2012-10-20 17:42 - 2012-10-20 14:35 - 55037694 ____A C:\10202012442.TRS
2012-10-20 17:41 - 2012-10-20 17:41 - 76288000 ____N C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 20, 2012 05 39 PM).QBB
2012-10-20 14:39 - 2012-10-20 14:35 - 55034721 ____A C:\10202012139.TRS
2012-10-20 14:33 - 2012-10-20 14:22 - 55034054 ____A C:\10202012133.TRS
2012-10-19 14:45 - 2012-10-19 14:42 - 55015306 ____A C:\10192012245.TRS
2012-10-19 13:00 - 2003-03-31 08:00 - 00000668 ____A C:\Windows\win.ini
2012-10-19 13:00 - 2003-03-31 08:00 - 00000227 ____A C:\Windows\system.ini
2012-10-19 12:52 - 2012-10-19 12:52 - 76304384 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 19, 2012 12 50 PM).QBB
2012-10-18 19:53 - 2009-11-06 18:40 - 00043375 ____A C:\Documents and Settings\admin\My Documents\ISO4_DVD.nri
2012-10-18 19:50 - 2012-10-18 19:50 - 76292096 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 18, 2012 07 48 PM).QBB
2012-10-18 18:15 - 2007-05-12 11:54 - 00048048 ____A C:\Documents and Settings\admin\Application Data\GDIPFONTCACHEV1.DAT
2012-10-18 17:09 - 2012-10-18 17:04 - 55001990 ____A C:\10182012509.TRS
2012-10-18 11:02 - 2006-11-11 02:47 - 00207894 ____A C:\Windows\setupact.log
2012-10-18 10:10 - 2012-10-18 10:10 - 00002830 ____A C:\Documents and Settings\admin\Desktop\RKreport[1].txt
2012-10-18 10:08 - 2012-10-18 10:08 - 01425920 ____A C:\Documents and Settings\admin\Desktop\RogueKiller.exe
2012-10-18 03:03 - 2012-09-22 03:00 - 00029964 ____A C:\Windows\KB2744842-IE8.log
2012-10-18 03:03 - 2006-11-11 02:48 - 02710881 ____A C:\Windows\FaxSetup.log
2012-10-18 03:03 - 2006-11-11 02:48 - 01344004 ____A C:\Windows\ocgen.log
2012-10-18 03:03 - 2006-11-11 02:48 - 01253580 ____A C:\Windows\tsoc.log
2012-10-18 03:03 - 2006-11-11 02:48 - 01066284 ____A C:\Windows\iis6.log
2012-10-18 03:03 - 2006-11-11 02:48 - 00890799 ____A C:\Windows\comsetup.log
2012-10-18 03:03 - 2006-11-11 02:48 - 00543767 ____A C:\Windows\ntdtcsetup.log
2012-10-18 03:03 - 2006-11-11 02:48 - 00475136 ____A C:\Windows\netfxocm.log
2012-10-18 03:03 - 2006-11-11 02:48 - 00189380 ____A C:\Windows\MedCtrOC.log
2012-10-18 03:03 - 2006-11-11 02:48 - 00148556 ____A C:\Windows\ocmsn.log
2012-10-18 03:03 - 2006-11-11 02:48 - 00136895 ____A C:\Windows\msgsocm.log
2012-10-18 03:03 - 2006-11-11 02:48 - 00136021 ____A C:\Windows\tabletoc.log
2012-10-18 03:03 - 2006-11-11 02:48 - 00001393 ____A C:\Windows\imsins.log
2012-10-18 03:02 - 2011-06-18 03:00 - 00015677 ____A C:\Windows\KB2544521-IE8.log
2012-10-18 03:02 - 2011-04-15 03:00 - 00015960 ____A C:\Windows\KB2510531-IE8.log
2012-10-18 03:02 - 2006-11-12 03:24 - 00606914 ____A C:\Windows\updspapi.log
2012-10-18 03:02 - 2006-11-11 02:48 - 00851646 ____A C:\Windows\msmqinst.log
2012-10-18 03:02 - 2006-11-11 02:48 - 00001393 ____A C:\Windows\imsins.BAK
2012-10-17 19:59 - 2006-11-11 11:20 - 00048048 ____A C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-10-17 19:56 - 2006-11-11 02:47 - 00195368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-17 19:55 - 2006-11-11 11:18 - 00005778 ___AC C:\Windows\COM+.log
2012-10-17 19:54 - 2012-10-17 17:06 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-17 19:48 - 2012-10-17 19:32 - 00005404 ____A C:\Windows\bitssetup.log
2012-10-17 19:42 - 2012-10-17 19:42 - 00008844 ____A C:\Windows\System32\reset.log
2012-10-17 19:38 - 2006-11-11 10:56 - 00023392 ____A C:\Windows\System32\nscompat.tlb
2012-10-17 19:38 - 2006-11-11 10:56 - 00016832 ____A C:\Windows\System32\amcompat.tlb
2012-10-17 19:32 - 2006-11-11 10:56 - 00000558 ___AC C:\Windows\Windows Update.log
2012-10-17 16:54 - 2012-10-16 08:46 - 00000796 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-16 19:19 - 2012-10-16 19:19 - 00043062 ____A C:\Documents and Settings\admin\My Documents\UserImages.bmp
2012-10-16 19:19 - 2012-10-16 19:18 - 55378076 ____A C:\Documents and Settings\admin\My Documents\Tuesdays Backups.nrg
2012-10-16 18:40 - 2012-10-16 18:40 - 76283904 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 16, 2012 06 38 PM).QBB
2012-10-16 17:15 - 2012-10-16 17:13 - 00034816 ____A C:\Documents and Settings\admin\My Documents\Erikson's Adjusted Statement Oct 10 2012.xls
2012-10-16 13:54 - 2007-02-23 22:06 - 00016815 ____A C:\Windows\cdplayer.ini
2012-10-16 13:50 - 2010-11-23 13:08 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-10-16 13:50 - 2010-11-23 13:08 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-10-16 13:50 - 2007-02-19 20:43 - 00278528 ____A (Real Networks, Inc) C:\Windows\System32\pncrt.dll
2012-10-16 13:47 - 2012-10-16 13:36 - 54980182 ____A C:\10162012147.TRS
2012-10-16 10:22 - 2011-01-28 15:47 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-16 08:05 - 2009-11-06 13:51 - 00047500 ____A C:\Documents and Settings\admin\My Documents\ISO1_DVD.nri
2012-10-15 19:38 - 2012-10-15 19:34 - 54978149 ____A C:\10152012738.TRS
2012-10-15 19:09 - 2012-10-15 19:09 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-10-15 19:09 - 2012-10-15 19:09 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-10-15 19:09 - 2012-10-15 19:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-10-15 19:09 - 2012-10-15 19:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-10-15 19:09 - 2010-11-01 16:52 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-10-15 19:09 - 2007-06-18 08:59 - 00073728 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javacpl.cpl
2012-10-15 17:24 - 2006-11-12 03:21 - 00142871 ___AC C:\Windows\spupdsvc.log
2012-10-15 17:22 - 2009-05-29 18:45 - 00309698 ____A C:\Windows\ie8_main.log
2012-10-15 17:19 - 2009-05-29 18:47 - 00301581 ____A C:\Windows\ie8.log
2012-10-15 16:57 - 2012-10-11 17:29 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2012-10-15 16:56 - 2009-08-21 18:22 - 00130385 ____A C:\Windows\ie8Uninst.log
2012-10-15 14:46 - 2012-10-15 14:43 - 54970023 ____A C:\10152012246.TRS
2012-10-15 13:22 - 2012-10-15 13:22 - 00304128 ____A () C:\Windows\msisear.exe
2012-10-15 12:22 - 2012-10-15 12:22 - 76288000 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 15, 2012 12 21 PM).QBB
2012-10-13 18:22 - 2003-03-31 08:00 - 00000019 ____A C:\Windows\System32\Drivers\etc\hosts_bak_127
2012-10-13 14:24 - 2010-04-29 12:43 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-10-13 09:13 - 2010-03-05 19:55 - 00001825 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2012-10-12 21:39 - 2010-04-29 12:43 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2012-10-12 16:26 - 2012-10-12 16:26 - 00308224 ____A () C:\Windows\msisear.ex
2012-10-12 14:44 - 2012-10-12 14:44 - 00098304 ____A C:\Windows\Minidump\Mini101212-01.dmp
2012-10-12 14:08 - 2012-10-12 14:05 - 54932826 ____A C:\10122012208.TRS
2012-10-12 13:29 - 2012-10-12 13:29 - 00011419 ____A C:\Documents and Settings\admin\hs_err_pid4048.log
2012-10-11 18:12 - 2006-11-11 02:46 - 00000327 _RASH C:\boot.ini
2012-10-11 17:55 - 2012-10-11 17:55 - 00185585 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2012-10-11 17:55 - 2012-10-11 17:55 - 00177288 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2012-10-11 17:47 - 2012-10-11 17:47 - 00000036 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2012-10-11 16:48 - 2012-03-20 17:07 - 00001188 ____A C:\Documents and Settings\admin\Desktop\Shortcut to LEFT-HANDED AM STD STRAT.jpg.lnk
2012-10-11 16:48 - 2009-02-07 13:18 - 00001558 ____A C:\Documents and Settings\admin\Desktop\Price Lists.lnk
2012-10-11 14:54 - 2012-10-11 14:54 - 00049904 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-10-11 14:43 - 2012-10-11 14:25 - 00000168 ____A C:\Documents and Settings\All Users\Application Data\-1Nwbqw25s1wUfe
2012-10-11 14:33 - 2006-11-11 12:03 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
2012-10-11 13:05 - 2012-10-11 13:01 - 54918643 ____A C:\10112012105.TRS
2012-10-11 03:04 - 2012-10-10 11:33 - 00015523 ____A C:\Windows\KB2724197.log
2012-10-11 03:02 - 2012-10-11 03:02 - 00005445 ____A C:\Windows\KB2756822.log
2012-10-11 03:02 - 2012-10-10 11:33 - 00014114 ____A C:\Windows\KB2749655.log
2012-10-11 03:02 - 2007-02-18 04:02 - 00875290 ____A C:\Windows\System32\TZLog.log
2012-10-11 03:01 - 2012-10-10 11:33 - 00014130 ____A C:\Windows\KB2661254-v2.log
2012-10-09 17:58 - 2012-10-09 17:57 - 76255232 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 09, 2012 05 56 PM).QBB
2012-10-09 12:06 - 2012-10-09 12:02 - 54891187 ____A C:\100920121206.TRS
2012-10-08 18:20 - 2012-04-12 12:13 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-08 18:20 - 2011-05-17 17:41 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-06 15:52 - 2012-10-06 15:49 - 54877801 ____A C:\10062012352.TRS
2012-10-06 13:38 - 2012-10-06 13:35 - 54875054 ____A C:\10062012138.TRS
2012-10-05 17:16 - 2012-10-05 17:12 - 54866090 ____A C:\10052012516.TRS
2012-10-05 12:09 - 2012-10-05 12:05 - 54859695 ____A C:\100520121209.TRS
2012-10-04 17:38 - 2012-10-04 15:15 - 54851988 ____A C:\10042012538.TRS
2012-10-04 15:18 - 2012-10-04 15:15 - 54849685 ____A C:\10042012318.TRS
2012-10-04 13:55 - 2012-10-04 13:54 - 75943936 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Oct 04, 2012 01 53 PM).QBB
2012-10-02 14:12 - 2012-10-02 14:07 - 54824472 ____A C:\10022012212.TRS
2012-09-29 19:01 - 2011-12-31 19:13 - 00029021 ____A C:\Documents and Settings\admin\My Documents\ISOmonth_DVD.nri
2012-09-29 18:36 - 2011-12-03 19:20 - 00023683 ____A C:\Documents and Settings\admin\My Documents\ISO6_DVD.nri
2012-09-29 18:17 - 2006-11-12 03:12 - 00076284 ____A C:\Windows\wmsetup.log
2012-09-29 18:09 - 2012-09-29 18:06 - 54927763 ____A C:\09292012609.TRS
2012-09-29 17:15 - 2012-09-29 17:11 - 54927041 ____A C:\09292012515.TRS
2012-09-28 15:44 - 2012-09-28 15:40 - 54905727 ____A C:\09282012344.TRS
2012-09-28 00:32 - 2006-11-12 03:25 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-27 12:24 - 2012-09-27 12:20 - 54884899 ____A C:\092720121224.TRS
2012-09-26 19:29 - 2011-12-22 11:20 - 00041934 ____A C:\Documents and Settings\admin\My Documents\ISO3_DVD.nri
2012-09-26 13:00 - 2012-09-26 13:00 - 00164411 ____A C:\Documents and Settings\admin\My Documents\Gretsch August 2012 Electromatic Order form v2.xlsx
2012-09-26 12:23 - 2012-09-26 12:19 - 54872478 ____A C:\092620121223.TRS
2012-09-25 17:18 - 2012-09-25 17:18 - 75550720 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Sep 25, 2012 05 16 PM).QBB
2012-09-25 16:33 - 2012-09-25 16:30 - 54863876 ____A C:\09252012433.TRS
2012-09-22 16:05 - 2012-09-22 14:00 - 54834395 ____A C:\09222012405.TRS
2012-09-22 14:04 - 2012-09-22 14:00 - 52617968 ____A C:\09222012204.TRS
2012-09-21 13:47 - 2012-09-21 13:43 - 54818045 ____A C:\09212012147.TRS
2012-09-21 12:31 - 2012-09-21 12:31 - 75550720 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Sep 21, 2012 12 29 PM).QBB
2012-09-20 16:52 - 2012-09-20 16:47 - 54808027 ____A C:\09202012452.TRS
2012-09-19 16:29 - 2012-09-19 16:25 - 54793391 ____A C:\09192012429.TRS
2012-09-19 16:21 - 2012-06-22 14:23 - 00032477 ____A C:\Documents and Settings\admin\My Documents\Fender Sonic Boom Order Form 2012.xlsx
2012-09-18 11:35 - 2012-09-18 11:31 - 54776915 ____A C:\091820121135.TRS
2012-09-18 10:38 - 2012-09-18 10:38 - 00759960 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-09-15 15:26 - 2012-09-15 15:23 - 54748413 ____A C:\09152012326.TRS
2012-09-14 17:05 - 2012-09-14 17:01 - 54727697 ____A C:\09142012505.TRS
2012-09-13 16:59 - 2012-09-13 12:44 - 54714282 ____A C:\09132012459.TRS
2012-09-13 14:18 - 2006-11-28 17:26 - 00055296 ____A C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-13 13:40 - 2012-09-13 13:40 - 75534336 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Sep 13, 2012 01 38 PM).QBB
2012-09-13 12:48 - 2012-09-13 12:44 - 54712438 ____A C:\091320121248.TRS
2012-09-13 03:03 - 2012-09-13 03:02 - 00010268 ____A C:\Windows\KB2736233.log
2012-09-11 15:09 - 2012-06-22 14:21 - 00037290 ____A C:\Documents and Settings\admin\My Documents\Fender Sonic Boom Rebate Tracker 2012.xlsx
2012-09-11 13:26 - 2012-09-11 13:19 - 54687113 ____A C:\09112012126.TRS
2012-09-11 08:34 - 2007-01-29 04:58 - 00046080 ____A (Microsoft Corporation) C:\Windows\System32\tzchange.exe
2012-09-10 18:52 - 2012-09-10 18:49 - 54674914 ____A C:\09102012652.TRS
2012-09-10 15:24 - 2012-09-10 15:24 - 00054784 ____A C:\Documents and Settings\admin\My Documents\Erikson's Adjusted Statement Sep 5 2012.xls
2012-09-10 14:11 - 2012-09-10 14:07 - 54672926 ____A C:\09102012211.TRS
2012-09-07 14:23 - 2012-09-07 14:22 - 75538432 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Sep 07, 2012 02 21 PM).QBB
2012-09-07 10:40 - 2012-09-07 10:36 - 54635092 ____A C:\090720121040.TRS
2012-09-07 10:19 - 2010-03-08 20:14 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-09-05 06:32 - 2012-09-05 06:18 - 00000077 ____A C:\Documents and Settings\admin\Application Data\Rim.Transcoder.Exception.log
2012-09-05 06:32 - 2012-05-22 18:23 - 00005625 ____A C:\Documents and Settings\admin\Application Data\Rim.Desktop.Exception.log
2012-09-05 06:32 - 2012-05-22 18:23 - 00000462 ____A C:\Documents and Settings\admin\Application Data\Rim.DesktopHelper.Exception.log
2012-09-05 06:14 - 2012-05-22 18:22 - 00002161 ____A C:\Documents and Settings\admin\Application Data\Rim.Desktop.HttpServerSetup.log
2012-09-03 11:31 - 2012-09-03 11:27 - 54591893 ____A C:\090320121131.TRS
2012-08-31 15:00 - 2012-08-31 15:00 - 74977280 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Aug 31, 2012 02 58 PM).QBB
2012-08-31 12:54 - 2012-08-31 12:48 - 54788670 ____A C:\083120121254.TRS
2012-08-30 22:03 - 2012-08-30 22:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 12:32 - 2012-08-30 12:28 - 54774517 ____A C:\083020121232.TRS
2012-08-28 20:44 - 2007-05-09 05:08 - 11111424 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2012-08-28 20:44 - 2006-11-07 22:03 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-28 11:49 - 2012-08-28 11:45 - 54746309 ____A C:\082820121149.TRS
2012-08-28 11:14 - 2012-06-12 22:40 - 00521728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2012-08-28 11:14 - 2010-06-10 18:48 - 00743424 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2012-08-28 11:14 - 2009-06-10 15:32 - 00247808 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2012-08-28 11:14 - 2009-06-10 15:32 - 00012800 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2012-08-28 11:14 - 2007-05-09 05:08 - 02000384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2012-08-28 11:14 - 2007-05-09 05:08 - 00630272 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2012-08-28 11:14 - 2007-05-09 05:08 - 00055296 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2012-08-28 11:14 - 2006-11-07 22:03 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-28 11:14 - 2006-11-07 22:03 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-28 11:14 - 2006-10-17 12:57 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 06008832 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 06008832 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 01469440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2012-08-28 11:14 - 2003-03-31 08:00 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-28 11:14 - 2003-03-31 08:00 - 01212416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00916992 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00611840 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00387584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00206848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00184320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00105984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00067072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00025600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2012-08-28 11:14 - 2003-03-31 08:00 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-28 08:07 - 2006-11-12 03:11 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-28 08:07 - 2003-03-31 08:00 - 00174080 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2012-08-28 08:07 - 2003-03-31 08:00 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-27 14:44 - 2012-08-27 14:44 - 74895360 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Aug 27, 2012 02 42 PM).QBB
2012-08-27 12:21 - 2012-08-27 12:17 - 54732212 ____A C:\082720121221.TRS
2012-08-25 15:44 - 2012-08-25 15:41 - 54721803 ____A C:\08252012344.TRS
2012-08-25 14:03 - 2006-11-28 17:26 - 00000116 ____A C:\Windows\NeroDigital.ini
2012-08-25 13:52 - 2010-03-26 21:52 - 00018111 ____A C:\Documents and Settings\admin\My Documents\ISO5_DVD.nri
2012-08-24 14:22 - 2012-08-24 14:19 - 54701243 ____A C:\08242012222.TRS
2012-08-24 13:51 - 2012-08-24 13:51 - 00080384 ____A C:\Documents and Settings\admin\My Documents\JCM900106947.xls
2012-08-24 12:16 - 2012-08-24 12:12 - 54698085 ____A C:\082420121216.TRS
2012-08-24 09:53 - 2003-03-31 08:00 - 00177664 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wintrust.dll
2012-08-24 09:53 - 2003-03-31 08:00 - 00177664 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-23 13:59 - 2012-08-23 13:58 - 75010048 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Aug 23, 2012 01 56 PM).QBB
2012-08-23 13:46 - 2012-08-23 13:43 - 54688615 ____A C:\08232012146.TRS
2012-08-22 11:38 - 2012-08-22 11:35 - 54676331 ____A C:\082220121139.TRS
2012-08-21 13:01 - 2012-10-16 13:39 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 13:01 - 2012-08-21 13:01 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-08-21 12:42 - 2012-08-21 12:39 - 54659536 ____A C:\082120121242.TRS
2012-08-21 09:33 - 2003-03-31 08:00 - 02148864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2012-08-21 09:33 - 2003-03-31 08:00 - 02148864 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-21 09:29 - 2008-10-15 07:52 - 02192896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2012-08-21 08:58 - 2008-10-15 07:51 - 02069632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2012-08-21 08:58 - 2002-08-28 21:04 - 02027520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2012-08-21 08:58 - 2002-08-28 21:04 - 02027520 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-20 15:52 - 2012-08-20 11:47 - 54648145 ____A C:\08202012352.TRS
2012-08-20 11:51 - 2012-08-20 11:47 - 54646045 ____A C:\082020121151.TRS
2012-08-18 17:09 - 2012-08-18 17:05 - 54632715 ____A C:\08182012509.TRS
2012-08-18 11:04 - 2012-08-18 11:04 - 74858496 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Aug 18, 2012 11 02 AM).QBB
2012-08-18 10:59 - 2012-08-18 10:55 - 54625955 ____A C:\081820121059.TRS
2012-08-17 15:24 - 2012-08-17 15:21 - 54607444 ____A C:\08172012324.TRS
2012-08-17 14:26 - 2012-08-17 13:22 - 54606297 ____A C:\08172012226.TRS
2012-08-17 13:26 - 2012-08-17 13:22 - 54604156 ____A C:\08172012126.TRS
2012-08-16 17:12 - 2012-08-16 17:08 - 54590519 ____A C:\08162012512.TRS
2012-08-16 12:49 - 2012-08-16 12:48 - 74719232 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Aug 16, 2012 12 46 PM).QBB
2012-08-16 12:09 - 2012-08-16 12:05 - 54586287 ____A C:\081620121209.TRS
2012-08-15 03:04 - 2012-08-15 03:04 - 00012726 ____A C:\Windows\KB2731847.log
2012-08-15 03:04 - 2012-08-14 20:46 - 00017637 ____A C:\Windows\KB2712808.log
2012-08-15 03:02 - 2012-08-15 03:02 - 00011346 ____A C:\Windows\KB2723135.log
2012-08-15 03:02 - 2012-08-15 03:00 - 00015783 ____A C:\Windows\KB2722913-IE8.log
2012-08-15 03:02 - 2012-08-14 20:45 - 00017242 ____A C:\Windows\KB2705219.log
2012-08-14 17:37 - 2012-08-14 10:32 - 54558930 ____A C:\08142012537.TRS
2012-08-14 10:37 - 2012-08-14 10:32 - 54553200 ____A C:\081420121037.TRS
2012-08-13 15:39 - 2012-08-13 15:12 - 54542059 ____A C:\08132012339.TRS
2012-08-13 15:16 - 2012-08-13 15:12 - 54541863 ____A C:\08132012316.TRS
2012-08-11 12:19 - 2012-08-11 12:17 - 54529171 ____A C:\081120121219.TRS
2012-08-10 17:15 - 2012-08-10 17:12 - 54517194 ____A C:\08102012515.TRS
2012-08-10 13:12 - 2012-08-10 13:08 - 54513450 ____A C:\08102012112.TRS
2012-08-09 14:14 - 2012-08-09 14:10 - 54497530 ____A C:\08092012214.TRS
2012-08-07 18:46 - 2012-08-07 18:46 - 74694656 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Aug 07, 2012 06 44 PM).QBB
2012-08-07 17:44 - 2012-08-07 17:41 - 54470606 ____A C:\08072012544.TRS
2012-08-07 14:18 - 2012-08-07 14:14 - 54467857 ____A C:\08072012218.TRS
2012-08-04 13:23 - 2012-08-04 12:12 - 54454234 ____A C:\08042012123.TRS
2012-08-04 12:16 - 2012-08-04 12:12 - 54453870 ____A C:\080420121216.TRS
2012-08-03 13:23 - 2012-08-03 13:14 - 54437462 ____A C:\08032012123.TRS
2012-08-02 18:57 - 2012-08-02 18:54 - 54434428 ____A C:\08022012657.TRS
2012-07-31 18:36 - 2012-07-31 18:36 - 74694656 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Jul 31, 2012 06 34 PM).QBB
2012-07-31 13:24 - 2012-07-31 13:21 - 54556757 ____A C:\07312012124.TRS
2012-07-30 18:34 - 2012-07-30 18:34 - 74690560 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Jul 30, 2012 06 32 PM).QBB
2012-07-30 18:32 - 2012-07-30 18:32 - 00080896 ____A C:\Documents and Settings\admin\My Documents\Trial Balance HST Apr 1 - Jun 30 2012.xls
2012-07-30 17:30 - 2012-07-30 17:30 - 00072704 ____A C:\Documents and Settings\admin\My Documents\Preliminary Trial Balance.xls
2012-07-30 13:15 - 2012-07-30 11:36 - 54544849 ____A C:\07302012115.TRS
2012-07-30 11:45 - 2012-07-30 11:44 - 74649600 ____A C:\Documents and Settings\admin\My Documents\Picker's Alley (Backup Jul 30, 2012 11 43 AM).QBB

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

itLEAKED · Oct 26, 2012

==================== Restore Points (XP) =====================
RP: -> 2012-10-16 10:07 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP9
RP: -> 2012-10-16 10:06 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP8
RP: -> 2012-10-15 19:10 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP7
RP: -> 2012-10-15 19:09 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP6
RP: -> 2012-10-15 19:08 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP5
RP: -> 2012-10-15 17:18 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP4
RP: -> 2012-10-26 19:10 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP35
RP: -> 2012-10-25 23:54 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP34
RP: -> 2012-10-25 19:24 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP33
RP: -> 2012-10-25 17:27 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP32
RP: -> 2012-10-25 00:21 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP31
RP: -> 2012-10-24 17:27 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP30
RP: -> 2012-10-15 14:57 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP3
RP: -> 2012-10-24 00:21 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP29
RP: -> 2012-10-23 17:32 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP28
RP: -> 2012-10-23 00:02 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP27
RP: -> 2012-10-22 22:06 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP26
RP: -> 2012-10-22 00:01 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP25
RP: -> 2012-10-21 22:06 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP24
RP: -> 2012-10-21 00:01 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP23
RP: -> 2012-10-20 00:02 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP22
RP: -> 2012-10-18 23:41 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP21
RP: -> 2012-10-18 13:23 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP20
RP: -> 2012-10-15 13:55 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP2
RP: -> 2012-10-18 10:27 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP19
RP: -> 2012-10-18 03:00 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP18
RP: -> 2012-10-18 00:21 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP17
RP: -> 2012-10-17 20:08 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP16
RP: -> 2012-10-17 19:11 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP15
RP: -> 2012-10-17 14:49 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP14
RP: -> 2012-10-16 13:37 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP13
RP: -> 2012-10-16 13:31 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP12
RP: -> 2012-10-16 10:11 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP11
RP: -> 2012-10-16 10:10 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP10
RP: -> 2012-10-15 12:41 - 028672 _restore{3544E2E3-4771-484B-9645-401B1CCB7178}\RP1
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2047.11 MB
Available physical RAM: 1763.38 MB
Total Pagefile: 1877.75 MB
Available Pagefile: 1810.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB
==================== Partitions =============================
2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (Your C Drive) (Fixed) (Total:232.88 GB) (Free:142.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:665.42 GB) NTFS
5 Drive e: (WP) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
8 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 4 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 32 KB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D FreeAgent D NTFS Partition 932 GB Healthy
=========================================================
Partitions of Disk 4:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB
Partition 2 Unknown 10 MB 233 GB
=========================================================
Disk: 4
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C Your C Driv NTFS Partition 233 GB Healthy
=========================================================
Disk: 4
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 Partition 10 MB Healthy
=========================================================
==================== End Of Log ============================

itLEAKED · Oct 26, 2012

Farbar Recovery Scan Tool (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-27 00:11:58
Running from E:\
================== Search: "services.exe" ===================
C:\WINDOWS\system32\services.exe
[2003-03-31 08:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\system32\dllcache\services.exe
[2003-03-31 08:00] - [2009-02-06 07:11] - 0110592 ___AC (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\ServicePackFiles\i386\services.exe
[2006-11-12 03:10] - [2008-04-13 20:12] - 0108544 ___AC (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\WINDOWS\erdnt\cache\services.exe
[2012-10-11 18:55] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-04-17 03:03] - [2008-04-13 20:12] - 0108544 ___AC (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2008-07-11 21:28] - [2004-08-04 04:56] - 0108032 ___AC (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-04-16 19:11] - [2009-02-06 07:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
=== End Of Search ===

itLEAKED · Oct 26, 2012

That is all the info that was in those 2 logs.

Jay Pfoutz · Oct 27, 2012

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
1 cqgbqjuu; \??\F:\WINDOWS\system32\drivers\cqgbqjuu.sys [x]
1 cqhzefuw; \??\F:\WINDOWS\system32\drivers\cqhzefuw.sys [x]
3 MFE_RR; \??\F:\DOCUME~1\admin\LOCALS~1\Temp\mfe_rr.sys [x]
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

itLEAKED · Oct 28, 2012

Just to clarify. System Recovery Options will be available with or without the XP disc?

Jay Pfoutz · Oct 28, 2012

You have to be in OTLPE in order to start FRST and run the disc.

itLEAKED · Oct 29, 2012

So boot up like I did to do the FRST scan the first time?
Or am I doing something different this time?

Jay Pfoutz · Oct 30, 2012

Same as before.

itLEAKED · Oct 31, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2012
Ran by SYSTEM at 2012-10-31 22:29:59 Run:1
Running from E:\

==============================================

cqgbqjuu service deleted successfully.
cqhzefuw service deleted successfully.
MFE_RR service deleted successfully.

==== End of Fixlog ====

Jay Pfoutz · Nov 1, 2012

Good. Is it able to operate stably in Normal Mode or Safe Mode?

Inactive Problems with SIREFEF.AB

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 15 +0

Posts: 4,279 +49

Posts: 4,279 +49

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Similar threads