dwcre

Everything cleaned up and working normal. Thank you! David

Sorry. Work backed up. My IT guy got back from vacation and stopped by. We installed MS Security Essentials which overrides Windows Defender. This resolved my remaining issue. Thanks again for your help. This was a nightmare at the worst possible time. How do I close the thread?

I renamed the folder without .old and my problem downloading attachments returned. I renamed it .old again and the problem went away.

Everything seems to be fine except Windows Defender. Since I changed the folder name, the paths do not work. In services, it is not running. Desciption reads: <Failed to Read Description. Error Code: 2>

This looks more like it: All processes killed ========== FILES ========== C:\Program Files\Windows Defender.old\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU6BIMH7\index[1].htm moved successfully. File/Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU6BIMH7\index[1].htm not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 15007710 bytes ->Temporary Internet Files folder emptied: 47281124 bytes ->Java cache emptied: 13425894 bytes ->Flash cache emptied: 705 bytes User: Administrator.DCR-server ->Temp folder emptied: 2124735 bytes ->Temporary Internet Files folder emptied: 19875983 bytes ->Java cache emptied: 25495460 bytes ->FireFox cache emptied: 14240133 bytes ->Flash cache emptied: 596 bytes User: All Users User: Chuck ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 9183613 bytes ->Java cache emptied: 25493434 bytes ->Flash cache emptied: 560 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DWCross ->Temp folder emptied: 12306194 bytes ->Temporary Internet Files folder emptied: 58759103 bytes ->Java cache emptied: 121243327 bytes ->FireFox cache emptied: 32818743 bytes ->Flash cache emptied: 36545 bytes User: Public User: QBDataServiceUser19 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: QBDataServiceUser21 ->Temp folder emptied: 1554432 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Rosabelle ->Temp folder emptied: 103545404 bytes ->Temporary Internet Files folder emptied: 31036623 bytes ->Java cache emptied: 36569108 bytes ->Flash cache emptied: 492 bytes User: TEMP %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 350336 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 158051013 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 740 bytes RecycleBin emptied: 3845562 bytes Total Files Cleaned = 698.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 07252013_154411

All processes killed Error: Unable to interpret <:FilesC:\Program Files\Windows Defender.old\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU6BIMH7\index[1].htmC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU6BIMH7\index[1].htm:Commands[EmptyTemp]> in the current context! OTM by OldTimer - Version 3.1.21.0 log created on 07252013_121052 Is this what the log should look like? Before I got to you, I changed the Windows Defender filename to Windows Defender.old trying to fix my issues. Got that from another forum site. Should I change name back and run OTM again?

I found my Remote Desktop issue. The exception box on Windows Firewall got unchecked during one of the processes we did yesterday

Here is the ESET scan: C:\Installs\Tools\Tools\ipscan.exe Win32/NetTool.Portscan.C application C:\Installs\Tools\Tools\system tools\ipscan.exe Win32/NetTool.Portscan.C application C:\Installs\Tools\Tools\Utilities\ipscan.exe Win32/NetTool.Portscan.C application C:\Program Files\Windows Defender.old\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU6BIMH7\index[1].htm HTML/Iframe.B.Gen virus C:\Users\Administrator.DCR-server\Downloads\7-ZipInstaller.exe Win32/FreeInstaller application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU6BIMH7\index[1].htm HTML/Iframe.B.Gen virus

Ran the services repair tool. Now I can't connect to server via Remote Desktop. I was able to go to server and log in. Windows Update is now working. What could have affected Remote Desktop?

Sorry. Missed that one. Here it is. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-07-2013 Ran by DWCross at 2013-07-24 18:20:23 Run:1 Running from C:\Users\DWCross\firefoxdownloads Boot Mode: Normal ============================================== HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll C:\Users\DWCross\AppData\Local\Temp\is7732.tmp => Moved successfully. "C:\Users\DWCross\AppData\Local\Temp\2" directory move: C:\Users\DWCross\AppData\Local\Temp\2\AdobeARM.log => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\DIO6807.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\DIO8D41.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\DIO9BF3.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\DIODC6C.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\DWCross.bmp => Moved successfully. Could not move "C:\Users\DWCross\AppData\Local\Temp\2\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot. C:\Users\DWCross\AppData\Local\Temp\2\hpqddusr.log => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\MAR3A12.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\MAR3EE4.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\Rocky Mt Counter offer.pdf => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\Set539C.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\setAB9B.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\STSBD10.tmp => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\Twiford.IV.Perry.2013.PDF => Moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\_iu14D2N.tmp => Moved successfully. Could not move "C:\Users\DWCross\AppData\Local\Temp\2\~DF989E.tmp" => Scheduled to move on reboot. C:\Users\DWCross\AppData\Local\Temp\2\{864FD942-BB52-405E-B441-DD8C239EDCDE}\{AA7D3354-2F37-4153-8500-CDC665E01CBB}\install.log => Moved successfully. Could not move "C:\Users\DWCross\AppData\Local\Temp\2\sv7e6.tmp\sv7e9.tmp" => Scheduled to move on reboot. C:\Users\DWCross\AppData\Local\Temp\2\ImageDebug\AutoPosToneMap.txt => Moved successfully. Could not move "C:\Users\DWCross\AppData\Local\Temp\2" directory. => Scheduled to move on reboot. C:\$Recycle.Bin\S-1-5-21-3478161825-3527343326-2822658981-1000\$0f63b47f65cedf7ef0bcba0f2d84c016 => Moved successfully. C:\$Recycle.Bin\S-1-5-18\$0f63b47f65cedf7ef0bcba0f2d84c016 => Deleted successfully. C:\Users\DWCross\GoToAssistDownloadHelper.exe => Moved successfully. =========== Result of Scheduled Files to move =========== C:\Users\DWCross\AppData\Local\Temp\2\FXSAPIDebugLogFile.txt => Is moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\~DF989E.tmp => Is moved successfully. C:\Users\DWCross\AppData\Local\Temp\2\sv7e6.tmp\sv7e9.tmp => Is moved successfully. C:\Users\DWCross\AppData\Local\Temp\2 => Moved successfully. ==== End of Fixlog ====

I have one issue remaining. I still cannot access Windows Update. The message says: "Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer." This is the same message I was getting before.

Here are the logs: Rkill 2.5.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/24/2013 06:27:00 PM in x86 mode. Windows Version: Windows Server ® 2008 Standard Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * ALERT: ZEROACCESS Reparse Point/Junction found! * C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6001.18000_none_b5980035bb993743\MpEvMsg.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll => c:\windows\system32\config [File] * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll => c:\windows\system32\config [File] * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 07/24/2013 06:28:14 PM Execution time: 0 hours(s), 1 minute(s), and 14 seconds(s) First AdwCleaner log: # AdwCleaner v2.306 - Logfile created 07/24/2013 at 18:31:16 # Updated 19/07/2013 by Xplode # Operating system : Windows Server ® 2008 Standard Service Pack 2 (32 bits) # User : DWCross - DCR-SERVER # Boot Mode : Normal # Running from : C:\Users\DWCross\firefoxdownloads\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Freecause Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\InstallIQ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\DWCross\AppData\Roaming\Mozilla\Firefox\Profiles\s2u3svcc.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1437 octets] - [24/07/2013 18:31:16] ########## EOF - C:\AdwCleaner[R1].txt - [1497 octets] ########## Next ADWCleaner log: # AdwCleaner v2.306 - Logfile created 07/24/2013 at 18:31:47 # Updated 19/07/2013 by Xplode # Operating system : Windows Server ® 2008 Standard Service Pack 2 (32 bits) # User : DWCross - DCR-SERVER # Boot Mode : Normal # Running from : C:\Users\DWCross\firefoxdownloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\InstallIQ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\DWCross\AppData\Roaming\Mozilla\Firefox\Profiles\s2u3svcc.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1566 octets] - [24/07/2013 18:31:16] AdwCleaner[s1].txt - [1515 octets] - [24/07/2013 18:31:47] ########## EOF - C:\AdwCleaner[s1].txt - [1575 octets] ########## MBAM log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.24.07 Windows Server 2008 Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 DWCross :: DCR-SERVER [administrator] 7/24/2013 6:40:12 PM mbam-log-2013-07-24 (18-40-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 367572 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) THANK YOU! THANK YOU! I went to IE and was able to download and open attachment in email. This was a major issue for me as I send and receive contracts and other important docs multiple times daily. Many of the sites I utilize regularly require IE to work and open files. THANK YOU!

Here is the FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013 Ran by DWCross (administrator) on 24-07-2013 17:38:40 Running from C:\Users\DWCross\firefoxdownloads Microsoft® Windows Server® 2008 Standard Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\LogonUI.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Microsoft Corporation) C:\Windows\system32\locator.exe (Dyn, Inc.) C:\Program Files\DynDNS Updater\DynUpSvc.exe (Microsoft Corporation) C:\Windows\system32\fxssvc.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\system32\rdpclip.exe (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe () C:\Windows\System32\kygaSM.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Dyn, Inc.) C:\Program Files\DynDNS Updater\DynTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Kyocera) C:\Program Files\Kyocera\FS-1016MFP_FS-1116MFP\FS-1016MFP\QLINK.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [updateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-15] (Cyberlink Corp.) HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-09] () HKLM\...\Run: [uCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM\...\Run: [intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.) HKLM\...\Run: [] - [x] HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2387968 2009-01-28] (Hewlett-Packard Company) HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3478161825-3527343326-2822658981-1000\$0f63b47f65cedf7ef0bcba0f2d84c016\n. ATTENTION! ====> ZeroAccess? MountPoints2: {bc56c744-75f3-11de-a91a-806e6f6e6963} - D:\BlueBirds.exe HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-01-28] (Hewlett-Packard Company) HKU\Administrator.DCR-server\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-01-28] (Hewlett-Packard Company) HKU\Chuck\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-01-28] (Hewlett-Packard Company) HKU\QBDataServiceUser19\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-01-28] (Hewlett-Packard Company) HKU\Rosabelle\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-01-28] (Hewlett-Packard Company) HKU\Rosabelle\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2013-05-01] (Apple Inc.) HKU\TEMP\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-01-28] (Hewlett-Packard Company) Lsa: [Notification Packages] scecli RASSFM Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Administrator.DCR-server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk ShortcutTarget: Dyn Updater Tray Icon.lnk -> C:\Program Files\DynDNS Updater\DynTray.exe (Dyn, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Print Software.lnk ShortcutTarget: Marketsplash Print Software.lnk -> C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) Startup: C:\Users\DWCross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Rosabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Rosabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mail.crossre.com/interfaces/sso/login.php http://www.navicamls.net/ https://www.schwab.com/public/schwab/client_home BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation) Tcpip\..\Interfaces\{830E54FB-1968-4054-B754-2D2B11CA9BB2}: [NameServer]216.146.35.35,216.146.36.36,8.8.8.8,10.0.0.2 FireFox: ======== FF ProfilePath: C:\Users\DWCross\AppData\Roaming\Mozilla\Firefox\Profiles\s2u3svcc.default FF Homepage: hxxp://my.yahoo.com/|hxxp://mail.crossre.com/interfaces/sso/login.php|https://www.schwab.com/public/schwab/client_home|hxxp://www.navicamls.net/|hxxp://blog.commercialsource.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ========================== Services (Whitelisted) ================= R2 Dyn Updater; C:\Program Files\DynDNS Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.) S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [22016 2008-01-19] (Microsoft Corporation) R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) R3 QuickBooksDB21; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [679936 2010-04-28] (Intuit, Inc.) R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-13] () S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [78336 2009-04-11] (Microsoft Corporation) S3 sacsvr; C:\Windows\system32\sacsvr.dll [13312 2008-01-19] (Microsoft Corporation) R2 TermServLicensing; C:\Windows\System32\lserver.dll [468992 2009-04-11] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-19] (Microsoft Corporation) R0 inic1620; C:\Windows\System32\DRIVERS\inic1620.sys [20480 2005-08-30] (Initio Corp.) S4 ioatdma; C:\Windows\system32\drivers\qd26032.sys [31232 2008-01-19] (Intel Corporation) R0 phylock; C:\Windows\System32\drivers\phylock.sys [20960 2010-06-08] (TeraByte, Inc.) S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [88632 2008-01-19] (Microsoft Corporation) S3 TBIMount; C:\Windows\System32\drivers\tbimount.sys [87648 2010-12-01] (TeraByte, Inc.) S4 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [x] S4 s3cap; \SystemRoot\system32\drivers\s3cap.sys [x] S3 slabbus; system32\DRIVERS\slabbus.sys [x] S3 slabser; system32\DRIVERS\slabser.sys [x] S0 storflt; system32\drivers\storflt.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-07-24 17:38 - 2013-07-24 17:38 - 00000000 ____D C:\FRST 2013-07-24 16:11 - 2013-07-24 16:11 - 00002461 _____ C:\Users\DWCross\Desktop\RKreport[0]_S_07242013_161146.txt 2013-07-24 15:50 - 2013-07-24 15:50 - 00000000 _____ C:\Users\DWCross\AppData\Local\Temp\is7732.tmp 2013-07-24 15:34 - 2013-07-24 15:34 - 00002427 _____ C:\Users\DWCross\Desktop\RKreport[0]_S_07242013_153439.txt 2013-07-24 14:58 - 2013-07-24 14:58 - 00002394 _____ C:\Users\DWCross\Desktop\RKreport[0]_S_07242013_145800.txt 2013-07-24 14:56 - 2013-07-24 15:33 - 00000000 ____D C:\Users\DWCross\Desktop\RK_Quarantine 2013-07-24 14:54 - 2013-07-24 17:38 - 00000000 ____D C:\Users\DWCross\AppData\Local\Temp\2 2013-07-24 13:49 - 2013-07-24 13:49 - 00915968 _____ C:\Users\DWCross\Downloads\RogueKiller.exe 2013-07-18 10:54 - 2013-07-18 10:54 - 00000000 ____D C:\Users\Administrator.DCR-server\AppData\Roaming\Apple Computer 2013-07-11 09:32 - 2013-07-11 09:32 - 00000000 ____D C:\Users\Rosabelle\AppData\Roaming\Apple Computer 2013-07-11 09:02 - 2013-07-11 09:02 - 00000000 ____D C:\Users\DWCross\AppData\Roaming\Apple Computer 2013-07-10 18:10 - 2013-07-24 11:42 - 00002859 _____ C:\Users\DWCross\AppData\Local\Temp\qtplugin.log 2013-07-10 18:10 - 2013-07-24 11:42 - 00001726 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-07-10 18:10 - 2013-07-24 11:42 - 00001336 _____ C:\Users\DWCross\AppData\Local\Temp\QTInstallCode.log 2013-07-10 18:10 - 2013-07-24 11:42 - 00000000 ____D C:\Program Files\QuickTime 2013-07-10 18:10 - 2013-07-10 18:10 - 00000000 ____D C:\ProgramData\Apple Computer 2013-07-10 18:10 - 2013-07-10 18:10 - 00000000 ____D C:\ProgramData\Apple 2013-07-10 18:10 - 2013-07-10 18:10 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-07-10 18:10 - 2013-07-10 18:10 - 00000000 ____D C:\Program Files\Apple Software Update 2013-07-10 08:39 - 2013-07-10 08:39 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-07-10 08:39 - 2013-07-10 08:39 - 00000000 ____D C:\ProgramData\Mozilla 2013-07-10 08:39 - 2013-07-10 08:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-10 08:39 - 2013-07-10 08:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-08 14:10 - 2013-07-08 14:10 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-08 13:34 - 2013-07-08 13:34 - 00017161 _____ C:\Users\DWCross\AppData\Local\Temp\hppldcoi.log ==================== One Month Modified Files and Folders ======= 2013-07-24 17:38 - 2013-07-24 17:38 - 00000000 ____D C:\FRST 2013-07-24 17:38 - 2013-07-24 14:54 - 00000000 ____D C:\Users\DWCross\AppData\Local\Temp\2 2013-07-24 17:37 - 2009-09-11 10:50 - 00000438 ____H C:\Windows\Tasks\User_Feed_Synchronization-{7D14696C-0A7D-44A1-BEB4-1713A412BA5E}.job 2013-07-24 17:37 - 2009-07-22 14:08 - 00000438 ____H C:\Windows\Tasks\User_Feed_Synchronization-{DA4F1057-CD51-4527-822A-AAD1E051C25F}.job 2013-07-24 17:37 - 2008-01-19 07:35 - 00004832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-24 17:37 - 2008-01-19 07:35 - 00004832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-24 17:34 - 2009-09-11 11:21 - 00000422 ____H C:\Windows\Tasks\User_Feed_Synchronization-{83EFDFF2-5E39-4116-BCE5-DC4692CB4561}.job 2013-07-24 17:08 - 2011-05-12 12:03 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-24 16:54 - 2012-04-03 07:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-24 16:11 - 2013-07-24 16:11 - 00002461 _____ C:\Users\DWCross\Desktop\RKreport[0]_S_07242013_161146.txt 2013-07-24 16:11 - 2009-07-22 14:12 - 00000000 ___RD C:\Users\DWCross\Desktop 2013-07-24 15:57 - 2009-07-22 14:12 - 00000000 ____D C:\Users\DWCross 2013-07-24 15:57 - 2008-01-19 05:40 - 00000000 __RHD C:\Users\Public\Desktop 2013-07-24 15:57 - 2008-01-19 04:45 - 00000188 _____ C:\Windows\win.ini 2013-07-24 15:54 - 2010-06-17 15:00 - 00000000 ____D C:\Program Files\Schwab 2013-07-24 15:52 - 2009-07-30 14:26 - 00000000 ____D C:\Rfwin 2013-07-24 15:52 - 2009-07-16 16:06 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-07-24 15:50 - 2013-07-24 15:50 - 00000000 _____ C:\Users\DWCross\AppData\Local\Temp\is7732.tmp 2013-07-24 15:50 - 2009-09-11 11:28 - 00000000 ___RD C:\Users\Administrator.DCR-server\Desktop 2013-07-24 15:50 - 2009-09-11 11:11 - 00000000 ___RD C:\Users\Chuck\Desktop 2013-07-24 15:50 - 2009-09-09 13:21 - 00000000 ____D C:\Program Files\Google 2013-07-24 15:50 - 2009-07-30 12:00 - 00000000 ___RD C:\Users\Rosabelle\Desktop 2013-07-24 15:50 - 2009-07-22 14:04 - 00000000 ___RD C:\Users\QBDataServiceUser19\Desktop 2013-07-24 15:34 - 2013-07-24 15:34 - 00002427 _____ C:\Users\DWCross\Desktop\RKreport[0]_S_07242013_153439.txt 2013-07-24 15:33 - 2013-07-24 14:56 - 00000000 ____D C:\Users\DWCross\Desktop\RK_Quarantine 2013-07-24 15:09 - 2012-12-21 16:09 - 00000382 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2013-07-24 14:58 - 2013-07-24 14:58 - 00002394 _____ C:\Users\DWCross\Desktop\RKreport[0]_S_07242013_145800.txt 2013-07-24 14:58 - 2008-01-19 04:56 - 00735158 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-24 14:54 - 2011-05-12 12:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-24 14:54 - 2009-08-21 15:37 - 00000000 ____D C:\Windows\system32\lserver 2013-07-24 14:54 - 2009-08-21 15:37 - 00000000 ____D C:\Windows\Application Compatibility Scripts 2013-07-24 14:54 - 2009-07-22 14:12 - 00000000 ____D C:\Users\DWCross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools 2013-07-24 14:54 - 2008-01-19 07:47 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-24 14:42 - 2008-01-19 07:47 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-24 13:49 - 2013-07-24 13:49 - 00915968 _____ C:\Users\DWCross\Downloads\RogueKiller.exe 2013-07-24 13:25 - 2009-09-25 13:19 - 00001356 _____ C:\Users\Administrator.DCR-server\AppData\Local\d3d9caps.dat 2013-07-24 13:17 - 2009-09-11 11:28 - 00000000 ____D C:\Users\Administrator.DCR-server 2013-07-24 11:42 - 2013-07-10 18:10 - 00002859 _____ C:\Users\DWCross\AppData\Local\Temp\qtplugin.log 2013-07-24 11:42 - 2013-07-10 18:10 - 00001726 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-07-24 11:42 - 2013-07-10 18:10 - 00001336 _____ C:\Users\DWCross\AppData\Local\Temp\QTInstallCode.log 2013-07-24 11:42 - 2013-07-10 18:10 - 00000000 ____D C:\Program Files\QuickTime 2013-07-24 09:43 - 2009-07-22 14:02 - 00000000 ____D C:\Users\Public\Documents\Intuit 2013-07-24 09:20 - 2009-08-03 08:20 - 00001356 _____ C:\Users\Rosabelle\AppData\Local\d3d9caps.dat 2013-07-23 23:10 - 2013-06-12 16:42 - 00000508 _____ C:\Windows\Tasks\Image for Windows - Task 2.job 2013-07-23 22:00 - 2013-01-07 14:08 - 00000508 _____ C:\Windows\Tasks\Image for Windows - Task 1.job 2013-07-18 19:37 - 2012-04-03 07:59 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-07-18 19:37 - 2011-05-20 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-07-18 10:54 - 2013-07-18 10:54 - 00000000 ____D C:\Users\Administrator.DCR-server\AppData\Roaming\Apple Computer 2013-07-17 19:03 - 2009-08-21 12:35 - 00000000 ____D C:\Users\Rosabelle\AppData\Roaming\Adobe 2013-07-15 10:15 - 2009-07-22 13:44 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-07-11 09:32 - 2013-07-11 09:32 - 00000000 ____D C:\Users\Rosabelle\AppData\Roaming\Apple Computer 2013-07-11 09:02 - 2013-07-11 09:02 - 00000000 ____D C:\Users\DWCross\AppData\Roaming\Apple Computer 2013-07-10 18:10 - 2013-07-10 18:10 - 00000000 ____D C:\ProgramData\Apple Computer 2013-07-10 18:10 - 2013-07-10 18:10 - 00000000 ____D C:\ProgramData\Apple 2013-07-10 18:10 - 2013-07-10 18:10 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-07-10 18:10 - 2013-07-10 18:10 - 00000000 ____D C:\Program Files\Apple Software Update 2013-07-10 15:10 - 2011-05-02 16:19 - 00091451 _____ C:\Users\DWCross\Desktop\RETMonthly.xls_0.ods 2013-07-10 08:39 - 2013-07-10 08:39 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-07-10 08:39 - 2013-07-10 08:39 - 00000000 ____D C:\ProgramData\Mozilla 2013-07-10 08:39 - 2013-07-10 08:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-10 08:39 - 2013-07-10 08:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-10 08:39 - 2010-01-06 23:31 - 00000000 ____D C:\Users\DWCross\AppData\Roaming\Mozilla 2013-07-10 08:29 - 2009-07-22 14:32 - 00000000 ____D C:\Installs 2013-07-08 14:10 - 2013-07-08 14:10 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-08 14:10 - 2011-10-13 17:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-08 13:34 - 2013-07-08 13:34 - 00017161 _____ C:\Users\DWCross\AppData\Local\Temp\hppldcoi.log 2013-07-04 10:53 - 2009-07-30 09:50 - 00000000 ___RD C:\Data 2013-06-24 10:06 - 2009-07-22 14:01 - 00000090 _____ C:\Windows\QBChanUtil_Trigger.ini ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3478161825-3527343326-2822658981-1000\$0f63b47f65cedf7ef0bcba0f2d84c016 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$0f63b47f65cedf7ef0bcba0f2d84c016 Files to move or delete: ==================== C:\Users\DWCross\GoToAssistDownloadHelper.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-24 15:00 ==================== End Of Log ============================ and the Addition log: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-07-2013 Ran by DWCross at 2013-07-24 17:38:55 Running from C:\Users\DWCross\firefoxdownloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 32 Bit HP CIO Components Installer (Version: 4.1.1) 7500_7600_7700_Help (Version: 1.00.0000) 7-Zip 9.20 ACH Origination Application (Version: 19.40.0.8) Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.0.0) Adobe AIR (Version: 1.0.4990) Adobe AIR (Version: 1.0.8.4990) Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader X (10.1.7) (Version: 10.1.7) Apple Application Support (Version: 2.3.4) Apple Software Update (Version: 2.1.3.127) Avery Media Software 32 bit Belarc Advisor 7.2 BPD_HPSU (Version: 1.00.0000) BPD_Scan (Version: 3.00.0000) BPDSoftware (Version: 82.0.173.000) BPDSoftware_Ini (Version: 1.00.0000) Brother P-touch Address Book 1.1 (Version: 1.1.033) BufferChm (Version: 120.0.194.000) C4580 (Version: 120.0.209.000) CCleaner (Version: 3.01) Copy (Version: 120.0.194.000) CustomerResearchQFolder (Version: 1.00.0000) Destination Component (Version: 110.0.0.0) DeviceDiscovery (Version: 120.0.194.000) DeviceManagementQFolder (Version: 1.00.0000) DocProc (Version: 8.1.0.0) DocProcQFolder (Version: 1.00.0000) Dyn Updater (Version: 4.1.10) eSupportQFolder (Version: 1.00.0000) Fax (Version: 82.0.188.000) File Type Assistant Free File Viewer 2012 (Version: 2012.10.9.0) Google Update Helper (Version: 1.3.21.153) GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880) HP Customer Participation Program 8.0 (Version: 8.0) HP Imaging Device Functions 12.0 (Version: 12.0) HP OCR Software 8.0 (Version: 8.0) HP Officejet 7500 E910 Basic Device Software (Version: 22.0.334.0) HP Officejet 7500 E910 Help (Version: 140.0.93.93) HP Officejet Pro All-In-One Series (Version: 1.0) HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4 (Version: 12.0) HP Photosmart Essential (Version: 1.12.0.46) HP Product Detection (Version: 9.7.2) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 8.0 (Version: 8.0) HP Update (Version: 5.002.005.003) HPProductAssistant (Version: 82.0.173.000) HPSSupply (Version: 120.0.194.000) I.R.I.S. OCR (Version: 12.3.4) Image for Windows 2.61 Trial Java Auto Updater (Version: 2.0.6.1) Java 6 Update 27 (Version: 6.0.270) L7600 (Version: 50.0.165.000) LG CyberLink LabelPrint (Version: 2.0.3605) LG CyberLink PowerBackup (Version: 2.5.4511) LG CyberLink PowerDVD 7.0 (Version: 7.0.3409.a) LG CyberLink PowerProducer (Version: 085312a(3.7)_Vista_LG) LG CyberLink YouCam (Version: 1.0.2609) LightScribe System Software (Version: 1.18.1.1) Linksys Bi-Admin Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 82.0.174.000) Marketsplash Print Software (Version: 1.0.0.31) Marketsplash Shortcuts (Version: 1.0.0.9) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft XML Parser (Version: 8.70.1104.04) Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MPM (Version: 1.00.0000) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) neroxml (Version: 1.0.0) Network (Version: 120.0.194.000) NetZero For Cosmi (Version: 1.0.0) OpenOffice.org 3.3 (Version: 3.3.9567) PC Attorney (Version: 2.1.0000) Pdf995 PdfEdit995 Personal Trainer Studio - Deed-Chek Subdivide 10.0 Edition Picasa 3 (Version: 3.9) Print Server Driver ProductContext (Version: 50.0.165.000) PS_AIO_04_C4580_Software_Min (Version: 120.0.209.000) QuickBooks (Version: 21.0.4013.904) QuickBooks Pro 2011 (Version: 21.0.4013.904) QuickTime (Version: 7.74.80.86) RETTS Real Estate Management System Scan (Version: 12.0.0.0) Shipping Assistant 3.6 (Version: 3.6.103.0) Shop for HP Supplies (Version: 12) Signature995 SketchUp 8 (Version: 3.0.16846) SmartWebPrinting (Version: 140.0.186.000) SolutionCenter (Version: 82.0.188.000) Speccy (Version: 1.10) Status (Version: 120.0.194.000) Suite (Version: 1.00.0000) SupportSoft Assisted Service (Version: 15) Tax Forms Helper 2011 10.0 Tax Forms Helper 2012 10.5 TBIView 4.24 - TBIMount 1.06 Toolbox (Version: 120.0.194.000) Toolbox (Version: 82.0.173.000) TrayApp (Version: 120.0.194.000) UnloadSupport (Version: 11.0.0) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) WebReg (Version: 120.0.194.000) WinZip 16.0 (Version: 16.0.9715) ==================== Restore Points ========================= Could not list Restore Points. ==================== Hosts content: ========================== 2008-01-19 04:46 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0D3FDE63-AC71-4AEC-AE03-86FAB7609ABB} - System32\Tasks\User_Feed_Synchronization-{83EFDFF2-5E39-4116-BCE5-DC4692CB4561} => C:\Windows\system32\msfeedssync.exe [2011-05-31] (Microsoft Corporation) Task: {3777C6B6-4EF6-4FBF-B082-6331DCA50DF3} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2012-10-13] (Bitberry Software) Task: {47EFE11B-F8C3-4C20-BFED-9325A1786A28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-12] (Google Inc.) Task: {491C9688-17A0-45EF-9657-771CBDAE7823} - System32\Tasks\Image for Windows - Task 2 => C:\Program Files\TeraByte Unlimited\Image for Windows\V2\imagew.exe [2010-12-04] (TeraByte Unlimited) Task: {572F4DE2-C5FD-41A0-B948-F0A1C7688C7C} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2009-04-11] (Microsoft Corporation) Task: {60E1F3EB-D26C-4D69-B733-3E5D501124DC} - System32\Tasks\User_Feed_Synchronization-{30E669F5-5288-43F4-ACED-0371CB8DA81D} => C:\Windows\system32\msfeedssync.exe [2011-05-31] (Microsoft Corporation) Task: {63DED9DB-39A2-4585-AC33-2AFD7ECC69D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-12] (Google Inc.) Task: {8180385E-9F01-414E-BE79-08668ADE95AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8458F451-3CAE-4032-BDE8-F38FB1F0C4B1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2009-04-11] (Microsoft Corporation) Task: {91F6CD4C-D7A8-4C69-A108-481BE26EA811} - System32\Tasks\User_Feed_Synchronization-{7E9555A5-EBEE-446A-9809-A18330AFAD03} => C:\Windows\system32\msfeedssync.exe [2011-05-31] (Microsoft Corporation) Task: {9A6749F1-D890-4A71-8E77-D4FD67B1137F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18] (Adobe Systems Incorporated) Task: {A9B24974-47C6-468B-AA74-A511D9F9F580} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {ACBC6D2B-8CAF-4B3B-8674-1563E47AB6EC} - System32\Tasks\User_Feed_Synchronization-{DA4F1057-CD51-4527-822A-AAD1E051C25F} => C:\Windows\system32\msfeedssync.exe [2011-05-31] (Microsoft Corporation) Task: {B0B9FF5D-7B50-4C18-9EB9-1E5C3AC0F46E} - System32\Tasks\hpUrlLauncher.exe => C:\Program Files\HP\HP Officejet 7500 E910\Bin\utils\hpUrlLauncher.exe [2010-06-14] (Hewlett-Packard Co.) Task: {B256E7F7-41EC-48E7-A52D-5C21F6170B54} - System32\Tasks\User_Feed_Synchronization-{518FE07D-DC5B-41DE-BC5B-C1019DB14AC8} => C:\Windows\system32\msfeedssync.exe [2011-05-31] (Microsoft Corporation) Task: {BA003EEC-C058-4214-BB9B-43681CBC240A} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [2009-04-11] (Microsoft Corporation) Task: {C0D53485-FFCE-44E6-B60D-4670F2AE1725} - System32\Tasks\User_Feed_Synchronization-{7D14696C-0A7D-44A1-BEB4-1713A412BA5E} => C:\Windows\system32\msfeedssync.exe [2011-05-31] (Microsoft Corporation) Task: {C13BD08A-D92A-4426-B898-3A54B7A99EFE} - System32\Tasks\Image for Windows - Task 1 => C:\Program Files\TeraByte Unlimited\Image for Windows\V2\imagew.exe [2010-12-04] (TeraByte Unlimited) Task: {D286A394-0EA5-4860-BBE3-D6A36814245E} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {DEDC0DCF-1F3E-4C66-A549-53F6F785739A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2008-01-19] (Microsoft Corporation) Task: {F7EA3A84-54CE-444D-A50C-0F862D7E4177} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe No File Task: {FC196101-720E-4AAD-9AB0-530E904BC234} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Image for Windows - Task 1.job => C:\Program Files\TeraByte Unlimited\Image for Windows\V2\imagew.exe Task: C:\Windows\Tasks\Image for Windows - Task 2.job => C:\Program Files\TeraByte Unlimited\Image for Windows\V2\imagew.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{7D14696C-0A7D-44A1-BEB4-1713A412BA5E}.job => C:\Windows\system32\msfeedssync.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{83EFDFF2-5E39-4116-BCE5-DC4692CB4561}.job => C:\Windows\system32\msfeedssync.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{DA4F1057-CD51-4527-822A-AAD1E051C25F}.job => C:\Windows\system32\msfeedssync.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Officejet Pro L7600 Description: Officejet Pro L7600 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 7500 E910 Description: Officejet 7500 E910 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro L7600 Description: Officejet Pro L7600 Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/24/2013 02:55:54 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 02:55:54 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 02:55:54 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 01:35:24 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 01:35:24 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 01:35:24 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 01:26:37 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 01:26:37 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 01:26:37 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle Error: (07/24/2013 01:18:04 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle System errors: ============= Error: (07/24/2013 02:55:31 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (07/24/2013 02:54:38 PM) (Source: Service Control Manager) (User: ) Description: storflt Error: (07/24/2013 02:54:33 PM) (Source: Service Control Manager) (User: ) Description: IPsec Policy AgentBFE Error: (07/24/2013 02:54:33 PM) (Source: Service Control Manager) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (07/24/2013 01:49:58 PM) (Source: PlugPlayManager) (User: ) Description: The device 'WDC WD5000AACS-00ZUB SCSI Disk Device' (SCSI\Disk&Ven_WDC&Prod_WD5000AACS-00ZUB&Rev_01.0\5&23a76177&0&000000) disappeared from the system without first being prepared for removal. Error: (07/24/2013 01:34:31 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (07/24/2013 01:33:38 PM) (Source: Service Control Manager) (User: ) Description: storflt Error: (07/24/2013 01:33:33 PM) (Source: Service Control Manager) (User: ) Description: IPsec Policy AgentBFE Error: (07/24/2013 01:33:33 PM) (Source: Service Control Manager) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (07/24/2013 01:26:19 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (07/24/2013 02:55:54 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 02:55:54 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 02:55:54 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 01:35:24 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 01:35:24 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 01:35:24 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 01:26:37 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 01:26:37 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 01:26:37 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle Error: (07/24/2013 01:18:04 PM) (Source: QuickBooks)(User: ) Description: QuickBooksReturning NULL QBWinInstance Handle CodeIntegrity Errors: =================================== Date: 2013-07-24 14:36:03.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:36:03.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:36:03.266 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:36:03.013 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:36:02.767 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:36:02.528 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:34:48.167 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:34:47.922 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:34:47.670 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-24 14:34:47.420 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 4095.11 MB Available physical RAM: 2872.77 MB Total Pagefile: 8357.43 MB Available Pagefile: 7334.62 MB Total Virtual: 2047.88 MB Available Virtual: 1890.7 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:429.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 6BDA731C) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks!

I am running Windows Server 2008 Standard. All my downloads are deleted. Windows Update is not running. I ran a scan deleted the found items. See the following log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.24.07 Windows Server 2008 Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 DWCross :: DCR-SERVER [administrator] 7/24/2013 1:51:29 PM mbam-log-2013-07-24 (13-51-29).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 512191 Time elapsed: 48 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\$Recycle.Bin\S-1-5-21-3478161825-3527343326-2822658981-1000\$RDD5748DD (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\DWCross\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\61f84ab9-37feb95a (Rootkit.0Access) -> Quarantined and deleted successfully. (end) I still cannot download email attachments or access Windows Update. Reading some of the forums, I downloaded Rogue Killer and it turned out the following report: RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Server 2008 (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : DWCross [Admin rights] Mode : Scan -- Date : 07/24/2013 16:11:46 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [DNS] HKLM\[...]\CCSet\[...]\{830E54FB-1968-4054-B754-2D2B11CA9BB2} : NameServer (216.146.35.35,216.146.36.36,8.8.8.8,10.0.0.2) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{830E54FB-1968-4054-B754-2D2B11CA9BB2} : NameServer (216.146.35.35,216.146.36.36,8.8.8.8,10.0.0.2) -> FOUND [DNS] HKLM\[...]\CS003\[...]\{830E54FB-1968-4054-B754-2D2B11CA9BB2} : NameServer (216.146.35.35,216.146.36.36,8.8.8.8,10.0.0.2) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3478161825-3527343326-2822658981-1000\$0f63b47f65cedf7ef0bcba0f2d84c016\n. [x]) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Volume0 +++++ --- User --- [MBR] d2210731fe35215d2b0509d24876f4d0 [bSP] 2d7b8b4910399633fcc302c4b8ca1ce8 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476935 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: Volume0 +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_07242013_161146.txt >> RKreport[0]_S_07242013_145800.txt;RKreport[0]_S_07242013_153439.txt I did not delete any files with Rogue Killer because I did not know what they were. Can you help me?