beneja
Members-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by beneja
-
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Sorry, everything seems to be fine. You can close the post. Thanks for your help. -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Here is the new one. Farbar Service Scanner Version: 05-09-2013 Ran by Jim (administrator) on 08-09-2013 at 17:26:18 Running from "C:\Documents and Settings\Jim\My Documents\Downloads" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= DNE(9) Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4) 0x09000000050000000100000002000000030000000400000008000000060000000700000009000000 IpSec Tag value is correct. **** End of log **** -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
I get the error "Error accessing the registry" on the policy agent file. The remote access worked. I re-installed Windows Defender and it is working. -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Windows Defender Offline runs from a boot able cd so I do not have the log. I can uninstall and re install Windows Defender. What do these two files do for me? -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Here are the results of the scan. I did also run a scan with Windows Defender Offline. It found Trojan:Win32/Sirefef.p and Sirefef!cfg. Farbar Service Scanner Version: 05-09-2013Ran by Jim (administrator) on 08-09-2013 at 12:14:03Running from "C:\Documents and Settings\Jim\My Documents\Downloads"Microsoft Windows XP Professional Service Pack 3 (X86)Boot Mode: Normal**************************************************************** Internet Services:============ Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible. Windows Firewall:============= Firewall Disabled Policy: ================== System Restore:============ System Restore Disabled Policy: ======================== Security Center:============ Windows Update:============ Windows Autoupdate Disabled Policy: ============================ Other Services:==============Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. File Check:========C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\afd.sys => MD5 is legitC:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legitC:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legitC:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legitC:\WINDOWS\system32\dnsrslvr.dll => MD5 is legitC:\WINDOWS\system32\ipnathlp.dll => MD5 is legitC:\WINDOWS\system32\netman.dll => MD5 is legitC:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legitC:\WINDOWS\system32\srsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\sr.sys => MD5 is legitC:\WINDOWS\system32\wscsvc.dll => MD5 is legitC:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legitC:\WINDOWS\system32\wuauserv.dll => MD5 is legitC:\WINDOWS\system32\qmgr.dll => MD5 is legitC:\WINDOWS\system32\es.dll => MD5 is legitC:\WINDOWS\system32\cryptsvc.dll => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legit Extra List:=======DNE(9) Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4) 0x09000000050000000100000002000000030000000400000008000000060000000700000009000000IpSec Tag value is correct. **** End of log **** -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
The ADAWare was ok. The Malwarebytes came back with on problems found. I do still have some issues. Windows Defender does not work. It returns "Application Failed To Initialize: 0x80070006. The handle is invalid." I also found the attached errors in the Windows event viewer. mbam-log-2013-09-07 (16-03-55).txt ApplicationError_MatSvc.txt SendoriLogs.txt -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Here is the latest log file - RogueKiller V8.6.9 [sep 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Jim [Admin rights]Mode : Scan -- Date : 09/07/2013 12:29:13| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1801674531-2050456121-1003\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer ( ) -> FOUND[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250310AS +++++--- User ---[MBR] b3cf5c18f653eacf78558134b8028197[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 MoUser = LL1 ... OK!User = LL2 ... OK! -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
RogueKiller V8.6.9 [sep 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Jim [Admin rights] Mode : Scan -- Date : 09/07/2013 10:49:28 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND [RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1801674531-2050456121-1003\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND [RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer ( ) -> FOUND [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250310AS +++++ --- User --- [MBR] b3cf5c18f653eacf78558134b8028197 [bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09072013_104928.txt >> RKreport[0]_S_09062013_171329.txt;RKreport[0]_S_09072013_103810.txt -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
The only thing in the Folder tab is one item It is a folder type, name - Installer, Path is C:|Program Files\Google\Desktop\Install. There is no check box. Can I highlight the item and delete it? I do see ZeroAccess types in the registry tab. There are also SUSP Path types in red. -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Here is the latest. RogueKiller V8.6.9 [sep 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Jim [Admin rights]Mode : Scan -- Date : 09/07/2013 10:38:10| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1801674531-2050456121-1003\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer ( ) -> FOUND[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250310AS +++++--- User ---[MBR] b3cf5c18f653eacf78558134b8028197[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09072013_103810.txt >>RKreport[0]_S_09062013_171329.txt -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Here are the log files. The internet,firewall and windows update work. I have not tried Windows Defender yet. I believe that is how the infection got back in last time. I will not do anything until I hear back from you. Fixlog_07-09-2013_09-05-14.txt mbar-log-2013-09-07 (09-08-36).txt mbar-log-2013-09-07 (09-35-40).txt system-log.txt -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Here is the log. FRST.txt -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
Here are the results from RogueKiller RogueKiller V8.6.9 [sep 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Jim [Admin rights] Mode : Scan -- Date : 09/06/2013 17:13:29 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\ \ \???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < [x] -> STOPPED ¤¤¤ Registry Entries : 15 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND [RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1801674531-2050456121-1003\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND [RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\ \ \???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < [x]) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\ \ \???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < [x]) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\ \ \???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < [x]) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer ( ) -> FOUND [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Junction] LegitLib.dll : C:\Program Files\Windows Defender\LegitLib.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Windows Defender\mpevmsg.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Windows Defender\MpOAv.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpShHook.dll : C:\Program Files\Windows Defender\MpShHook.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Windows Defender\MsMpEng.exe >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] wgadef.chm : C:\Program Files\Windows Defender\wgadef.chm >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250310AS +++++ --- User --- [MBR] b3cf5c18f653eacf78558134b8028197 [bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09062013_171329.txt >> -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
I am afraid that it is back. When I run a Malwarebytes scan it comes bacj with rootkit.0access and trojan.zaccess. It have have got back in when I tried to fix Windows Defender.Should I start back over? -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
system-log.txtsystem-log.txtI believe that that has cleared it up. I have update the Malwarebytes virus definitions yerterday and today. I have run full scans and quick scans. No viruses are detected. I still have na issue with Windows Defender not working but I can deal with that. Fixlog_03-09-2013_19-46-13.txt mbar-log-2013-09-03 (19-49-20).txt mbar-log-2013-09-03 (20-50-20).txt -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
I get an error trying to delete the contents of the C:\Documents and Settings\Jim\Local Settings\temp. It tells me that file Perflib_Perfdata_fb8 is in use. -
Rootkit.0Access Trojan.Zaccess not removed
beneja replied to beneja's topic in Resolved Malware Removal Logs
I have run the scans. Here are the results. I also have an issue that when I run a scan with Malwarebytes and I reboot it creates a folder named C:Avenger and there is also a file on the C: drive names Avenger.txt. This file keeps growing until it fills up my C: drive or I reboot again. After the second reboot the file is gone. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 03Ran by Jim (administrator) on HOME-4E734F40DE on 03-09-2013 17:26:36Running from C:\MalwarebytesMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe(Sendori) C:\Program Files\Sendori\sndappv2.exe(Microsoft Corporation) C:\Program Files\Zune\ZuneBusEnum.exe(Sendori, Inc.) C:\Program Files\Sendori\SendoriSvc.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(sendori) C:\Program Files\Sendori\Sendori.Service.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Sendori, Inc.) C:\Program Files\Sendori\SendoriUp.exe(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Sendori, Inc.) C:\Program Files\Sendori\SendoriTray.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe(Microsoft Corporation) C:\Program Files\Microsoft Fix it Center\Matsvc.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Akamai Technologies, Inc.) C:\Documents and Settings\Jim\Local Settings\Application Data\Akamai\netsession_win.exe(Akamai Technologies, Inc.) C:\Documents and Settings\Jim\Local Settings\Application Data\Akamai\netsession_win.exe(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsload.exe(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)HKLM\...\Run: [sendori Tray] - C:\Program Files\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)HKCU\...\Run: [Google Update] - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-28] (Google Inc.)HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Jim\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2012-10-09] (Akamai Technologies, Inc.)HKCR\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?HKU\Linda\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)HKU\Marc\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)HKU\Mike\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AtHomeConnect.lnkShortcutTarget: AtHomeConnect.lnk -> C:\Program Files\AtHomeConnect\AtHomeConnect.exe (HR Block )Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnkShortcutTarget: Citrix Access Gateway.lnk -> C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnkShortcutTarget: hp psc 1000 series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnkShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKCU - {736A6A19-2844-4A1F-B6DB-2B2984338F4A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=04DD7690-C6A8-45C4-B867-03A2ADD1EB4C&apn_sauid=79F84B06-FBDE-41B3-8B56-DDA46E673ED8BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622173212.dll (McAfee, Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileDPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cabFilter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] ()Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\..\Interfaces\{459B7DE9-33B5-44CE-BEF9-9E9E9CF8204F}: [NameServer]192.168.1.1 Chrome: =======CHR DefaultSearchURL: (Ask) - http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=04DD7690-C6A8-45C4-B867-03A2ADD1EB4C&apn_ptnrs=TV&apn_sauid=79F84B06-FBDE-41B3-8B56-DDA46E673ED8&apn_dtid=OSJ000YYUS&q={searchTerms}CHR DefaultSuggestURL: (Ask) - http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No FileCHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Google Update) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()CHR Extension: (YouTube) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Gmail) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 Application Sendori; C:\Program Files\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)R2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [154776 2010-03-18] (Citrix Systems, Inc)R2 Service Sendori; C:\Program Files\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)R2 sndappv2; C:\Program Files\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)R2 ZuneBusEnum; C:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\ \ \???\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-09-26] (Avanquest Software)R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [81024 2010-03-09] (Citrix Systems, Inc.)S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [41624 2010-03-18] (Citrix Systems, Inc.)R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [32072 2012-05-18] ()R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-19] (McAfee, Inc.)R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)S0 cerc6; No ImagePathS4 IntelIde; No ImagePathU3 mfeavfk01; No ImagePathS0 odtmciey; System32\drivers\pxxiekr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 17:26 - 2013-09-03 17:26 - 00000000 ____D C:\FRST2013-09-03 17:24 - 2013-09-03 17:24 - 00000000 ____D C:\Malwarebytes2013-09-02 13:46 - 2013-09-03 17:25 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\U32013-08-31 09:05 - 2013-08-31 09:05 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\PCHealth2013-08-31 09:01 - 2013-08-31 09:01 - 00881168 _____ (Microsoft Corporation) C:\Documents and Settings\Jim\Desktop\mssstool32.exe2013-08-30 17:22 - 2013-08-31 21:09 - 00000000 ____D C:\WINDOWS\Minidump2013-08-30 17:22 - 2013-08-30 17:22 - 00098304 _____ C:\WINDOWS\Minidump\Mini083013-01.dmp2013-08-29 17:40 - 2013-08-29 17:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia2013-08-29 17:40 - 2013-08-29 17:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe2013-08-29 17:14 - 2013-08-29 17:14 - 00000000 ____D C:\Documents and Settings\Jim\Start Menu\Programs\Antivirus Security Pro2013-08-29 17:08 - 2013-08-29 17:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\sa3pngpV2013-08-27 17:33 - 2013-08-27 17:33 - 00004125 _____ C:\WINDOWS\KB2834904-v2.log2013-08-27 17:33 - 2013-08-27 17:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$2013-08-13 18:47 - 2013-08-13 18:48 - 00012857 _____ C:\WINDOWS\KB2862772-IE8.log2013-08-13 18:44 - 2013-08-13 18:47 - 00000000 ____D C:\WINDOWS\system32\MRT2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$2013-08-13 18:38 - 2013-08-13 18:39 - 00005129 _____ C:\WINDOWS\KB2863058.log2013-08-13 18:38 - 2013-08-13 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$2013-08-13 17:53 - 2013-08-13 18:39 - 00010738 _____ C:\WINDOWS\KB2859537.log2013-08-13 17:53 - 2013-08-13 18:39 - 00009793 _____ C:\WINDOWS\KB2850869.log2013-08-07 21:26 - 2013-08-07 21:26 - 00001320 _____ C:\Documents and Settings\Jim\Desktop\Shortcut to SalesForce_PST.lnk ==================== One Month Modified Files and Folders ======= 2013-09-03 17:26 - 2013-09-03 17:26 - 00000000 ____D C:\FRST2013-09-03 17:25 - 2013-09-02 13:46 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\U32013-09-03 17:24 - 2013-09-03 17:24 - 00000000 ____D C:\Malwarebytes2013-09-03 17:20 - 2013-07-16 17:15 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-09-03 17:20 - 2012-04-28 15:33 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt2013-09-03 17:19 - 2013-07-16 17:15 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-09-03 17:19 - 2012-04-28 15:29 - 01295953 _____ C:\WINDOWS\WindowsUpdate.log2013-09-03 17:19 - 2012-04-28 11:19 - 00921365 _____ C:\WINDOWS\setupapi.log2013-09-03 17:18 - 2012-05-22 09:13 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job2013-09-03 17:18 - 2012-04-28 15:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-09-03 17:18 - 2012-04-28 11:22 - 00000159 _____ C:\WINDOWS\wiadebug.log2013-09-03 17:18 - 2012-04-28 11:22 - 00000048 _____ C:\WINDOWS\wiaservc.log2013-09-03 17:17 - 2013-07-02 18:00 - 00131072 _____ C:\WINDOWS\system32\config\SendoriL.evt2013-09-03 17:17 - 2012-04-28 15:37 - 00000278 ___SH C:\Documents and Settings\Jim\ntuser.ini2013-09-03 17:13 - 2012-05-22 09:13 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job2013-09-03 17:02 - 2008-04-14 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2013-09-03 17:01 - 2012-04-28 15:28 - 00000000 ____D C:\WINDOWS\Registration2013-09-02 17:51 - 2012-05-01 09:16 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job2013-09-02 13:23 - 2012-04-28 17:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$2013-09-01 12:29 - 2012-04-28 17:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$2013-09-01 10:54 - 2012-04-28 17:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB958644$2013-09-01 10:12 - 2012-04-28 17:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544521$2013-08-31 21:09 - 2013-08-30 17:22 - 00000000 ____D C:\WINDOWS\Minidump2013-08-31 15:25 - 2012-05-01 12:23 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware2013-08-31 14:46 - 2012-11-13 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2761226$2013-08-31 13:33 - 2012-10-14 20:55 - 00000000 ____D C:\Documents and Settings\Mike2013-08-31 13:33 - 2012-06-24 21:55 - 00000000 ____D C:\Documents and Settings\Marc2013-08-31 13:33 - 2012-05-19 08:53 - 00000000 ____D C:\Documents and Settings\Linda2013-08-31 13:33 - 2012-05-09 08:08 - 00000000 ____D C:\Documents and Settings\Administrator2013-08-31 13:21 - 2012-04-28 17:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$2013-08-31 09:20 - 2012-12-12 20:46 - 00001024 ____H C:\WINDOWS\system32\config\ELAM.LOG2013-08-31 09:05 - 2013-08-31 09:05 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\PCHealth2013-08-31 09:01 - 2013-08-31 09:01 - 00881168 _____ (Microsoft Corporation) C:\Documents and Settings\Jim\Desktop\mssstool32.exe2013-08-31 08:37 - 2012-04-28 17:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977816$2013-08-31 06:51 - 2012-10-09 18:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2756822$2013-08-30 22:17 - 2012-04-29 10:38 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-08-30 20:19 - 2012-05-22 09:15 - 00011270 _____ C:\WINDOWS\bitssetup.log2013-08-30 19:31 - 2012-12-11 23:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$2013-08-30 17:34 - 2012-04-28 11:13 - 00000000 ____D C:\WINDOWS\security2013-08-30 17:22 - 2013-08-30 17:22 - 00098304 _____ C:\WINDOWS\Minidump\Mini083013-01.dmp2013-08-30 17:18 - 2012-12-11 23:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$2013-08-30 16:54 - 2012-04-28 11:18 - 00207672 _____ C:\WINDOWS\setupact.log2013-08-30 14:57 - 2012-04-28 15:28 - 00000000 ____D C:\WINDOWS\system32\Restore2013-08-30 06:09 - 2012-05-12 07:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2695962$2013-08-30 06:07 - 2012-04-28 15:37 - 00000000 ____D C:\Documents and Settings\Jim2013-08-30 06:06 - 2012-08-26 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sendori2013-08-30 01:49 - 2012-12-15 10:17 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job2013-08-29 22:51 - 2012-05-01 09:16 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job2013-08-29 17:40 - 2013-08-29 17:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia2013-08-29 17:40 - 2013-08-29 17:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe2013-08-29 17:14 - 2013-08-29 17:14 - 00000000 ____D C:\Documents and Settings\Jim\Start Menu\Programs\Antivirus Security Pro2013-08-29 17:13 - 2013-08-29 17:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\sa3pngpV2013-08-29 17:12 - 2012-05-08 08:36 - 00048344 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2013-08-29 17:09 - 2012-04-28 19:31 - 00000000 ____D C:\Program Files\Google2013-08-28 20:40 - 2008-04-14 08:00 - 00000742 _____ C:\WINDOWS\win.ini2013-08-28 17:08 - 2012-08-26 10:39 - 00000000 ____D C:\Program Files\Sendori2013-08-27 20:45 - 2012-04-28 19:55 - 00083673 _____ C:\hpfr3425.log2013-08-27 20:45 - 2012-04-28 19:55 - 00000520 _____ C:\hpfr3420.xml2013-08-27 17:33 - 2013-08-27 17:33 - 00004125 _____ C:\WINDOWS\KB2834904-v2.log2013-08-27 17:33 - 2013-08-27 17:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$2013-08-27 17:33 - 2012-04-28 11:19 - 01564948 _____ C:\WINDOWS\iis6.log2013-08-27 17:33 - 2012-04-28 11:19 - 01346185 _____ C:\WINDOWS\FaxSetup.log2013-08-27 17:33 - 2012-04-28 11:19 - 00678780 _____ C:\WINDOWS\ocgen.log2013-08-27 17:33 - 2012-04-28 11:19 - 00630491 _____ C:\WINDOWS\tsoc.log2013-08-27 17:33 - 2012-04-28 11:19 - 00462064 _____ C:\WINDOWS\comsetup.log2013-08-27 17:33 - 2012-04-28 11:19 - 00430316 _____ C:\WINDOWS\msmqinst.log2013-08-27 17:33 - 2012-04-28 11:19 - 00281122 _____ C:\WINDOWS\ntdtcsetup.log2013-08-27 17:33 - 2012-04-28 11:19 - 00238235 _____ C:\WINDOWS\netfxocm.log2013-08-27 17:33 - 2012-04-28 11:19 - 00094894 _____ C:\WINDOWS\MedCtrOC.log2013-08-27 17:33 - 2012-04-28 11:19 - 00075540 _____ C:\WINDOWS\ocmsn.log2013-08-27 17:33 - 2012-04-28 11:19 - 00068643 _____ C:\WINDOWS\msgsocm.log2013-08-27 17:33 - 2012-04-28 11:19 - 00067848 _____ C:\WINDOWS\tabletoc.log2013-08-27 17:33 - 2012-04-28 11:19 - 00001374 _____ C:\WINDOWS\imsins.log2013-08-17 17:17 - 2013-01-11 18:52 - 00028160 _____ C:\Documents and Settings\Jim\Desktop\Hawaii Excursions.xls2013-08-13 18:48 - 2013-08-13 18:47 - 00012857 _____ C:\WINDOWS\KB2862772-IE8.log2013-08-13 18:48 - 2012-04-28 17:32 - 00000000 ____D C:\WINDOWS\ie8updates2013-08-13 18:48 - 2012-04-28 17:23 - 00099644 _____ C:\WINDOWS\updspapi.log2013-08-13 18:48 - 2012-04-28 11:19 - 00001374 _____ C:\WINDOWS\imsins.BAK2013-08-13 18:47 - 2013-08-13 18:44 - 00000000 ____D C:\WINDOWS\system32\MRT2013-08-13 18:41 - 2012-04-28 11:19 - 00603848 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$2013-08-13 18:39 - 2013-08-13 18:38 - 00005129 _____ C:\WINDOWS\KB2863058.log2013-08-13 18:39 - 2013-08-13 17:53 - 00010738 _____ C:\WINDOWS\KB2859537.log2013-08-13 18:39 - 2013-08-13 17:53 - 00009793 _____ C:\WINDOWS\KB2850869.log2013-08-13 18:39 - 2012-04-28 17:25 - 00023500 _____ C:\WINDOWS\system32\TZLog.log2013-08-13 18:38 - 2013-08-13 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$2013-08-07 21:26 - 2013-08-07 21:26 - 00001320 _____ C:\Documents and Settings\Jim\Desktop\Shortcut to SalesForce_PST.lnk2013-08-07 04:22 - 2012-12-15 10:15 - 00238872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2013-08-05 16:00 - 2012-04-28 17:25 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe Files to move or delete:====================ZeroAccess:C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}C:\DOCUME~1\Jim\LOCALS~1\Temp\APNStub.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\FreemakeVideoConverter_3.1.1.4.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\GoogleToolbarInstaller_en32_signed.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\hpzscr01.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\jre-7u21-windows-i586-iftw.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\jre-7u7-windows-i586-iftw.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\jre-7u9-windows-i586-iftw.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\stub_455_softonic.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleCrashHandler.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleCrashHandler64.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleUpdate.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleUpdateBroker.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleUpdateOnDemand.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleUpdateSetup.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdate.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_am.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ar.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_bg.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_bn.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ca.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_cs.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_da.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_de.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_el.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_en-GB.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_en.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_es-419.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_es.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_et.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_fa.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_fi.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_fil.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_fr.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_gu.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_hi.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_hr.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_hu.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_id.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_is.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_it.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_iw.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ja.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_kn.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ko.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_lt.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_lv.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ml.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_mr.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ms.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_nl.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_no.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_pl.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_pt-BR.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_pt-PT.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ro.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ru.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sk.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sl.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sr.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sv.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sw.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ta.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_te.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_th.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_tr.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_uk.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ur.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_vi.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_zh-CN.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_zh-TW.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\npGoogleUpdate3.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\psmachine.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\psuser.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_5\npCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_5\npMozCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_4\npCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_4\npMozCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_3\npCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_3\npMozCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_2\npCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_2\npMozCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_1\npCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_1\npMozCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_0\npCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_0\npMozCouponPrinter.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\Temporary Directory 1 for ASUS_Pad_PC_Suite_v1_0_41 (2).zip\ASUS Pad PC Suite v1.0.41.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\ot2\OM2_Setup_Bootstrapper_2_2_0.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\ot2\OM2_Setup_SubBootstrapper.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\nshC9\Helper.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\Autorun.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\lts.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\zh-CHS\Autorun.resources.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\ja\Autorun.resources.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\fr\Autorun.resources.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\es\Autorun.resources.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\de\Autorun.resources.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\CoreUtils.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\DIFxAPI.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\FWManager.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\HPDiagnosticCore.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\HPDiagnosticCoreUI.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\hpodss01.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\Impl_FirewallLib.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\msvcp100.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\msvcr100.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\OESISCore.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\DeviceManager\DeviceManager.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\DeviceManager\DIFxAPI.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\GoogleEarth.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\Leap.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\earthps.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exeC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\icudt.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\Leap.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dllC:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitC:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2013 03Ran by Jim at 2013-09-03 17:27:51Running from C:\MalwarebytesBoot Mode: Normal========================================================== ==================== Installed Programs ======================= Adobe AIR (Version: 3.2.0.2070)Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)Adobe Flash Player 11 Plugin (Version: 11.7.700.224)Adobe Reader X (10.1.6) (Version: 10.1.6)Akamai NetSession InterfaceApple Application Support (Version: 2.3.4)Apple Mobile Device Support (Version: 6.1.0.13)Apple Software Update (Version: 2.1.3.127)ASUS Android USB Drivers (Version: 1.0.6292)AtHomeConnect version 1.0.1.0 (Version: 1.0.1.0)Bonjour (Version: 3.0.0.10)Citrix Access Gateway Plug-in (Version: 9.2.39.6)Citrix online plug-in - web (Version: 12.1.44.1)Citrix online plug-in (DV) (Version: 12.1.44.1)Citrix online plug-in (HDX) (Version: 12.1.44.1)Citrix online plug-in (USB) (Version: 12.1.44.1)Citrix online plug-in (Web) (Version: 12.1.44.1)Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)Coupon Printer for Windows (Version: 5.0.0.3)Dell Resource CD (Version: 1.00.0000)Dropbox (HKCU Version: 1.6.18)Garmin Communicator Plugin (Version: 4.0.4)Garmin USB Drivers (Version: 2.3.1.0)Google Chrome (HKCU Version: 28.0.1500.95)Google Earth (Version: 7.1.1.1888)Google Update Helper (Version: 1.3.21.153)H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7803)H&R Block Ohio 2012 (Version: 1.12.4401)HP Memories Disc (Version: 1.0.4.805)HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)HP Photo and Imaging 2.0 - hp psc 1200 seriesHP Product Detection (Version: 11.15.0005)hp psc 1200 series (Version: 1.10.0000)Intel® Graphics Media Accelerator DriverIntel® PRO Network Connections 12.1.12.0 (Version: )Internet Explorer (Enable DEP)iPhone Configuration Utility (Version: 3.6.2.300)iTunes (Version: 11.0.4.4)Java 7 Update 21 (Version: 7.0.210)Java Auto Updater (Version: 2.1.9.5)JavaFX 2.1.0 (Version: 2.1.0)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)McAfee AntiVirus Plus (Version: 11.6.511)Microsoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Automated Troubleshooting Services ShimMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XP (Version: 1)Microsoft Download Manager (Version: 1.2.1)Microsoft Fix it Center (Version: 1.0.0100)Microsoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)Microsoft User-Mode Driver Framework Feature Pack 1.9Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft WinUsb 1.0MSNMSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)OLYMPUS Master 2 (Version: 1.0.6)QuickTime (Version: 7.74.80.86)Realtek High Definition Audio Driver (Version: 5.10.0.5548)Sendori (Version: 2.0.15)Shared C Run-time for x86 (Version: 10.0.0)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2467659) (Version: 1)Update for Windows XP (KB2492386) (Version: 1)Update for Windows XP (KB2641690) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB2863058) (Version: 1)Update for Windows XP (KB898461) (Version: 1)Update for Windows XP (KB951978) (Version: 1)Update for Windows XP (KB955759) (Version: 1)Update for Windows XP (KB968389) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Update for Windows XP (KB973687) (Version: 1)Update for Windows XP (KB973815) (Version: 1)WebFldrs XP (Version: 9.50.7523)Windows Defender (Version: 1.1.1593.21)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)Windows Internet Explorer 8 (Version: 20090308.140743)Windows Management Framework CoreWindows Media Format 11 runtimeWindows Media Player 11Windows Mobile Device Updater Component (Version: 04.08.2345.00)Windows Search 4.0 (Version: 04.00.6001.503)Zune (Version: 04.08.2345.00)Zune Language Pack (CHS) (Version: 04.08.2345.00)Zune Language Pack (CHT) (Version: 04.08.2345.00)Zune Language Pack (CSY) (Version: 04.08.2345.00)Zune Language Pack (DAN) (Version: 04.08.2345.00)Zune Language Pack (DEU) (Version: 04.08.2345.00)Zune Language Pack (ELL) (Version: 04.08.2345.00)Zune Language Pack (ESP) (Version: 04.08.2345.00)Zune Language Pack (FIN) (Version: 04.08.2345.00)Zune Language Pack (FRA) (Version: 04.08.2345.00)Zune Language Pack (HUN) (Version: 04.08.2345.00)Zune Language Pack (IND) (Version: 04.08.2345.00)Zune Language Pack (ITA) (Version: 04.08.2345.00)Zune Language Pack (JPN) (Version: 04.08.2345.00)Zune Language Pack (KOR) (Version: 04.08.2345.00)Zune Language Pack (MSL) (Version: 04.08.2345.00)Zune Language Pack (NLD) (Version: 04.08.2345.00)Zune Language Pack (NOR) (Version: 04.08.2345.00)Zune Language Pack (PLK) (Version: 04.08.2345.00)Zune Language Pack (PTB) (Version: 04.08.2345.00)Zune Language Pack (PTG) (Version: 04.08.2345.00)Zune Language Pack (RUS) (Version: 04.08.2345.00)Zune Language Pack (SVE) (Version: 04.08.2345.00) ==================== Restore Points ========================= 01-09-2013 11:58:03 System Checkpoint02-09-2013 12:47:13 System Checkpoint ==================== Hosts content: ========================== 2011-08-11 15:41 - 2010-04-28 16:08 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\ConfigExec.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dllTask: C:\WINDOWS\Tasks\DataUpload.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dllTask: C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1335654144.job => C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job => C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job => C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Loaded Modules (whitelisted) ============= 2008-04-14 08:00 - 2008-04-14 08:00 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime2009-03-10 22:18 - 2009-03-10 22:18 - 00239496 ____N (Microsoft Corporation) C:\WINDOWS\system32\WgaLogon.dll2012-04-28 15:27 - 2008-06-12 10:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\System32\mtxoci.dll2008-04-14 08:00 - 2009-03-08 04:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\advpack.dll2006-09-28 18:56 - 2009-07-13 18:16 - 00064512 ____N (Microsoft Corporation) c:\windows\system32\wudfsvc.dll2006-09-28 18:56 - 2009-07-13 16:50 - 00148480 ____N (Microsoft Corporation) c:\windows\system32\WUDFPlatform.dll2003-03-09 00:30 - 2003-03-09 00:30 - 00184386 _____ (HP) C:\WINDOWS\system32\hpzsnt07.dll2012-04-28 17:56 - 2007-04-09 13:23 - 00028040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdimon.dll2012-04-28 17:56 - 2007-04-09 13:23 - 00028552 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll2012-04-29 10:57 - 2008-07-06 08:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll2011-09-27 07:22 - 2011-09-27 07:22 - 00053608 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll2011-09-27 07:22 - 2011-09-27 07:22 - 01292136 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll2011-09-27 07:22 - 2011-09-27 07:22 - 00923496 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll2011-09-27 07:22 - 2011-09-27 07:22 - 16303976 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\WINDOWS\system32\dnssd.dll2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2008-04-14 08:00 - 2009-03-06 10:22 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcbcp.dll2012-10-31 16:10 - 2012-10-31 16:10 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVCR100.dll2012-10-31 16:10 - 2012-10-31 16:10 - 00138056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ATL100.DLL2011-06-11 02:58 - 2011-06-11 02:58 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVCP100.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\LZ32.dll2012-11-08 12:29 - 2012-11-08 12:29 - 01402312 _____ (Microsoft Corporation) c:\WINDOWS\system32\msxml4.dll2013-07-01 15:28 - 2013-07-01 15:28 - 00133408 _____ (Sendori) C:\Program Files\Sendori\SndCertDLL.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00333824 _____ (Microsoft Corporation) c:\windows\system32\wiaservc.dll2013-07-01 15:28 - 2013-07-01 15:28 - 00275744 _____ (Sendori, Inc.) C:\Program Files\Sendori\DynLib.dll2013-07-01 15:28 - 2013-07-01 15:28 - 00147232 _____ (Sendori) C:\Program Files\Sendori\Sendori.Library.dll2008-05-26 22:21 - 2008-05-26 22:21 - 01418240 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSSRCH.DLL2008-05-26 22:17 - 2008-05-26 22:17 - 00221184 ____N (Microsoft Corporation) C:\WINDOWS\system32\en-us\tQuery.dll.mui2008-05-26 22:17 - 2008-05-26 22:17 - 00034816 ____N (Microsoft Corporation) C:\WINDOWS\system32\msscb.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangWrbk.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\infosoft.dll2008-04-14 08:00 - 2010-03-05 10:37 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll2013-03-12 02:39 - 2013-03-12 02:39 - 00129272 _____ (Dropbox, Inc.) C:\Documents and Settings\Jim\Application Data\Dropbox\bin\DropboxExt.17.dll2008-04-14 08:00 - 2011-03-04 02:37 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2008-04-14 08:00 - 2009-03-08 04:31 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImgUtil.dll2008-04-14 08:00 - 2009-03-08 04:31 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll2012-04-30 09:33 - 2007-04-16 19:50 - 00102400 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.DLL2012-04-30 09:33 - 2007-04-16 19:50 - 00047616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll2012-04-30 09:35 - 2007-04-16 19:50 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll2012-04-30 09:33 - 2007-04-16 19:50 - 00204800 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\HHCTRL.OCX2011-04-25 01:57 - 2011-04-25 01:57 - 00255936 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ctxmui.dll2011-04-25 01:58 - 2011-04-25 01:58 - 00124864 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\CCMSDK.dll2011-04-25 01:53 - 2011-04-25 01:53 - 00011200 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\ctxmuiUI.DLL2011-04-25 01:54 - 2011-04-25 01:54 - 00427968 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\concenUI.DLL2011-04-25 01:57 - 2011-04-25 01:57 - 00023488 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\CCMProxy.dll2011-04-25 02:14 - 2011-04-25 02:14 - 00088000 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ProgressNotificationCommon.dll2011-04-25 02:17 - 2011-04-25 02:17 - 00049600 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\WFCWINN.dll2011-04-25 02:07 - 2011-04-25 02:07 - 00029120 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\acrdlg.dll2011-04-25 02:04 - 2011-04-25 02:04 - 00096192 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\statuin.dll2011-04-25 01:59 - 2011-04-25 01:59 - 00092096 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\confmgr.dll2011-04-25 01:58 - 2011-04-25 01:58 - 00022976 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ctxlogging.dll2011-04-25 01:58 - 2011-04-25 01:58 - 00032192 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\icafile.dll2011-04-25 02:08 - 2011-04-25 02:08 - 00485312 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\CST.dll2011-04-25 01:53 - 2011-04-25 01:53 - 00020416 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll2011-04-25 01:54 - 2011-04-25 01:54 - 00075712 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\statuiUI.DLL2011-04-25 01:53 - 2011-04-25 01:53 - 00104384 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\CSTUI.DLL2011-04-25 01:54 - 2011-04-25 01:54 - 00116672 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\wfcrunUI.DLL2008-04-14 08:00 - 2008-04-14 08:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\security.dll2002-10-04 05:45 - 2002-10-04 05:45 - 00122880 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll2003-04-06 00:36 - 2003-04-06 00:36 - 00200704 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll2003-04-06 01:06 - 2003-04-06 01:06 - 00253952 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll2003-04-06 00:35 - 2003-04-06 00:35 - 00053248 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll2003-04-06 00:38 - 2003-04-06 00:38 - 00450560 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll2012-04-28 19:00 - 2003-03-09 00:31 - 00233528 ____R (HP) C:\WINDOWS\system32\hpzidr12.dll2012-04-28 19:00 - 2003-03-09 00:31 - 00167936 ____R (HP) C:\WINDOWS\system32\hpzipr12.dll2003-04-06 01:06 - 2003-04-06 01:06 - 00212992 _____ (Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll2008-05-26 22:19 - 2008-05-26 22:19 - 00143872 ____N (Microsoft Corporation) C:\WINDOWS\system32\uncdms.dll2008-05-26 22:19 - 2008-05-26 22:19 - 00273408 ____N (Microsoft Corporation) C:\WINDOWS\system32\oeph.dll2008-05-26 22:18 - 2009-05-25 00:24 - 00350208 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll2012-04-28 15:30 - 2008-04-14 08:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MAPI32.dll2012-04-28 15:28 - 2008-04-14 08:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSOERT2.dll2012-04-28 15:28 - 2008-04-14 08:00 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSOEACCT.dll2012-04-28 15:28 - 2011-10-10 10:22 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETCOMM.dll2012-04-28 15:29 - 2008-04-14 08:00 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\acctres.dll2012-04-28 15:28 - 2008-04-14 08:00 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetres.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msident.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msidntld.dll2008-04-14 08:00 - 2008-04-14 08:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PSTOREC.DLL2002-10-08 09:57 - 2002-10-08 09:57 - 00053248 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtap08.dll2003-04-06 00:55 - 2003-04-06 00:55 - 00245760 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Documents and Settings\Jim\My Documents\Data Warehousing - Fact and Dimension Tables - SQLServerPedia.url:favicon ==================== Faulty Device Manager Devices ============= Name: USB Mass Storage DeviceDescription: USB Mass Storage DeviceClass Guid: {36FC9E60-C465-11CF-8056-444553540000}Manufacturer: Compatible USB storage deviceService: USBSTORProblem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available. Name: PCI Simple Communications ControllerDescription: PCI Simple Communications ControllerClass Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (09/03/2013 05:24:40 PM) (Source: MatSvc) (User: )Description: The MATS service encountered a web service failure. hr=0x80072EE7 Error: (09/03/2013 05:20:03 PM) (Source: SendoriService) (User: )Description: In the enable methodObject reference not set to an instance of an object. Error: (09/03/2013 05:19:42 PM) (Source: MatSvc) (User: )Description: The MATS service encountered a web service failure. hr=0x80072EE7 Error: (09/03/2013 05:19:42 PM) (Source: MatSvc) (User: )Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E. Error: (09/03/2013 05:19:42 PM) (Source: MatSvc) (User: )Description: The MATS service encountered a web service failure. hr=0x80072EE7 Error: (09/03/2013 05:13:03 PM) (Source: MatSvc) (User: )Description: The MATS service encountered a web service failure. hr=0x80072EE7 Error: (09/03/2013 05:09:08 PM) (Source: MatSvc) (User: )Description: The MATS service encountered a web service failure. hr=0x80072EE7 Error: (09/03/2013 05:07:19 PM) (Source: Windows Search Service) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (09/03/2013 05:07:19 PM) (Source: Windows Search Service) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (09/03/2013 05:04:30 PM) (Source: SendoriService) (User: )Description: In the enable methodObject reference not set to an instance of an object. System errors:=============Error: (09/03/2013 05:19:40 PM) (Source: Service Control Manager) (User: )Description: The Service Sendori service hung on starting. Error: (09/03/2013 05:04:08 PM) (Source: Service Control Manager) (User: )Description: The Service Sendori service hung on starting. Error: (09/03/2013 05:02:26 PM) (Source: 0) (User: )Description: 0xC0000001HarddiskVolume1 Error: (08/31/2013 08:36:29 AM) (Source: DCOM) (User: NT AUTHORITY)Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""in order to run the server:{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/31/2013 08:10:18 AM) (Source: DCOM) (User: HOME-4E734F40DE)Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""in order to run the server:{A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (08/31/2013 07:07:31 AM) (Source: DCOM) (User: HOME-4E734F40DE)Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""in order to run the server:{A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (08/31/2013 07:06:53 AM) (Source: DCOM) (User: HOME-4E734F40DE)Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""in order to run the server:{A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (08/31/2013 07:06:48 AM) (Source: DCOM) (User: NT AUTHORITY)Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""in order to run the server:{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/31/2013 07:01:50 AM) (Source: DCOM) (User: NT AUTHORITY)Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""in order to run the server:{DC7EF8E1-824F-4110-AB43-1604DA9B4F40} Error: (08/31/2013 07:01:50 AM) (Source: DCOM) (User: NT AUTHORITY)Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""in order to run the server:{DC7EF8E1-824F-4110-AB43-1604DA9B4F40} Microsoft Office Sessions:=========================Error: (09/03/2013 05:24:40 PM) (Source: MatSvc)(User: )Description: hr=0x80072EE7IDataUploadService::UploadResult Error: (09/03/2013 05:20:03 PM) (Source: SendoriService)(User: )Description: In the enable methodObject reference not set to an instance of an object. Error: (09/03/2013 05:19:42 PM) (Source: MatSvc)(User: )Description: hr=0x80072EE7IDataUploadService::UploadResult Error: (09/03/2013 05:19:42 PM) (Source: MatSvc)(User: )Description: hr=0xC004F00E Error: (09/03/2013 05:19:42 PM) (Source: MatSvc)(User: )Description: hr=0x80072EE7ISapCatalogService::GetFullSapCatalog Error: (09/03/2013 05:13:03 PM) (Source: MatSvc)(User: )Description: hr=0x80072EE7IDataUploadService::UploadResult Error: (09/03/2013 05:09:08 PM) (Source: MatSvc)(User: )Description: hr=0x80072EE7IDataUploadService::UploadResult Error: (09/03/2013 05:07:19 PM) (Source: Windows Search Service)(User: )Description: Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f)C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK Error: (09/03/2013 05:07:19 PM) (Source: Windows Search Service)(User: )Description: Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f)C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK Error: (09/03/2013 05:04:30 PM) (Source: SendoriService)(User: )Description: In the enable methodObject reference not set to an instance of an object. ==================== Memory info =========================== Percentage of memory in use: 34%Total physical RAM: 2037.1 MBAvailable physical RAM: 1331.26 MBTotal Pagefile: 3929.68 MBAvailable Pagefile: 3260.98 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1947.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.82 GB) (Free:177.5 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: A42D04A3)Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ -
I am having an issue with the Rootkit.0Access and Trojan.Zaccess virus. I have Malware Bytes Pro. I am running Windows XP SP3. The scan finds the virus and tries to remove it. When I reboot the virus is back. I have also tried Windows Defender offline since the virus corrupted my Windows Defender. I am also running Mcafee Antivirus but it does not find anything on the scan. I have notices other posts but they were not for Windows XP. Do I follow the same steps? Thanks!