Jump to content

Rootkit.0Access Trojan.Zaccess not removed


beneja
 Share

Recommended Posts

I am having an issue with the Rootkit.0Access and Trojan.Zaccess virus. I have Malware Bytes Pro. I am running Windows XP SP3. The scan finds the virus and tries to remove it. When I reboot the virus is back. I have also tried Windows Defender offline since the virus corrupted my Windows Defender. I am also running Mcafee Antivirus but it does not find anything on the scan. I have notices other posts but they were not for Windows XP. Do I follow the same steps?

 

Thanks!  

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

I have run the scans. Here are the results. I also have an issue that when I run a scan with Malwarebytes and I reboot it creates a folder named C:Avenger and there is also a file on the C: drive names Avenger.txt. This file keeps growing until it fills up my C: drive or I reboot again. After the second reboot the file is gone.  

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 03
Ran by Jim (administrator) on HOME-4E734F40DE on 03-09-2013 17:26:36
Running from C:\Malwarebytes
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(Sendori) C:\Program Files\Sendori\sndappv2.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneBusEnum.exe
(Sendori, Inc.) C:\Program Files\Sendori\SendoriSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(sendori) C:\Program Files\Sendori\Sendori.Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Sendori, Inc.) C:\Program Files\Sendori\SendoriUp.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Sendori, Inc.) C:\Program Files\Sendori\SendoriTray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Jim\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Jim\Local Settings\Application Data\Akamai\netsession_win.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsload.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [sendori Tray] - C:\Program Files\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-28] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Jim\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2012-10-09] (Akamai Technologies, Inc.)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\Linda\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\Marc\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\Mike\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AtHomeConnect.lnk
ShortcutTarget: AtHomeConnect.lnk -> C:\Program Files\AtHomeConnect\AtHomeConnect.exe (HR Block                            )
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk
ShortcutTarget: Citrix Access Gateway.lnk -> C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
ShortcutTarget: hp psc 1000 series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer:  
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {736A6A19-2844-4A1F-B6DB-2B2984338F4A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=04DD7690-C6A8-45C4-B867-03A2ADD1EB4C&apn_sauid=79F84B06-FBDE-41B3-8B56-DDA46E673ED8
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622173212.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{459B7DE9-33B5-44CE-BEF9-9E9E9CF8204F}: [NameServer]192.168.1.1
 
Chrome: 
=======
CHR DefaultSuggestURL: (Ask) - http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (YouTube) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 Application Sendori; C:\Program Files\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [154776 2010-03-18] (Citrix Systems, Inc)
R2 Service Sendori; C:\Program Files\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R2 ZuneBusEnum; C:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\   \   \???\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-09-26] (Avanquest Software)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [81024 2010-03-09] (Citrix Systems, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [41624 2010-03-18] (Citrix Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [32072 2012-05-18] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-19] (McAfee, Inc.)
R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
U3 mfeavfk01; No ImagePath
S0 odtmciey; System32\drivers\pxxiekr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-03 17:26 - 2013-09-03 17:26 - 00000000 ____D C:\FRST
2013-09-03 17:24 - 2013-09-03 17:24 - 00000000 ____D C:\Malwarebytes
2013-09-02 13:46 - 2013-09-03 17:25 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\U3
2013-08-31 09:05 - 2013-08-31 09:05 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\PCHealth
2013-08-31 09:01 - 2013-08-31 09:01 - 00881168 _____ (Microsoft Corporation) C:\Documents and Settings\Jim\Desktop\mssstool32.exe
2013-08-30 17:22 - 2013-08-31 21:09 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-30 17:22 - 2013-08-30 17:22 - 00098304 _____ C:\WINDOWS\Minidump\Mini083013-01.dmp
2013-08-29 17:40 - 2013-08-29 17:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-08-29 17:40 - 2013-08-29 17:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-08-29 17:14 - 2013-08-29 17:14 - 00000000 ____D C:\Documents and Settings\Jim\Start Menu\Programs\Antivirus Security Pro
2013-08-29 17:08 - 2013-08-29 17:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\sa3pngpV
2013-08-27 17:33 - 2013-08-27 17:33 - 00004125 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 17:33 - 2013-08-27 17:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-13 18:47 - 2013-08-13 18:48 - 00012857 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-13 18:44 - 2013-08-13 18:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-13 18:38 - 2013-08-13 18:39 - 00005129 _____ C:\WINDOWS\KB2863058.log
2013-08-13 18:38 - 2013-08-13 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-13 17:53 - 2013-08-13 18:39 - 00010738 _____ C:\WINDOWS\KB2859537.log
2013-08-13 17:53 - 2013-08-13 18:39 - 00009793 _____ C:\WINDOWS\KB2850869.log
2013-08-07 21:26 - 2013-08-07 21:26 - 00001320 _____ C:\Documents and Settings\Jim\Desktop\Shortcut to SalesForce_PST.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-09-03 17:26 - 2013-09-03 17:26 - 00000000 ____D C:\FRST
2013-09-03 17:25 - 2013-09-02 13:46 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\U3
2013-09-03 17:24 - 2013-09-03 17:24 - 00000000 ____D C:\Malwarebytes
2013-09-03 17:20 - 2013-07-16 17:15 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 17:20 - 2012-04-28 15:33 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-03 17:19 - 2013-07-16 17:15 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 17:19 - 2012-04-28 15:29 - 01295953 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-03 17:19 - 2012-04-28 11:19 - 00921365 _____ C:\WINDOWS\setupapi.log
2013-09-03 17:18 - 2012-05-22 09:13 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job
2013-09-03 17:18 - 2012-04-28 15:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-03 17:18 - 2012-04-28 11:22 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-03 17:18 - 2012-04-28 11:22 - 00000048 _____ C:\WINDOWS\wiaservc.log
2013-09-03 17:17 - 2013-07-02 18:00 - 00131072 _____ C:\WINDOWS\system32\config\SendoriL.evt
2013-09-03 17:17 - 2012-04-28 15:37 - 00000278 ___SH C:\Documents and Settings\Jim\ntuser.ini
2013-09-03 17:13 - 2012-05-22 09:13 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job
2013-09-03 17:02 - 2008-04-14 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-03 17:01 - 2012-04-28 15:28 - 00000000 ____D C:\WINDOWS\Registration
2013-09-02 17:51 - 2012-05-01 09:16 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job
2013-09-02 13:23 - 2012-04-28 17:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$
2013-09-01 12:29 - 2012-04-28 17:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2013-09-01 10:54 - 2012-04-28 17:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB958644$
2013-09-01 10:12 - 2012-04-28 17:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544521$
2013-08-31 21:09 - 2013-08-30 17:22 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-31 15:25 - 2012-05-01 12:23 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2013-08-31 14:46 - 2012-11-13 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2761226$
2013-08-31 13:33 - 2012-10-14 20:55 - 00000000 ____D C:\Documents and Settings\Mike
2013-08-31 13:33 - 2012-06-24 21:55 - 00000000 ____D C:\Documents and Settings\Marc
2013-08-31 13:33 - 2012-05-19 08:53 - 00000000 ____D C:\Documents and Settings\Linda
2013-08-31 13:33 - 2012-05-09 08:08 - 00000000 ____D C:\Documents and Settings\Administrator
2013-08-31 13:21 - 2012-04-28 17:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2013-08-31 09:20 - 2012-12-12 20:46 - 00001024 ____H C:\WINDOWS\system32\config\ELAM.LOG
2013-08-31 09:05 - 2013-08-31 09:05 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\PCHealth
2013-08-31 09:01 - 2013-08-31 09:01 - 00881168 _____ (Microsoft Corporation) C:\Documents and Settings\Jim\Desktop\mssstool32.exe
2013-08-31 08:37 - 2012-04-28 17:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977816$
2013-08-31 06:51 - 2012-10-09 18:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2756822$
2013-08-30 22:17 - 2012-04-29 10:38 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-30 20:19 - 2012-05-22 09:15 - 00011270 _____ C:\WINDOWS\bitssetup.log
2013-08-30 19:31 - 2012-12-11 23:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2013-08-30 17:34 - 2012-04-28 11:13 - 00000000 ____D C:\WINDOWS\security
2013-08-30 17:22 - 2013-08-30 17:22 - 00098304 _____ C:\WINDOWS\Minidump\Mini083013-01.dmp
2013-08-30 17:18 - 2012-12-11 23:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2013-08-30 16:54 - 2012-04-28 11:18 - 00207672 _____ C:\WINDOWS\setupact.log
2013-08-30 14:57 - 2012-04-28 15:28 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-08-30 06:09 - 2012-05-12 07:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2695962$
2013-08-30 06:07 - 2012-04-28 15:37 - 00000000 ____D C:\Documents and Settings\Jim
2013-08-30 06:06 - 2012-08-26 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sendori
2013-08-30 01:49 - 2012-12-15 10:17 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2013-08-29 22:51 - 2012-05-01 09:16 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job
2013-08-29 17:40 - 2013-08-29 17:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-08-29 17:40 - 2013-08-29 17:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-08-29 17:14 - 2013-08-29 17:14 - 00000000 ____D C:\Documents and Settings\Jim\Start Menu\Programs\Antivirus Security Pro
2013-08-29 17:13 - 2013-08-29 17:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\sa3pngpV
2013-08-29 17:12 - 2012-05-08 08:36 - 00048344 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-08-29 17:09 - 2012-04-28 19:31 - 00000000 ____D C:\Program Files\Google
2013-08-28 20:40 - 2008-04-14 08:00 - 00000742 _____ C:\WINDOWS\win.ini
2013-08-28 17:08 - 2012-08-26 10:39 - 00000000 ____D C:\Program Files\Sendori
2013-08-27 20:45 - 2012-04-28 19:55 - 00083673 _____ C:\hpfr3425.log
2013-08-27 20:45 - 2012-04-28 19:55 - 00000520 _____ C:\hpfr3420.xml
2013-08-27 17:33 - 2013-08-27 17:33 - 00004125 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 17:33 - 2013-08-27 17:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-27 17:33 - 2012-04-28 11:19 - 01564948 _____ C:\WINDOWS\iis6.log
2013-08-27 17:33 - 2012-04-28 11:19 - 01346185 _____ C:\WINDOWS\FaxSetup.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00678780 _____ C:\WINDOWS\ocgen.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00630491 _____ C:\WINDOWS\tsoc.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00462064 _____ C:\WINDOWS\comsetup.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00430316 _____ C:\WINDOWS\msmqinst.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00281122 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00238235 _____ C:\WINDOWS\netfxocm.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00094894 _____ C:\WINDOWS\MedCtrOC.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00075540 _____ C:\WINDOWS\ocmsn.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00068643 _____ C:\WINDOWS\msgsocm.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00067848 _____ C:\WINDOWS\tabletoc.log
2013-08-27 17:33 - 2012-04-28 11:19 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-17 17:17 - 2013-01-11 18:52 - 00028160 _____ C:\Documents and Settings\Jim\Desktop\Hawaii Excursions.xls
2013-08-13 18:48 - 2013-08-13 18:47 - 00012857 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-13 18:48 - 2012-04-28 17:32 - 00000000 ____D C:\WINDOWS\ie8updates
2013-08-13 18:48 - 2012-04-28 17:23 - 00099644 _____ C:\WINDOWS\updspapi.log
2013-08-13 18:48 - 2012-04-28 11:19 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-13 18:47 - 2013-08-13 18:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-13 18:41 - 2012-04-28 11:19 - 00603848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-13 18:39 - 2013-08-13 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-13 18:39 - 2013-08-13 18:38 - 00005129 _____ C:\WINDOWS\KB2863058.log
2013-08-13 18:39 - 2013-08-13 17:53 - 00010738 _____ C:\WINDOWS\KB2859537.log
2013-08-13 18:39 - 2013-08-13 17:53 - 00009793 _____ C:\WINDOWS\KB2850869.log
2013-08-13 18:39 - 2012-04-28 17:25 - 00023500 _____ C:\WINDOWS\system32\TZLog.log
2013-08-13 18:38 - 2013-08-13 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-07 21:26 - 2013-08-07 21:26 - 00001320 _____ C:\Documents and Settings\Jim\Desktop\Shortcut to SalesForce_PST.lnk
2013-08-07 04:22 - 2012-12-15 10:15 - 00238872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-08-05 16:00 - 2012-04-28 17:25 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
Files to move or delete:
====================
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}
C:\DOCUME~1\Jim\LOCALS~1\Temp\APNStub.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\FreemakeVideoConverter_3.1.1.4.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\hpzscr01.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\jre-7u21-windows-i586-iftw.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\jre-7u7-windows-i586-iftw.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\jre-7u9-windows-i586-iftw.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\stub_455_softonic.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleCrashHandler.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleCrashHandler64.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleUpdate.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleUpdateBroker.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleUpdateOnDemand.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\GoogleUpdateSetup.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdate.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_am.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ar.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_bg.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_bn.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ca.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_cs.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_da.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_de.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_el.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_en-GB.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_en.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_es-419.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_es.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_et.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_fa.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_fi.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_fil.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_fr.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_gu.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_hi.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_hr.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_hu.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_id.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_is.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_it.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_iw.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ja.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_kn.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ko.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_lt.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_lv.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ml.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_mr.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ms.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_nl.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_no.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_pl.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_pt-BR.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_pt-PT.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ro.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ru.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sk.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sl.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sr.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sv.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_sw.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ta.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_te.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_th.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_tr.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_uk.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_ur.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_vi.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_zh-CN.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\goopdateres_zh-TW.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\npGoogleUpdate3.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\psmachine.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\{D150E746-1E42-4055-9A34-AFBDA35D7B9B}\psuser.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_5\npCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_5\npMozCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_4\npCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_4\npMozCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_3\npCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_3\npMozCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_2\npCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_2\npMozCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_1\npCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_1\npMozCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_0\npCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\Temporary Directory 1 for ASUS_Pad_PC_Suite_v1_0_41 (2).zip\ASUS Pad PC Suite v1.0.41.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\ot2\OM2_Setup_Bootstrapper_2_2_0.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\ot2\OM2_Setup_SubBootstrapper.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\nshC9\Helper.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\Autorun.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\lts.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\zh-CHS\Autorun.resources.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\ja\Autorun.resources.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\fr\Autorun.resources.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\es\Autorun.resources.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\FixitCenter_run-Temp\de\Autorun.resources.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\CoreUtils.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\DIFxAPI.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\FWManager.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\HPDiagnosticCore.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\HPDiagnosticCoreUI.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\hpodss01.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\Impl_FirewallLib.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\msvcp100.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\msvcr100.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\OESISCore.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\DeviceManager\DeviceManager.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\7zS5F1B\DeviceManager\DIFxAPI.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\GoogleEarth.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\Leap.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\Leap.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\DOCUME~1\Jim\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2013 03
Ran by Jim at 2013-09-03 17:27:51
Running from C:\Malwarebytes
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Akamai NetSession Interface
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASUS Android USB Drivers (Version: 1.0.6292)
AtHomeConnect version 1.0.1.0 (Version: 1.0.1.0)
Bonjour (Version: 3.0.0.10)
Citrix Access Gateway Plug-in (Version: 9.2.39.6)
Citrix online plug-in - web (Version: 12.1.44.1)
Citrix online plug-in (DV) (Version: 12.1.44.1)
Citrix online plug-in (HDX) (Version: 12.1.44.1)
Citrix online plug-in (USB) (Version: 12.1.44.1)
Citrix online plug-in (Web) (Version: 12.1.44.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Coupon Printer for Windows (Version: 5.0.0.3)
Dell Resource CD (Version: 1.00.0000)
Dropbox (HKCU Version: 1.6.18)
Garmin Communicator Plugin (Version: 4.0.4)
Garmin USB Drivers (Version: 2.3.1.0)
Google Chrome (HKCU Version: 28.0.1500.95)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7803)
H&R Block Ohio 2012 (Version: 1.12.4401)
HP Memories Disc (Version: 1.0.4.805)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Product Detection (Version: 11.15.0005)
hp psc 1200 series (Version: 1.10.0000)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.12.0 (Version: )
Internet Explorer (Enable DEP)
iPhone Configuration Utility (Version: 3.6.2.300)
iTunes (Version: 11.0.4.4)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.0 (Version: 2.1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee AntiVirus Plus (Version: 11.6.511)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WinUsb 1.0
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
OLYMPUS Master 2 (Version: 1.0.6)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 5.10.0.5548)
Sendori (Version: 2.0.15)
Shared C Run-time for x86 (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Search 4.0 (Version: 04.00.6001.503)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
 
 
==================== Restore Points  =========================
 
01-09-2013 11:58:03 System Checkpoint
02-09-2013 12:47:13 System Checkpoint
 
==================== Hosts content: ==========================
 
2011-08-11 15:41 - 2010-04-28 16:08 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\ConfigExec.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\DataUpload.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1335654144.job => C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job => C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job => C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-04-14 08:00 - 2008-04-14 08:00 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime
2009-03-10 22:18 - 2009-03-10 22:18 - 00239496 ____N (Microsoft Corporation) C:\WINDOWS\system32\WgaLogon.dll
2012-04-28 15:27 - 2008-06-12 10:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\System32\mtxoci.dll
2008-04-14 08:00 - 2009-03-08 04:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\advpack.dll
2006-09-28 18:56 - 2009-07-13 18:16 - 00064512 ____N (Microsoft Corporation) c:\windows\system32\wudfsvc.dll
2006-09-28 18:56 - 2009-07-13 16:50 - 00148480 ____N (Microsoft Corporation) c:\windows\system32\WUDFPlatform.dll
2003-03-09 00:30 - 2003-03-09 00:30 - 00184386 _____ (HP) C:\WINDOWS\system32\hpzsnt07.dll
2012-04-28 17:56 - 2007-04-09 13:23 - 00028040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdimon.dll
2012-04-28 17:56 - 2007-04-09 13:23 - 00028552 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
2012-04-29 10:57 - 2008-07-06 08:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 00053608 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01292136 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 00923496 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 16303976 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\WINDOWS\system32\dnssd.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 08:00 - 2009-03-06 10:22 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcbcp.dll
2012-10-31 16:10 - 2012-10-31 16:10 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVCR100.dll
2012-10-31 16:10 - 2012-10-31 16:10 - 00138056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ATL100.DLL
2011-06-11 02:58 - 2011-06-11 02:58 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVCP100.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\LZ32.dll
2012-11-08 12:29 - 2012-11-08 12:29 - 01402312 _____ (Microsoft Corporation) c:\WINDOWS\system32\msxml4.dll
2013-07-01 15:28 - 2013-07-01 15:28 - 00133408 _____ (Sendori) C:\Program Files\Sendori\SndCertDLL.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00333824 _____ (Microsoft Corporation) c:\windows\system32\wiaservc.dll
2013-07-01 15:28 - 2013-07-01 15:28 - 00275744 _____ (Sendori, Inc.) C:\Program Files\Sendori\DynLib.dll
2013-07-01 15:28 - 2013-07-01 15:28 - 00147232 _____ (Sendori) C:\Program Files\Sendori\Sendori.Library.dll
2008-05-26 22:21 - 2008-05-26 22:21 - 01418240 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSSRCH.DLL
2008-05-26 22:17 - 2008-05-26 22:17 - 00221184 ____N (Microsoft Corporation) C:\WINDOWS\system32\en-us\tQuery.dll.mui
2008-05-26 22:17 - 2008-05-26 22:17 - 00034816 ____N (Microsoft Corporation) C:\WINDOWS\system32\msscb.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangWrbk.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\infosoft.dll
2008-04-14 08:00 - 2010-03-05 10:37 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2013-03-12 02:39 - 2013-03-12 02:39 - 00129272 _____ (Dropbox, Inc.) C:\Documents and Settings\Jim\Application Data\Dropbox\bin\DropboxExt.17.dll
2008-04-14 08:00 - 2011-03-04 02:37 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2008-04-14 08:00 - 2009-03-08 04:31 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImgUtil.dll
2008-04-14 08:00 - 2009-03-08 04:31 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2012-04-30 09:33 - 2007-04-16 19:50 - 00102400 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.DLL
2012-04-30 09:33 - 2007-04-16 19:50 - 00047616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2012-04-30 09:35 - 2007-04-16 19:50 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2012-04-30 09:33 - 2007-04-16 19:50 - 00204800 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\HHCTRL.OCX
2011-04-25 01:57 - 2011-04-25 01:57 - 00255936 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ctxmui.dll
2011-04-25 01:58 - 2011-04-25 01:58 - 00124864 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\CCMSDK.dll
2011-04-25 01:53 - 2011-04-25 01:53 - 00011200 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\ctxmuiUI.DLL
2011-04-25 01:54 - 2011-04-25 01:54 - 00427968 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\concenUI.DLL
2011-04-25 01:57 - 2011-04-25 01:57 - 00023488 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\CCMProxy.dll
2011-04-25 02:14 - 2011-04-25 02:14 - 00088000 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ProgressNotificationCommon.dll
2011-04-25 02:17 - 2011-04-25 02:17 - 00049600 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\WFCWINN.dll
2011-04-25 02:07 - 2011-04-25 02:07 - 00029120 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\acrdlg.dll
2011-04-25 02:04 - 2011-04-25 02:04 - 00096192 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\statuin.dll
2011-04-25 01:59 - 2011-04-25 01:59 - 00092096 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\confmgr.dll
2011-04-25 01:58 - 2011-04-25 01:58 - 00022976 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ctxlogging.dll
2011-04-25 01:58 - 2011-04-25 01:58 - 00032192 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\icafile.dll
2011-04-25 02:08 - 2011-04-25 02:08 - 00485312 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\CST.dll
2011-04-25 01:53 - 2011-04-25 01:53 - 00020416 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll
2011-04-25 01:54 - 2011-04-25 01:54 - 00075712 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\statuiUI.DLL
2011-04-25 01:53 - 2011-04-25 01:53 - 00104384 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\CSTUI.DLL
2011-04-25 01:54 - 2011-04-25 01:54 - 00116672 _____ (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\resource\en\wfcrunUI.DLL
2008-04-14 08:00 - 2008-04-14 08:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\security.dll
2002-10-04 05:45 - 2002-10-04 05:45 - 00122880 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll
2003-04-06 00:36 - 2003-04-06 00:36 - 00200704 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll
2003-04-06 01:06 - 2003-04-06 01:06 - 00253952 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll
2003-04-06 00:35 - 2003-04-06 00:35 - 00053248 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll
2003-04-06 00:38 - 2003-04-06 00:38 - 00450560 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll
2012-04-28 19:00 - 2003-03-09 00:31 - 00233528 ____R (HP) C:\WINDOWS\system32\hpzidr12.dll
2012-04-28 19:00 - 2003-03-09 00:31 - 00167936 ____R (HP) C:\WINDOWS\system32\hpzipr12.dll
2003-04-06 01:06 - 2003-04-06 01:06 - 00212992 _____ (Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll
2008-05-26 22:19 - 2008-05-26 22:19 - 00143872 ____N (Microsoft Corporation) C:\WINDOWS\system32\uncdms.dll
2008-05-26 22:19 - 2008-05-26 22:19 - 00273408 ____N (Microsoft Corporation) C:\WINDOWS\system32\oeph.dll
2008-05-26 22:18 - 2009-05-25 00:24 - 00350208 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2012-04-28 15:30 - 2008-04-14 08:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MAPI32.dll
2012-04-28 15:28 - 2008-04-14 08:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSOERT2.dll
2012-04-28 15:28 - 2008-04-14 08:00 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSOEACCT.dll
2012-04-28 15:28 - 2011-10-10 10:22 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETCOMM.dll
2012-04-28 15:29 - 2008-04-14 08:00 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\acctres.dll
2012-04-28 15:28 - 2008-04-14 08:00 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetres.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msident.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msidntld.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PSTOREC.DLL
2002-10-08 09:57 - 2002-10-08 09:57 - 00053248 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtap08.dll
2003-04-06 00:55 - 2003-04-06 00:55 - 00245760 _____ (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\Documents and Settings\Jim\My Documents\Data Warehousing - Fact and Dimension Tables - SQLServerPedia.url:favicon
 
==================== Faulty Device Manager Devices =============
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/03/2013 05:24:40 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7
 
Error: (09/03/2013 05:20:03 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/03/2013 05:19:42 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7
 
Error: (09/03/2013 05:19:42 PM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.
 
Error: (09/03/2013 05:19:42 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7
 
Error: (09/03/2013 05:13:03 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7
 
Error: (09/03/2013 05:09:08 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7
 
Error: (09/03/2013 05:07:19 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (09/03/2013 05:07:19 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (09/03/2013 05:04:30 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
 
System errors:
=============
Error: (09/03/2013 05:19:40 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service hung on starting.
 
Error: (09/03/2013 05:04:08 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service hung on starting.
 
Error: (09/03/2013 05:02:26 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (08/31/2013 08:36:29 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/31/2013 08:10:18 AM) (Source: DCOM) (User: HOME-4E734F40DE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/31/2013 07:07:31 AM) (Source: DCOM) (User: HOME-4E734F40DE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/31/2013 07:06:53 AM) (Source: DCOM) (User: HOME-4E734F40DE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/31/2013 07:06:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/31/2013 07:01:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
 
Error: (08/31/2013 07:01:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
 
 
Microsoft Office Sessions:
=========================
Error: (09/03/2013 05:24:40 PM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7IDataUploadService::UploadResult
 
Error: (09/03/2013 05:20:03 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/03/2013 05:19:42 PM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7IDataUploadService::UploadResult
 
Error: (09/03/2013 05:19:42 PM) (Source: MatSvc)(User: )
Description: hr=0xC004F00E
 
Error: (09/03/2013 05:19:42 PM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7ISapCatalogService::GetFullSapCatalog
 
Error: (09/03/2013 05:13:03 PM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7IDataUploadService::UploadResult
 
Error: (09/03/2013 05:09:08 PM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7IDataUploadService::UploadResult
 
Error: (09/03/2013 05:07:19 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (09/03/2013 05:07:19 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (09/03/2013 05:04:30 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 34%
Total physical RAM: 2037.1 MB
Available physical RAM: 1331.26 MB
Total Pagefile: 3929.68 MB
Available Pagefile: 3260.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.48 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.82 GB) (Free:177.5 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Link to post
Share on other sites

Please delete the contents of this temp folder:

C:\Documents and Settings\Jim\Local Settings\temp

Then................

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

system-log.txtsystem-log.txtI believe that that has cleared it up. I have update the Malwarebytes virus definitions yerterday and today. I have run full scans and quick scans. No viruses are detected. I still have na issue with Windows Defender not working but I can deal with that.

Fixlog_03-09-2013_19-46-13.txt

mbar-log-2013-09-03 (19-49-20).txt

mbar-log-2013-09-03 (20-50-20).txt

Link to post
Share on other sites

Download, install and run CCleaner free to clean out temp files.

Here's a Tutorial if needed.

You may want to uncheck cookies and STAY AWAY from the registry cleaner option!!

----------------------------------------------

Then......

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Link to post
Share on other sites

Here are the results from RogueKiller

 

 

RogueKiller V8.6.9 [sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 09/06/2013 17:13:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\   \   \???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < [x] -> STOPPED

¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1801674531-2050456121-1003\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\   \   \???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\   \   \???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\   \   \???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" < [x]) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer ( ) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] LegitLib.dll : C:\Program Files\Windows Defender\LegitLib.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Windows Defender\mpevmsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Windows Defender\MpOAv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpShHook.dll : C:\Program Files\Windows Defender\MpShHook.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Windows Defender\MsMpEng.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] wgadef.chm : C:\Program Files\Windows Defender\wgadef.chm >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS +++++
--- User ---
[MBR] b3cf5c18f653eacf78558134b8028197
[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09062013_171329.txt >>

 

 

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Here is the latest.

 

RogueKiller V8.6.9 [sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 09/07/2013 10:38:10
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1801674531-2050456121-1003\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer ( ) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST3250310AS +++++
--- User ---
[MBR] b3cf5c18f653eacf78558134b8028197
[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09072013_103810.txt >>
RKreport[0]_S_09062013_171329.txt
 
 
 
Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest: (if found)

[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND

Now click Delete on the right hand column under Options

-------------

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

The only thing in the Folder tab is one item It is a folder type, name - Installer, Path is C:|Program Files\Google\Desktop\Install. There is no check box. Can I highlight the item and delete it? I do see ZeroAccess types in the registry tab. There are also SUSP Path types in red.

Link to post
Share on other sites

RogueKiller V8.6.9 [sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 09/07/2013 10:49:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1801674531-2050456121-1003\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer ( ) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS +++++
--- User ---
[MBR] b3cf5c18f653eacf78558134b8028197
[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09072013_104928.txt >>
RKreport[0]_S_09062013_171329.txt;RKreport[0]_S_09072013_103810.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND

[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Desktop\Install\{92f34e36-b9ec-b423-6243-5701c57ffa94}\???\???\???ﯹ๛\{92f34e36-b9ec-b423-6243-5701c57ffa94}\GoogleUpdate.exe" >) -> FOUND


Now click Delete on the right hand column under Options

-------------

Next click on the Files tab and put a check next to these and uncheck the rest. (if found)
 

[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND


Now click Delete on the right hand column under Options

-------------

 

Reboot and make sure they are gone with another scan.

 

MrC

Link to post
Share on other sites

Here is the latest log file -

 

RogueKiller V8.6.9 [sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 09/07/2013 12:29:13
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1801674531-2050456121-1003\[...]\Run : Google Update ("C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer ( ) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003UA.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-2050456121-1003Core.job : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST3250310AS +++++
--- User ---
[MBR] b3cf5c18f653eacf78558134b8028197
[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Link to post
Share on other sites

Good....Clean

Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

The ADAWare was ok. The Malwarebytes came back with on problems found. I do still have some issues. Windows Defender does not work. It returns "Application Failed To Initialize: 0x80070006. The handle is invalid." I also found the attached errors in the Windows event viewer.

 

 

mbam-log-2013-09-07 (16-03-55).txt

ApplicationError_MatSvc.txt

SendoriLogs.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.