MalwareBytes & Mcafee say no Zero Acess - RogueKiller says yes

[houndman]

I was infected with zero access a couple weeks ago.  Mcafee began informing me it was blocking a risky connection then Malwarebytes found numerous trojans. I called Mcaffe and they logged in remotely to my machine and ran some tools (ZAT-DET) to remove it.  Subsequent scans by both Mcafee and malwarebytes came up clean so I figured I was good. My desktop icons were displaced after the repair so yesterday I moved them back to their original locations and when I restarted the computer their positioned automatically moved again to the left side of screen. I then discovered if I move desktop icons and then refresh they repostition to the left side of screen (the position of my desktop icons is not locked). 

 

I googled this issue and found this is common with zero access trojan.  I read on a MS site to download and run RogueKiller.  I did this and it finds and stops a process it says it zero access and then deleted a bunch of files.  However after rebooting and rerunning RogueKiller it still gives me the following warning in the report:

 

¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{b4c38dae-3fad-c5b0-6b4f-2a9b3bb06ebf}\   \   \???ﯹ๛\{b4c38dae-3fad-c5b0-6b4f-2a9b3bb06ebf}\GoogleUpdate.exe" < [x] -> STOPPED
 

 

I called Mcafee and they they ran their tools again and state the computer is clean, however since I have the issues with my icons I am not sure? 

Help/suggestions greatly appreciated.

 

 

[MrCharlie]

Welcome to the forum.

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[houndman]

Thanks a ton for the response.  Below is the information requested;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2013 01
Ran by Gary  (administrator) on D92FS261 on 15-12-2013 06:54:02
Running from C:\Documents and Settings\Gary \Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\WINDOWS\SYSTEM32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\WINDOWS\SYSTEM32\Brmfrmps.exe
(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPCAgent.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(McAfee, Inc.) C:\WINDOWS\SYSTEM32\mfevtps.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Prolific Technology Inc.) C:\WINDOWS\SYSTEM32\IoctlSvc.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
(Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTHELPER.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Sonic Solutions) C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(iPass Inc) C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe [135168 2004-06-29] (Intel Corporation)
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-05-28] (ATI Technologies, Inc.)
HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)
HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [49152 2002-10-29] (Creative Technology Ltd)
HKLM\...\Run: [CTDVDDet] - C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [45056 2002-09-29] (Creative Technology Ltd)
HKLM\...\Run: [CTHelper] - C:\WINDOWS\SYSTEM32\CTHELPER.EXE [28672 2003-02-20] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] - REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [updReg] - C:\WINDOWS\Updreg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [57344 2004-08-23] (CyberLink Corp.)
HKLM\...\Run: [dla] - C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe [122939 2004-08-12] (Sonic Solutions)
HKLM\...\Run: [setDefPrt] - C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe [49152 2004-05-25] (Brother Industories, Ltd.)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [brStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [indexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [iSUSPM] - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
MountPoints2: {c962862a-3211-11e0-9401-0011114bad16} - F:\setup.exe -a
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2012-10-25] (Apple Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - DefaultScope {0219E3AA-25A4-480E-A6AE-7BFB789C6029} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKCU - {0219E3AA-25A4-480E-A6AE-7BFB789C6029} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120629181842.dll (McAfee, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9EF34803-43A8-487A-BC9E-C23FACCDBDBE} http://rapprinter.rapmls.com/RapattoniMlsPDFCreator_001.exe
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

========================== Services (Whitelisted) =================

R2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [397312 2004-05-28] ()
R2 brmfrmps; C:\WINDOWS\SYSTEM32\Brmfrmps.exe [65536 2003-03-19] (Brother Industries, Ltd.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
R2 CVPND; c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1409048 2005-01-07] (Cisco Systems, Inc.)
R2 IAANTMon; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [73852 2004-06-29] (Intel Corporation)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1028096 2004-10-22] (iPass)
R2 iPCAgent; C:\Program Files\iPass\iPassConnect\iPCAgent.exe [90112 2004-10-19] (iPass, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [203080 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
S4 6to4; C:\WINDOWS\system32\6to4v32.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
U4 *etadpug; "C:\Program Files\Google\Desktop\Install\{b4c38dae-3fad-c5b0-6b4f-2a9b3bb06ebf}\   \   \???\{b4c38dae-3fad-c5b0-6b4f-2a9b3bb06ebf}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-01-06] (Windows ® 2000 DDK provider)
S3 brfilt; C:\Windows\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-15] (Brother Industries Ltd.)
S3 BrUsbScn; C:\Windows\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R1 cdrbsvsd; C:\Windows\System32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [287920 2003-03-27] (Creative Technology Ltd)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5220 2003-05-01] (Cisco Systems, Inc.)
R2 CVPNDRVA; c:\WINDOWS\system32\Drivers\CVPNDRVA.sys [297035 2005-01-07] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [139604 2004-02-02] (Deterministic Networks, Inc.)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [823616 2003-03-26] (Creative Technology Ltd)
R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [141536 2003-03-26] (Creative Technology Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [20696 2007-02-21] (KORG Inc.)
R2 MDC80211; C:\Windows\System32\DRIVERS\mdc80211.sys [15793 2010-02-04] (Meetinghouse Data Communications)
S3 mf; C:\Windows\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-19] (McAfee, Inc.)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-06] (Creative Technology Ltd.)
R3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [342096 2010-10-20] (Native Instruments GmbH)
S3 rig3usb; C:\Windows\System32\Drivers\rig3usb.sys [89168 2010-10-20] (Native Instruments GmbH)
R3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [89168 2010-10-20] (Native Instruments GmbH)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-12] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-12] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-12] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-12] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-12] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-12] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-12] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-12] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-12] (Sonic Solutions)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [189792 2003-08-28] (Zone Labs Inc.)
S3 Wdm1; C:\Windows\System32\Drivers\usbbc.sys [15576 2003-07-01] ()
S4 bvrp_pci; No ImagePath
U4 mfeavfk01; No ImagePath
S4 MFE_RR; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mfe_rr.sys [x]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S4 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\GARYLE~1\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-15 06:54 - 2013-12-15 06:54 - 00022010 _____ C:\Documents and Settings\Gary \Desktop\FRST.txt
2013-12-15 06:53 - 2013-12-15 06:53 - 01060897 _____ (Farbar) C:\Documents and Settings\Gary \Desktop\FRST.exe
2013-12-15 06:53 - 2013-12-15 06:53 - 00000000 ____D C:\FRST
2013-12-14 23:02 - 2013-12-15 00:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
2013-12-14 20:06 - 2013-12-14 20:06 - 00025605 _____ C:\Documents and Settings\Gary \Desktop\attach.txt
2013-12-14 20:06 - 2013-12-14 20:06 - 00017000 _____ C:\Documents and Settings\Gary \Desktop\dds.txt
2013-12-14 20:03 - 2013-12-14 20:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Gary \Desktop\dds.com
2013-12-14 19:08 - 2013-12-14 19:08 - 151418802 _____ C:\Documents and Settings\Gary \Desktop\regbackup.reg
2013-12-14 18:57 - 2013-12-14 18:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix
2013-12-14 18:22 - 2013-12-14 18:53 - 00000000 ____D C:\WINDOWS\zatfix
2013-12-14 17:23 - 2013-12-14 17:23 - 00001875 _____ C:\Documents and Settings\Gary \Desktop\RKreport[0]_S_12142013_172303.txt
2013-12-14 10:37 - 2013-12-14 19:20 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\RK_Quarantine
2013-12-14 10:37 - 2013-12-14 10:37 - 03580416 _____ C:\Documents and Settings\Gary \Desktop\RogueKiller.exe
2013-12-11 22:58 - 2013-12-11 22:59 - 00012782 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-11 22:57 - 2013-12-11 22:57 - 00005072 _____ C:\WINDOWS\KB2904266.log
2013-12-11 22:57 - 2013-12-11 22:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 22:57 - 2013-12-11 22:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 22:53 - 2013-12-11 22:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 22:53 - 2013-12-11 22:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 22:52 - 2013-12-11 22:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 22:22 - 2013-12-11 22:57 - 00010466 _____ C:\WINDOWS\KB2898715.log
2013-12-11 22:22 - 2013-12-11 22:53 - 00010001 _____ C:\WINDOWS\KB2893984.log
2013-12-11 22:22 - 2013-12-11 22:53 - 00009298 _____ C:\WINDOWS\KB2893294.log
2013-12-11 22:21 - 2013-12-11 22:52 - 00008521 _____ C:\WINDOWS\KB2892075.log
2013-12-09 18:25 - 2013-12-09 18:25 - 00000000 ____D C:\Documents and Settings\Gary \Application Data\JCP
2013-12-09 18:24 - 2013-12-09 18:24 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\New Folder
2013-12-07 10:24 - 2013-12-07 11:55 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Guitar Backing
2013-12-07 10:21 - 2013-12-07 10:21 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\Coffee Lavazza
2013-12-07 10:19 - 2013-12-07 10:19 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Time Keeping
2013-12-07 09:47 - 2013-12-07 10:20 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Piano Songs
2013-12-06 16:40 - 2013-12-07 12:00 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Angela
2013-12-05 18:41 - 2013-12-05 18:41 - 00103832 _____ C:\Documents and Settings\Gary \GoToAssistDownloadHelper.exe
2013-12-05 18:41 - 2013-12-05 18:41 - 00000000 ____D C:\Documents and Settings\Gary \Local Settings\Application Data\Citrix
2013-12-05 17:57 - 2013-12-05 17:57 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-11-21 23:12 - 2013-12-07 10:12 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Sean
2013-11-17 08:04 - 2013-12-14 23:02 - 00001589 _____ C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk

==================== One Month Modified Files and Folders =======

2013-12-15 06:54 - 2013-12-15 06:54 - 00022010 _____ C:\Documents and Settings\Gary \Desktop\FRST.txt
2013-12-15 06:53 - 2013-12-15 06:53 - 01060897 _____ (Farbar) C:\Documents and Settings\Gary \Desktop\FRST.exe
2013-12-15 06:53 - 2013-12-15 06:53 - 00000000 ____D C:\FRST
2013-12-15 06:40 - 2012-11-26 18:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-15 06:21 - 2010-10-10 21:44 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 01:21 - 2010-10-10 21:44 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 00:59 - 2013-12-14 23:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
2013-12-15 00:21 - 2005-01-06 12:45 - 00032392 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-14 23:02 - 2013-11-17 08:04 - 00001589 _____ C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
2013-12-14 20:06 - 2013-12-14 20:06 - 00025605 _____ C:\Documents and Settings\Gary \Desktop\attach.txt
2013-12-14 20:06 - 2013-12-14 20:06 - 00017000 _____ C:\Documents and Settings\Gary \Desktop\dds.txt
2013-12-14 20:03 - 2013-12-14 20:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Gary \Desktop\dds.com
2013-12-14 19:57 - 2005-01-06 12:45 - 01499719 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-14 19:30 - 2005-01-06 12:56 - 04481358 _____ C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.CDF
2013-12-14 19:30 - 2005-01-06 12:43 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL
2013-12-14 19:26 - 2004-08-11 15:20 - 00097602 ____C C:\WINDOWS\WMSETUP.LOG
2013-12-14 19:25 - 2005-01-19 22:03 - 00000278 ___SH C:\Documents and Settings\Gary \NTUSER.INI
2013-12-14 19:20 - 2013-12-14 10:37 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\RK_Quarantine
2013-12-14 19:08 - 2013-12-14 19:08 - 151418802 _____ C:\Documents and Settings\Gary \Desktop\regbackup.reg
2013-12-14 18:57 - 2013-12-14 18:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix
2013-12-14 18:53 - 2013-12-14 18:22 - 00000000 ____D C:\WINDOWS\zatfix
2013-12-14 18:50 - 2004-08-11 15:09 - 00000159 _____ C:\WINDOWS\WIADEBUG.LOG
2013-12-14 18:50 - 2004-08-11 15:09 - 00000050 _____ C:\WINDOWS\WIASERVC.LOG
2013-12-14 18:49 - 2005-01-06 13:03 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2013-12-14 18:49 - 2005-01-06 13:03 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2013-12-14 18:49 - 2005-01-06 13:03 - 00000288 _____ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
2013-12-14 18:49 - 2005-01-06 13:03 - 00000288 _____ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
2013-12-14 18:49 - 2005-01-06 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-14 17:23 - 2013-12-14 17:23 - 00001875 _____ C:\Documents and Settings\Gary \Desktop\RKreport[0]_S_12142013_172303.txt
2013-12-14 11:59 - 2010-10-10 21:40 - 00000000 ____D C:\Program Files\Google
2013-12-14 10:37 - 2013-12-14 10:37 - 03580416 _____ C:\Documents and Settings\Gary \Desktop\RogueKiller.exe
2013-12-14 09:43 - 2011-02-06 09:43 - 00000368 _____ C:\WINDOWS\Tasks\MotoHelper Routing.job
2013-12-13 23:16 - 2005-01-06 12:44 - 00528530 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-13 22:14 - 2004-08-11 15:20 - 00349792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 22:59 - 2013-12-11 22:58 - 00012782 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-11 22:59 - 2010-12-29 12:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-11 22:59 - 2005-04-12 22:02 - 00448709 _____ C:\WINDOWS\updspapi.log
2013-12-11 22:59 - 2005-01-06 12:44 - 03722187 _____ C:\WINDOWS\FaxSetup.log
2013-12-11 22:59 - 2005-01-06 12:44 - 01800573 _____ C:\WINDOWS\OCGEN.LOG
2013-12-11 22:59 - 2005-01-06 12:44 - 01703287 _____ C:\WINDOWS\TSOC.LOG
2013-12-11 22:59 - 2005-01-06 12:44 - 01159066 _____ C:\WINDOWS\MSMQINST.LOG
2013-12-11 22:59 - 2005-01-06 12:44 - 00656028 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-11 22:59 - 2005-01-06 12:44 - 00648702 _____ C:\WINDOWS\NETFXOCM.LOG
2013-12-11 22:59 - 2005-01-06 12:44 - 00256347 _____ C:\WINDOWS\MedCtrOC.log
2013-12-11 22:59 - 2005-01-06 12:44 - 00185945 _____ C:\WINDOWS\MSGSOCM.LOG
2013-12-11 22:59 - 2005-01-06 12:44 - 00185873 _____ C:\WINDOWS\TABLETOC.LOG
2013-12-11 22:59 - 2005-01-06 12:44 - 00177815 _____ C:\WINDOWS\OCMSN.LOG
2013-12-11 22:59 - 2005-01-06 12:44 - 00121050 _____ C:\WINDOWS\iis6.log
2013-12-11 22:59 - 2005-01-06 12:44 - 00029023 _____ C:\WINDOWS\COMSETUP.LOG
2013-12-11 22:59 - 1979-12-31 22:00 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-11 22:58 - 2010-08-27 21:47 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-11 22:57 - 2013-12-11 22:57 - 00005072 _____ C:\WINDOWS\KB2904266.log
2013-12-11 22:57 - 2013-12-11 22:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 22:57 - 2013-12-11 22:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 22:57 - 2013-12-11 22:22 - 00010466 _____ C:\WINDOWS\KB2898715.log
2013-12-11 22:57 - 2013-08-09 22:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-11 22:57 - 2007-02-21 22:45 - 00894332 ____C C:\WINDOWS\system32\TZLog.log
2013-12-11 22:57 - 1979-12-31 22:00 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-11 22:53 - 2013-12-11 22:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 22:53 - 2013-12-11 22:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 22:53 - 2013-12-11 22:22 - 00010001 _____ C:\WINDOWS\KB2893984.log
2013-12-11 22:53 - 2013-12-11 22:22 - 00009298 _____ C:\WINDOWS\KB2893294.log
2013-12-11 22:53 - 2005-05-10 21:59 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-11 22:52 - 2013-12-11 22:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 22:52 - 2013-12-11 22:21 - 00008521 _____ C:\WINDOWS\KB2892075.log
2013-12-10 19:41 - 2012-05-07 17:42 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-10 19:41 - 2011-05-19 15:59 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-09 18:25 - 2013-12-09 18:25 - 00000000 ____D C:\Documents and Settings\Gary \Application Data\JCP
2013-12-09 18:24 - 2013-12-09 18:24 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\New Folder
2013-12-08 19:23 - 2012-01-24 11:46 - 00001025 _____ C:\WINDOWS\BRCALIB.INI
2013-12-07 23:03 - 2010-12-29 12:41 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-12-07 12:00 - 2013-12-06 16:40 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Angela
2013-12-07 11:55 - 2013-12-07 10:24 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Guitar Backing
2013-12-07 10:21 - 2013-12-07 10:21 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\Coffee Lavazza
2013-12-07 10:20 - 2013-12-07 09:47 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Piano Songs
2013-12-07 10:20 - 2010-06-05 21:10 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\KIDS STUFF
2013-12-07 10:19 - 2013-12-07 10:19 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Time Keeping
2013-12-07 10:12 - 2013-11-21 23:12 - 00000000 ____D C:\Documents and Settings\Gary \Desktop\Sean
2013-12-07 10:10 - 2005-01-20 20:29 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\Gary's
2013-12-07 09:48 - 2005-01-20 20:34 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\Ling
2013-12-07 09:47 - 2005-01-20 20:36 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\Gregory
2013-12-07 09:45 - 2005-01-20 20:35 - 00000000 ____D C:\Documents and Settings\Gary \My Documents\REAL ESTATE
2013-12-05 18:41 - 2013-12-05 18:41 - 00103832 _____ C:\Documents and Settings\Gary \GoToAssistDownloadHelper.exe
2013-12-05 18:41 - 2013-12-05 18:41 - 00000000 ____D C:\Documents and Settings\Gary \Local Settings\Application Data\Citrix
2013-12-05 18:41 - 2005-01-20 20:39 - 00000000 ____D C:\Program Files\Citrix
2013-12-05 18:41 - 2005-01-19 22:03 - 00000000 ____D C:\Documents and Settings\Gary
2013-12-05 17:59 - 2005-01-06 12:45 - 00000178 __SHC C:\Documents and Settings\Administrator\NTUSER.INI
2013-12-05 17:59 - 2005-01-06 12:27 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-05 17:57 - 2013-12-05 17:57 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-12-05 06:42 - 2009-12-09 00:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974392_0$
2013-12-03 21:07 - 2012-06-13 20:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2685939$
2013-12-03 18:20 - 2005-01-06 12:26 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-03 06:40 - 2012-09-15 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB915800-v4$
2013-12-03 06:39 - 2005-01-21 07:22 - 00000000 ____D C:\Documents and Settings\Gary \Application Data\Geyw
2013-12-02 20:02 - 2005-01-20 20:37 - 00000000 ____D C:\Documents and Settings\Gary \Local Settings\Application Data\Google
2013-11-29 07:11 - 2004-08-04 03:00 - 00000000 __SHD C:\Documents and Settings\Gary \Application Data\chuivseb
2013-11-28 15:13 - 2010-06-20 22:28 - 00000000 ____D C:\Documents and Settings\Gary \ZipForm
2013-11-28 10:44 - 2011-09-06 22:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2607712$
2013-11-28 09:43 - 2011-02-06 09:43 - 00000372 _____ C:\WINDOWS\Tasks\MotoHelper MUM.job
2013-11-27 16:56 - 2012-12-24 18:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-22 21:30 - 2011-12-18 12:18 - 00000000 ____D C:\Program Files\McAfee
2013-11-21 21:19 - 2013-04-14 05:36 - 00124189 _____ C:\WINDOWS\setupapi.log

Files to move or delete:
====================
C:\Documents and Settings\Gary \hh.dat
C:\Documents and Settings\Gary \HPFVLK13.DAT
C:\Documents and Settings\Gary \HWINFO.DAT
C:\Documents and Settings\Gary \JAUTOEXP.DAT
C:\Documents and Settings\Gary \mozver.dat
C:\Documents and Settings\Gary \MSIMGSIZ.DAT
C:\Documents and Settings\Gary \nsreg.dat
C:\Documents and Settings\Gary \PowerReg.dat
C:\Documents and Settings\Gary \SYSTEM.DAT
C:\Documents and Settings\Gary \USER.DAT

Some content of TEMP:
====================
C:\Documents and Settings\Gary \Local Settings\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2013 01
Ran by Gary   at 2013-12-15 06:55:21
Running from C:\Documents and Settings\Gary  \Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

==================== Installed Programs ======================

AdMission Photo Uploader
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AGENTLINK
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ATI Control Panel (Version: 6.14.10.5103)
ATI Display Driver (Version: 8.012.1.1-040528a-015851C-Dell)
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 (Version: 6.5.5.7)
Bonjour (Version: 3.0.0.10)
Broadcom Advanced Control Suite 2 (Version: 7.58.01)
Brother MFL-Pro Suite (Version: 1.00.000)
Brother MFL-Pro Suite MFC-9560CDW (Version: 1.0.27.0)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.5.0.7)
Canon MOV Encoder (Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.1.9)
Canon Utilities Digital Photo Professional 3.8 (Version: 3.8.0.0)
Canon Utilities EOS Utility (Version: 2.8.0.2)
Canon Utilities Original Data Security Tools (Version: 1.8.0.1)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.7.0.0)
Canon Utilities WFT Utility (Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.5.0.14)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
CHLDirect (Version: 1.0.0)
Cisco Systems VPN Client  4.6.01.0019 (Version: 4.6)
Citrix ICA Client
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
eKEY (Version: 4.3.1)
eKEYCDi (Version: 4.3.1)
eNeighborhoods ()
Google Earth Plug-in (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
GoToAssist Corporate (Version: 10.4.0.896)
Guitar Pro 6
IHA_MessageCenter (Version: 1.4.7)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Image Transfer
ImageMixer for Sony
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
IntelliMover (Version: 3.63)
Internet Explorer Default Page (Version: 1.00.03)
iPassConnect
iTunes (Version: 11.0.1.12)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.6.1)
Java 6 Update 29 (Version: 6.0.290)
Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
KORG USB-MIDI Driver Tools for Windows (Version: 1.10.0020)
Live 6.0.4
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mavis Beacon Teaches Typing 15
McAfee Clean Up Tool
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Modem Event Monitor
Modem Helper (Version: 2.25)
Modem On Hold (Version: 1.12)
MotoHelper 2.0.24 Driver 4.7.1 (Version: 2.0.24)
MotoHelper MergeModules (Version: 1.0.0)
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
Musicmatch® Jukebox (Version: 9.00.2062b)
mySongBook Player
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.3.5.667)
Native Instruments Guitar Rig 4
Native Instruments Guitar Rig 4 (Version: 4.1.2.1963)
Native Instruments Rig Kontrol 3
Native Instruments Rig Kontrol 3 (Version: 2.9.4.433)
Native Instruments Rig Kontrol 3 Driver
Native Instruments Service Center
Native Instruments Service Center (Version: 2.2.0.367)
Nero 8 Essentials (Version: 8.3.397)
neroxml (Version: 1.0.0)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PaperPort Image Printer (Version: 1.00.0001)
Picture Package (Version: 1.06.000)
POINT (Version: 3.06.134)
Point (Version: 4.4)
PowerDVD 5.3
PX5D SoundEditor (Version: 1.01.1)
QuickTime (Version: 7.73.80.64)
Rapattoni MLS PDF Creator (Version: 1.00.0000)
RealPlayer Basic
REAPER
Scansoft PDF Professional
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x86 (Version: 10.0.0)
Sonic DLA (Version: 4.95)
Sonic RecordNow! Plus (Version: 7.3)
Sonic Update Manager (Version: 2.9)
Sony USB Driver
Sound Blaster Audigy 2
TimeKeeping (Version: 9.28.2013)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
UTC Remote Access Software
Verizon Internet Security Suite (Version: 11.6.511)
Viewpoint Media Player
Vz In-Home Agent (Version: 9.0.35.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
WINForms 2000
zipForm6 (Version: 1.0.0.0)

==================== Restore Points  =========================

05-12-2013 07:01:31 System Checkpoint
06-12-2013 08:16:03 System Checkpoint
07-12-2013 08:44:07 System Checkpoint
07-12-2013 18:08:16 Removed LandSafe - Calyx Integration 4.2
09-12-2013 01:34:23 System Checkpoint
12-12-2013 03:48:57 System Checkpoint
12-12-2013 06:50:36 Software Distribution Service 3.0
14-12-2013 11:01:25 Software Distribution Service 3.0
15-12-2013 11:53:49 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 03:00 - 2013-12-14 11:42 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper MUM.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper Routing.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper Update.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-24 11:45 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-02-04 19:36 - 2004-10-19 10:05 - 00651264 ____N () C:\Program Files\iPass\iPassConnect\downloader\LIBEAY32.dll
2004-08-04 03:00 - 2013-01-01 22:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2013 08:08:03 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/12/14 20:08:03.546]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 08:06:54 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/12/14 20:06:54.406]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 08:05:45 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/12/14 20:05:45.390]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 08:04:36 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/12/14 20:04:36.375]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 08:04:27 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/12/14 20:04:27.000]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 07:26:51 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/14 19:26:51.125]: [00005436]: Initialize TwdsMain Class failed!

Error: (12/14/2013 07:26:51 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/14 19:26:51.125]: [00005436]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (12/14/2013 00:15:33 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/12/14 12:15:33.031]: [00001440]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 00:14:24 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/12/14 12:14:24.000]: [00001440]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 00:13:14 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/12/14 12:13:14.953]: [00001440]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

System errors:
=============
Error: (12/14/2013 07:28:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Error: (12/14/2013 06:50:15 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (12/14/2013 06:35:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (12/14/2013 06:28:13 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (12/14/2013 06:28:13 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (12/14/2013 06:27:20 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (12/14/2013 00:17:22 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (12/14/2013 11:47:43 AM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (12/14/2013 10:59:00 AM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (12/13/2013 10:15:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (12/14/2013 08:08:03 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/12/14 20:08:03.546]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 08:06:54 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/12/14 20:06:54.406]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 08:05:45 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/12/14 20:05:45.390]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 08:04:36 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/12/14 20:04:36.375]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 08:04:27 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/12/14 20:04:27.000]: [00003264]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 07:26:51 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/14 19:26:51.125]: [00005436]: Initialize TwdsMain Class failed!

Error: (12/14/2013 07:26:51 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/14 19:26:51.125]: [00005436]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (12/14/2013 00:15:33 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/12/14 12:15:33.031]: [00001440]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 00:14:24 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/12/14 12:14:24.000]: [00001440]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

Error: (12/14/2013 00:13:14 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/12/14 12:13:14.953]: [00001440]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.7]

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3326.09 MB
Available physical RAM: 2287.03 MB
Total Pagefile: 6492.78 MB
Available Pagefile: 5394.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.21 GB) (Free:81.32 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End Of Log ============================

 

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[houndman]

Thanks again for sticking with me on this!

 

Attached below is the Fixlog.txt.  The Malwarebytes anti-root kit scan came back clean with no clean up required, the only log file from the scan was the system.log which I have appended below the fixlog.txt file.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-12-2013 01
Ran by Gary  at 2013-12-15 07:24:26 Run:1
Running from C:\Documents and Settings\Gary \Desktop\Zero Fix
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
U4 *etadpug; "C:\Program Files\Google\Desktop\Install\{b4c38dae-3fad-c5b0-6b4f-2a9b3bb06ebf}\   \   \???\{b4c38dae-3fad-c5b0-6b4f-2a9b3bb06ebf}\GoogleUpdate.exe"
C:\Documents and Settings\Gary \hh.dat
C:\Documents and Settings\Gary \HPFVLK13.DAT
C:\Documents and Settings\Gary \HWINFO.DAT
C:\Documents and Settings\Gary \JAUTOEXP.DAT
C:\Documents and Settings\Gary \mozver.dat
C:\Documents and Settings\Gary \MSIMGSIZ.DAT
C:\Documents and Settings\Gary \nsreg.dat
C:\Documents and Settings\Gary \PowerReg.dat
C:\Documents and Settings\Gary \SYSTEM.DAT
C:\Documents and Settings\Gary \USER.DAT
C:\Program Files\Google\Desktop\Install\{b4c38dae-3fad-c5b0-6b4f-2a9b3bb06ebf}
*****************

*etadpug => Service deleted successfully.
"C:\Documents and Settings\Gary \hh.dat" => File/Directory not found.
"C:\Documents and Settings\Gary \HPFVLK13.DAT" => File/Directory not found.
"C:\Documents and Settings\Gary \HWINFO.DAT" => File/Directory not found.
"C:\Documents and Settings\Gary \JAUTOEXP.DAT" => File/Directory not found.
"C:\Documents and Settings\Gary \mozver.dat" => File/Directory not found.
"C:\Documents and Settings\Gary \MSIMGSIZ.DAT" => File/Directory not found.
"C:\Documents and Settings\Gary \nsreg.dat" => File/Directory not found.
"C:\Documents and Settings\Gary \PowerReg.dat" => File/Directory not found.
"C:\Documents and Settings\Gary \SYSTEM.DAT" => File/Directory not found.
"C:\Documents and Settings\Gary \USER.DAT" => File/Directory not found.
"C:\Program Files\Google\Desktop\Install\{b4c38dae-3fad-c5b0-6b4f-2a9b3bb06ebf}" => File/Directory not found.

==== End of Fixlog ====

 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_29

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.591000 GHz
Memory total: 3487657984, free: 2575785984

Downloaded database version: v2013.12.15.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     12/15/2013 07:29:05
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
cmdide.sys
toside.sys
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
iaStor.sys
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
mfehidk.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
agp440.sys
alim1541.sys
amdagp.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\drivers\ctprxy2k.sys
\SystemRoot\system32\DRIVERS\IntelC53.sys
\SystemRoot\system32\DRIVERS\IntelC51.sys
\SystemRoot\system32\DRIVERS\IntelC52.sys
\SystemRoot\system32\DRIVERS\mohfilt.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\cdrbsdrv.SYS
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\cdrbsvsd.SYS
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\ha10kx2k.sys
\SystemRoot\System32\drivers\emupia2k.sys
\SystemRoot\System32\drivers\ctsfm2k.sys
\SystemRoot\System32\drivers\ctac32k.sys
\SystemRoot\System32\drivers\hap16v2k.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\rig3usb.sys
\SystemRoot\System32\Drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\rig3avs.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\mdc80211.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\??\c:\WINDOWS\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\PfModNT.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\DOCUME~1\GARYLE~1\LOCALS~1\Temp\mbr.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\SYSTEM32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b556ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8b5c8030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b556ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b5c64a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b556ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b5c8030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\TOSDVD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\TOSDVD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\TSBVCAP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\TSBVCAP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\MCD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\MCD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\PARVDM.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\CINEMST2.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\CINEMST2.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\CPQDAP01.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\CPQDAP01.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\RIO8DRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\RIO8DRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\RIODRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\RIODRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ROOTMDM.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\OPRGHDLR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\OPRGHDLR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\RAWWAN.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\RAWWAN.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\1028_Dell_DIM_XPS_GEN_3.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_DIM_XPS_GEN_3.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\ACPIEC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ACPIEC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\NIKEDRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\NIKEDRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\NWLNKNB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\NWLNKSPX.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\FSVGA.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\GM.DLS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\GM.DLS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\GMREADME.TXT" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\GMREADME.TXT" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\driver jp.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\driver jp.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\SMCLIB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SMCLIB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sonyhcb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sonyhcc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\Sonyhcp.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\Sonyhcp.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sonyhcs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\VDMINDVD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\VDMINDVD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\WMILIB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\WS2IFSL.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\ATMEPVC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ATMEPVC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\DRIVERS\ATMUNI.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ATMUNI.SYS" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 96327

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 96390  Numsec = 306632655
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 306729045  Numsec = 5767335

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Done!
Read File: File "C:\Documents and Settings\Gary ue\Cookies\INDEX.DAT" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Cookies\INDEX.DAT" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Gary ue\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Gary ue\Local Settings\History\History.IE5\INDEX.DAT" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT" is compressed (flags = 1)
Scan finished

[MrCharlie]

Run another scan with RogueKiller.

 

MrC

[houndman]

Rougekiller no longer finds and stops the google.ini process on the prescan, the full scan provides some data but it looks likes its all related to Chameleon

 

ogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Gary  [Admin rights]
Mode : Scan -- Date : 12/15/2013 08:41:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce :  (A0) (cmd /c "C:\Documents and Settings\Gary \Desktop\Zero Fix\mwarebytes\mbar\mbar.exe" /rdv /s [7]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[122] : NtOpenProcess @ 0x8057F956 -> HOOKED (C:\WINDOWS\SYSTEM32\DRIVERS\mbamchameleon.sys @ 0x9E355016)
[Address] SSDT[128] : NtOpenThread @ 0x805E4867 -> HOOKED (C:\WINDOWS\SYSTEM32\DRIVERS\mbamchameleon.sys @ 0x9E355162)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600JD-75HBB0 +++++
--- User ---
[MBR] 63857a6dc5ca8460dd986e1761398314
[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 149722 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 306729045 | Size: 2816 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12152013_084133.txt >>
RKreport[0]_S_12142013_172303.txt

[houndman]

Mr C,   Just rebooted and reran the RougeKiller app a second time.  The Prescan came up clean and the full scan only has items listed in the driver tab but my guess is these items are related to mcafee (all related to module mfehidk.sys).

 

Interesting that when I move my desktop incos to where i want them and then refresh desktop they still jump to the left side of screen, maybe that win file got corrupted?

 

Thanks.

[MrCharlie]

Other then that, how is it??

MrC

[houndman]

Seems to be fine!  Relieved all the scans come up clean, just a bit concern regarding the icons as this is the issue the got me to look into the issue deeper after Mcafee rep stated the computer was "clean"

 

BTW: I do some support work for eng apps at my work and know first hand supporting folks can be a thankless job. Want to share with you my gratitude and ensure you that what you doing here to help folks out is invaluable..THANKS!

[MrCharlie]

I don't have a specific answer to the problem, a little Google search leads to many different suggestions but no one solution.

If you don't get it fixed I suggest you post at the Windows XP help section of G2G:

http://www.geekstogo.com/forum/forum/5-windows-xp-2000-2003-nt/

One of the techs should be able to help you.

If there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[houndman]

Mr. C.,  Below are the results from the security check:

 

 Results of screen317's Security Check version 0.99.77 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 29 
 Java SE Runtime Environment 6 Update 1
 Java 2 Runtime Environment, SE v1.4.2_03
 Java version out of Date!
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

[MrCharlie]

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please uninstall all of these and any other Java listed in your add/remove programs:
 
Java™ 6 Update 29 
Java™ SE Runtime Environment 6 Update 1
Java 2 Runtime Environment, SE v1.4.2_03
 
Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 45) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".
 
------------------------------------
 
 Adobe Reader 10.1.4 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
A little clean up to do....
 
Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe
 
Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.
 
Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.
 
Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
-------------------------------
 
Any questions...please post back.
 
If you think I've helped you, please leave a comment > click on my  avatar picture > click Profile Feed.
 
Take a look at My Preventive Maintenance to avoid being infected again. 
 
Good Luck and Thanks for using the forum,  MrC

[houndman]

Mr C. - All advice above followed.  Thanks again for all your help!

[MrCharlie]

OK...Take Care MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.