shep711

Sent via pay pal. Thank you again

Thank you for your help. I have tried donate but it won't take my card I have a visa debit and have no idea why it will not work ..

Running fine no new threats after reboot. THX

Sorry AdwCleanerS0.txt

As requested AdwCleanerR0.txt Fixlog.txt

It is running better still have some stuff- Ran MBAM found 3 PUP, rebooted after QT . That log is also attached. THX FRST.txt Addition.txt mbam2-14.txt

I have attached the zoek log. May i turn on my AV? zoek-results.txt

Hello I am sure my computer is infected. I have run Spy bot and I have premium MB ( after infection, free version before). MB qt but still have problems- MB Log and SpyBOT logs are attached,. >>>>>>> Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02 Ran by Dad (administrator) on HOME on 12-02-2015 08:07:41 Running from C:\Users\Dad\Desktop Loaded Profiles: Dad & Mom & Rae Lynn & Guest (Available profiles: Dad & Mom & Rae Lynn & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Egis Technology Inc.) C:\Program Files\Common Files\EgisTec CommonModule\eLock\eLockServ.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc. ) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02 Ran by Dad at 2015-02-12 08:08:20 Running from C:\Users\Dad\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated) Acer Framework (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5500 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Booster-Web (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\Booster-Web) (Version: 2 - Appli LLC) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.) iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3220 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1203689296-2350690145-2900710007-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden ProShield (HKLM-x32\...\InstallShield_{08CCD7B4-9EED-4926-805D-C4FFF869989A}) (Version: 1.4.1.16 - Egis Technology Inc.) ProShield (Version: 1.4.1.16 - Egis Technology Inc.) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6878 - Realtek Semiconductor Corp.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com) Unity Web Player (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-01-2015 23:32:35 Windows Update 27-01-2015 11:50:53 Windows Update 30-01-2015 16:58:20 Windows Update 02-02-2015 20:51:57 Windows Update 05-02-2015 22:11:09 Windows Update 09-02-2015 08:05:52 Windows Update 11-02-2015 17:19:55 Removed Bonjour 12-02-2015 03:00:58 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2015-02-11 22:19 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AEFE807-611D-484D-93F7-25D9B65796D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1135D3F6-6D48-4E99-9460-39CE7AFD1A05} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-09-13] (Egis Technology Inc.) Task: {1982C7AC-9584-4566-879A-5D2773481479} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION Task: {2C79938F-C1D8-4DEC-9F8B-CF11ADFA5981} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation) Task: {2DA4573C-DDFC-4675-9719-AF69C48AE18E} - \SMWPUpd No Task File <==== ATTENTION Task: {3EC5CB2C-B27F-4CA9-BB8E-2844F0D685CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {704815AB-D471-4C4B-BA29-6C9A1495465A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {7ECE05CC-7D1E-4266-9851-08CAABB2B7A1} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {8671DA96-DBF7-4EE5-987D-B6828102B485} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {8E3018C2-9461-4B1C-8BC4-48B5CC4412E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {99A4B69B-6870-4FE6-9CE2-D2DDB31A5C49} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {9B5BE1E6-80C0-4A70-9C9E-01492727853A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {A25BC11B-8165-488A-A825-D18A2FC707D8} - \SMW_UpdateTask_Time_333030313331343739302d2d5b50342a4155456c5a236c No Task File <==== ATTENTION Task: {B8F15E5F-281D-4F41-95B7-D0FA21C16447} - System32\Tasks\UpdaterEX => C:\Users\Dad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {BDD17E31-3C2D-4367-8DB4-BF731AA1DDC6} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {BFD11732-9F2D-466A-88C4-1DA04A59C80F} - \Run_Bobby_Browser No Task File <==== ATTENTION Task: {C531B928-1994-4775-B920-321FEE387F29} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION Task: {CA068506-E335-4171-B44D-CD8FF1B0D2F2} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated) Task: {D3A220AF-3415-4635-BF5E-A50BB647EFCB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {DBD97CDA-1D06-4B57-976B-D70BCED2C9CB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {DD1518FD-1192-41E4-B48B-7BB81C919FAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {E1A84CBA-5B8C-4B2A-9BBF-ED847296B24C} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-09-13] (Egis Technology Inc.) Task: {E6E74B23-3C03-4B43-8409-2955CCD6C5DC} - System32\Tasks\Smp => C:\Program Files\Common Files\GBUpdatePlus\smp.exe Task: {E75F042F-6A03-4239-8FEC-082C1C0C8F1C} - System32\Tasks\PastaLeads => C:\Program Files (x86)\pastaleads\ScheduledTask.exe Task: {EA50D362-D447-49CE-8514-A901F3D4A172} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {FF7602D1-EC88-483C-8519-69DBD3211851} - System32\Tasks\EgisTSR => C:\Program Files\Acer ProShield\EgisTSR.exe [2013-12-19] (Egis Technology Inc. ) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Dad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2014-09-19 12:14 - 2013-10-23 13:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll 2014-08-31 11:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-02-10 00:40 - 2011-06-13 17:59 - 00030080 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 2014-02-10 00:40 - 2014-02-10 00:40 - 00038312 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5500.0__14bcaafdb44b5951\Framework.Model.Controller.dll 2014-02-10 00:40 - 2014-02-10 00:40 - 00026040 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5500.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll 2014-02-10 00:40 - 2014-02-10 00:40 - 00066960 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.5500.0__3036420f80dd6947\Framework.Library.dll 2014-02-10 00:40 - 2014-02-10 00:40 - 00034192 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.5500.0__672b450de5a7e94a\Framework.Host.dll 2014-02-10 00:40 - 2014-02-10 00:40 - 00021920 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5500.0__9ecdf03bb2054f94\Framework.PluginInterface.dll 2014-10-25 20:52 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-12-19 10:32 - 2013-12-19 10:32 - 01407976 _____ () C:\Program Files\Acer ProShield\LIBEAY32.dll 2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-11 21:35 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-02-11 21:35 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-02-11 21:35 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-04-01 19:34 - 2013-04-11 14:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-08-29 05:35 - 2014-11-19 14:47 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-02-11 21:33 - 2015-01-23 02:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1203689296-2350690145-2900710007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1203689296-2350690145-2900710007-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rae Lynn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1203689296-2350690145-2900710007-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1203689296-2350690145-2900710007-500 - Administrator - Disabled) Dad (S-1-5-21-1203689296-2350690145-2900710007-1000 - Administrator - Enabled) => C:\Users\Dad Guest (S-1-5-21-1203689296-2350690145-2900710007-501 - Limited - Disabled) => C:\Users\Guest Mom (S-1-5-21-1203689296-2350690145-2900710007-1001 - Limited - Enabled) => C:\Users\Mom Rae Lynn (S-1-5-21-1203689296-2350690145-2900710007-1002 - Limited - Enabled) => C:\Users\Rae Lynn ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/12/2015 06:28:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SDTools.exe, version: 2.4.40.157, time stamp: 0x535a51a5 Faulting module name: dhcpcsvc.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4a5bd9b5 Exception code: 0xc0000005 Fault offset: 0x72001b2d Faulting process id: 0xb34 Faulting application start time: 0xSDTools.exe0 Faulting application path: SDTools.exe1 Faulting module path: SDTools.exe2 Report Id: SDTools.exe3 Error: (02/12/2015 03:40:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 07:43:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 07:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 06:57:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93 Faulting module name: RPCRT4.dll, version: 6.1.7601.18532, time stamp: 0x53c339ee Exception code: 0xc0000005 Fault offset: 0x0000000000012ab4 Faulting process id: 0x818 Faulting application start time: 0xmsiexec.exe0 Faulting application path: msiexec.exe1 Faulting module path: msiexec.exe2 Report Id: msiexec.exe3 Error: (02/11/2015 05:17:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8143 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8143 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/11/2015 11:18:35 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7066 System errors: ============= Error: (02/12/2015 06:16:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (02/12/2015 03:49:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (02/12/2015 03:49:37 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (02/12/2015 03:40:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (02/12/2015 03:40:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (02/12/2015 03:40:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (02/12/2015 03:40:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (02/11/2015 11:19:35 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (02/11/2015 06:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (02/11/2015 05:16:11 PM) (Source: DCOM) (EventID: 10016) (User: Home) Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}HomeGuestS-1-5-21-1203689296-2350690145-2900710007-501LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (02/12/2015 06:28:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDTools.exe2.4.40.157535a51a5dhcpcsvc.DLL_unloaded0.0.0.04a5bd9b5c000000572001b2db3401d046cff23b3983C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exedhcpcsvc.DLL7abf988f-b2c3-11e4-a655-c03fd559437b Error: (02/12/2015 03:40:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 07:43:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 07:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 06:57:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: msiexec.exe5.0.7601.175144ce79d93RPCRT4.dll6.1.7601.1853253c339eec00000050000000000012ab481801d046620068cae4C:\Windows\system32\msiexec.exeC:\Windows\system32\RPCRT4.dlle5a79621-b262-11e4-a14c-c03fd559437b Error: (02/11/2015 05:17:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8143 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8143 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/11/2015 11:18:35 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7066 ==================== Memory info =========================== Processor: Intel® Pentium® CPU G3220 @ 3.00GHz Percentage of memory in use: 52% Total physical RAM: 3967.71 MB Available physical RAM: 1878.95 MB Total Pagefile: 7933.62 MB Available Pagefile: 5102.14 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:226.33 GB) (Free:129.8 GB) NTFS Drive d: (DATA) (Fixed) (Total:226.33 GB) (Free:226.18 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0AA8F87) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=226.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=226.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan Results.150212-0721.txt mbam 21215.txt

No-

DK the link you provided to Kaspersky still only brings up a security scan whic does not provide a report. I DL'd the Kaspersky Internet securtiy scanner loaded it and ran a scan nothing was found and NO report. So, alas, I used the ESET onlie and nothing was found. Here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ad4cf10bdbebfe4c95da16614407d12f # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-17 02:54:30 # local_time=2012-11-16 06:54:30 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777191 100 0 0 0 0 0 # compatibility_mode=1792 16777215 100 0 875222 875222 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 614781 614781 0 0 # scanned=98796 # found=0 # cleaned=0 # scan_time=8396

Dk I ran TDS Killer using the original instructions from you. I had to attach as the post was too long. THX

DK the only issue I have is being sure that the initial TDSS infection hasn't placed a backdoor on my computer and mucked up the security center. Let me know if you think its clear . The TFC did clear the temp files but when visiting the foxnews site AVIRA still detects it. From the info posted online it seems to be a false positive. Thank you for all your help.

DK here you are. BTW Avira only tags this when I am on the foxnews website. It is occuring for many others as well. MBAM did not get a hit on this .. Avira Free Antivirus Report file date: Wednesday, November 14, 2012 07:03 The program is running as an unrestricted full version. Online services are available. Licensee : Avira Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Microsoft Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : HP85525302658 Version information: BUILD.DAT : 13.0.0.2761 48279 Bytes 11/9/2012 16:45:00 AVSCAN.EXE : 13.4.0.262 638752 Bytes 11/13/2012 16:03:13 AVSCANRC.DLL : 13.4.0.219 54560 Bytes 10/10/2012 01:19:07 LUKE.DLL : 13.4.0.251 67360 Bytes 11/13/2012 16:03:39 AVSCPLR.DLL : 13.4.0.262 93984 Bytes 11/12/2012 22:04:21 AVREG.DLL : 13.4.0.244 245536 Bytes 11/12/2012 22:04:20 avlode.dll : 13.4.0.255 426272 Bytes 11/13/2012 16:03:49 avlode.rdf : 13.0.0.24 7196 Bytes 9/27/2012 19:30:38 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 23:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 23:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 23:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 9/6/2012 23:42:40 VBASE007.VDF : 7.11.45.207 2363904 Bytes 10/11/2012 00:52:17 VBASE008.VDF : 7.11.45.208 2048 Bytes 10/11/2012 00:52:17 VBASE009.VDF : 7.11.45.209 2048 Bytes 10/11/2012 00:52:17 VBASE010.VDF : 7.11.45.210 2048 Bytes 10/11/2012 00:52:17 VBASE011.VDF : 7.11.45.211 2048 Bytes 10/11/2012 00:52:17 VBASE012.VDF : 7.11.45.212 2048 Bytes 10/11/2012 00:52:17 VBASE013.VDF : 7.11.45.213 2048 Bytes 10/11/2012 00:52:17 VBASE014.VDF : 7.11.46.65 220160 Bytes 10/16/2012 21:34:30 VBASE015.VDF : 7.11.46.153 173568 Bytes 10/18/2012 18:35:47 VBASE016.VDF : 7.11.46.223 162304 Bytes 10/19/2012 18:35:47 VBASE017.VDF : 7.11.47.35 126464 Bytes 10/22/2012 16:59:23 VBASE018.VDF : 7.11.47.95 175616 Bytes 10/24/2012 21:50:08 VBASE019.VDF : 7.11.47.177 164352 Bytes 10/26/2012 22:28:57 VBASE020.VDF : 7.11.47.229 143360 Bytes 10/28/2012 22:28:58 VBASE021.VDF : 7.11.48.47 138240 Bytes 10/30/2012 22:28:59 VBASE022.VDF : 7.11.48.135 122880 Bytes 11/1/2012 22:28:59 VBASE023.VDF : 7.11.48.209 142848 Bytes 11/5/2012 22:29:00 VBASE024.VDF : 7.11.48.243 119296 Bytes 11/5/2012 22:29:00 VBASE025.VDF : 7.11.49.47 136704 Bytes 11/7/2012 10:21:34 VBASE026.VDF : 7.11.49.135 194560 Bytes 11/9/2012 16:13:48 VBASE027.VDF : 7.11.49.209 188416 Bytes 11/12/2012 22:04:18 VBASE028.VDF : 7.11.49.210 2048 Bytes 11/12/2012 22:04:19 VBASE029.VDF : 7.11.49.211 2048 Bytes 11/12/2012 22:04:19 VBASE030.VDF : 7.11.49.212 2048 Bytes 11/12/2012 22:04:19 VBASE031.VDF : 7.11.50.0 111104 Bytes 11/13/2012 22:01:48 Engine version : 8.2.10.198 AEVDF.DLL : 8.1.2.10 102772 Bytes 9/19/2012 23:42:55 AESCRIPT.DLL : 8.1.4.66 463227 Bytes 11/12/2012 16:04:28 AESCN.DLL : 8.1.9.2 131444 Bytes 9/26/2012 23:54:07 AESBX.DLL : 8.2.5.12 606578 Bytes 8/29/2012 01:58:06 AERDL.DLL : 8.2.0.74 643445 Bytes 11/7/2012 10:21:47 AEPACK.DLL : 8.3.0.40 815479 Bytes 11/12/2012 16:04:26 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 11/5/2012 22:29:12 AEHEUR.DLL : 8.1.4.132 5489016 Bytes 11/12/2012 16:04:23 AEHELP.DLL : 8.1.25.2 258423 Bytes 10/13/2012 00:52:32 AEGEN.DLL : 8.1.6.8 434548 Bytes 11/7/2012 10:21:38 AEEXP.DLL : 8.2.0.10 119158 Bytes 11/5/2012 22:29:14 AEEMU.DLL : 8.1.3.2 393587 Bytes 9/19/2012 23:42:55 AECORE.DLL : 8.1.29.2 201079 Bytes 11/7/2012 10:21:37 AEBB.DLL : 8.1.1.4 53619 Bytes 11/5/2012 22:29:04 AVWINLL.DLL : 13.4.0.163 25888 Bytes 9/20/2012 03:09:30 AVPREF.DLL : 13.4.0.163 50464 Bytes 9/20/2012 03:07:51 AVREP.DLL : 13.4.0.244 177952 Bytes 11/12/2012 22:04:20 AVARKT.DLL : 13.4.0.232 260384 Bytes 10/17/2012 01:55:29 AVEVTLOG.DLL : 13.4.0.232 167200 Bytes 10/17/2012 01:56:35 SQLITE3.DLL : 3.7.0.1 397088 Bytes 9/20/2012 03:17:40 AVSMTP.DLL : 13.4.0.163 62240 Bytes 9/20/2012 03:08:55 NETNT.DLL : 13.4.0.163 15648 Bytes 9/20/2012 03:16:26 RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 9/20/2012 04:40:13 RCTEXT.DLL : 13.4.0.163 66336 Bytes 10/19/2012 20:56:26 Configuration settings for the scan: Jobname.............................: AVGuardAsyncScan Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_50a2c192\guard_slideup.avp Reporting...........................: default Primary action......................: Interactive Secondary action....................: Quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Limit recursion depth...............: 20 Smart extensions....................: on Macrovirus heuristic................: on File heuristic......................: Complete Start of the scan: Wednesday, November 14, 2012 07:03 Starting search for hidden objects. The scan of running processes will be started: Scan process 'rsmsink.exe' - '28' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '104' Module(s) have been scanned Scan process 'mmc.exe' - '55' Module(s) have been scanned Scan process 'iexplore.exe' - '96' Module(s) have been scanned Scan process 'iexplore.exe' - '116' Module(s) have been scanned Scan process 'iexplore.exe' - '124' Module(s) have been scanned Scan process 'agent.exe' - '29' Module(s) have been scanned Scan process 'isuspm.exe' - '41' Module(s) have been scanned Scan process 'explorer.exe' - '159' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'BbDevMgr.exe' - '26' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'RIMDeviceManager.exe' - '36' Module(s) have been scanned Scan process 'avgnt.exe' - '72' Module(s) have been scanned Scan process 'msseces.exe' - '45' Module(s) have been scanned Scan process 'realsched.exe' - '27' Module(s) have been scanned Scan process 'issch.exe' - '12' Module(s) have been scanned Scan process 'atiptaxx.exe' - '33' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'WMPNetwk.exe' - '54' Module(s) have been scanned Scan process 'Wacom_Tablet.exe' - '36' Module(s) have been scanned Scan process 'Wacom_TabletUser.exe' - '18' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned Scan process 'VideoAcceleratorService.exe' - '47' Module(s) have been scanned Scan process 'UTSCSI.EXE' - '7' Module(s) have been scanned Scan process 'Wacom_Tablet.exe' - '24' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'spnsrvnt.exe' - '30' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '43' Module(s) have been scanned Scan process 'sntlkeyssrvr.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'crypserv.exe' - '14' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '48' Module(s) have been scanned Scan process 'avguard.exe' - '65' Module(s) have been scanned Scan process 'sched.exe' - '38' Module(s) have been scanned Scan process 'spoolsv.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '51' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '157' Module(s) have been scanned Scan process 'MsMpEng.exe' - '43' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'svchost.exe' - '55' Module(s) have been scanned Scan process 'lsass.exe' - '62' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '95' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\J722RA22\server[1].htm' Search path C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\J722RA22\server[1].htm could not be opened! System error [2]: The system cannot find the file specified. Begin scan in 'C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm' C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm [DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus Beginning disinfection: C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm [DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus [NOTE] The file was moved to the quarantine directory under the name '5748105e.qua'! End of the scan: Wednesday, November 14, 2012 07:07 Used time: 03:30 Minute(s) The scan has been done completely. 0 Scanned directories 491 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 490 Files not concerned 1 Archives were scanned 0 Warnings 1 Notes 69543 Objects were scanned with rootkit scan 0 Hidden objects were found The scan results will be transferred to the Guard.

DK I am on a DNS- the 13 other computers on the network have no securty error messages and the security check program doesn't find any errors. I looked at the article regarding the 1053 USERENV event and it doesn't offer any corrections to the problem. I am getting an virus detection when I open my browser from AVIRA finding this- HTML/rce.gen3. Never had it before. All full scans are clear. What happens next?

DK -I finally finished with the SP3 upload and all windows updates that were needed. The Security Center is still not running I went into the application logs after the SP3 down load and this seems to be the information message for the security center. "The Security Center service has been stopped. It was prevented from running by a software group policy." There is also an error message saying" Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. I do not know if this will help ...