Jump to content

shep711

Honorary Members
 View Profile  See their activity

  • Posts

    49

  • Joined

  • Last visited

 Content Type 

Everything posted by shep711

  1. shep711
    Sent via pay pal. Thank you again
  2. shep711
    Thank you for your help. I have tried donate but it won't take my card I have a visa debit and have no idea why it will not work ..
  3. shep711
    Running fine no new threats after reboot. THX
  4. shep711
    Sorry AdwCleanerS0.txt
  5. shep711
    As requested AdwCleanerR0.txt Fixlog.txt
  6. shep711
    It is running better still have some stuff- Ran MBAM found 3 PUP, rebooted after QT . That log is also attached. THX FRST.txt Addition.txt mbam2-14.txt
  7. shep711
    I have attached the zoek log. May i turn on my AV? zoek-results.txt
  8. shep711
    Hello I am sure my computer is infected. I have run Spy bot and I have premium MB ( after infection, free version before). MB qt but still have problems- MB Log and SpyBOT logs are attached,. >>>>>>> Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02 Ran by Dad (administrator) on HOME on 12-02-2015 08:07:41 Running from C:\Users\Dad\Desktop Loaded Profiles: Dad & Mom & Rae Lynn & Guest (Available profiles: Dad & Mom & Rae Lynn & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Egis Technology Inc.) C:\Program Files\Common Files\EgisTec CommonModule\eLock\eLockServ.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc. ) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02 Ran by Dad at 2015-02-12 08:08:20 Running from C:\Users\Dad\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated) Acer Framework (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5500 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Booster-Web (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\Booster-Web) (Version: 2 - Appli LLC) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.) iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3220 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1203689296-2350690145-2900710007-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden ProShield (HKLM-x32\...\InstallShield_{08CCD7B4-9EED-4926-805D-C4FFF869989A}) (Version: 1.4.1.16 - Egis Technology Inc.) ProShield (Version: 1.4.1.16 - Egis Technology Inc.) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6878 - Realtek Semiconductor Corp.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com) Unity Web Player (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-01-2015 23:32:35 Windows Update 27-01-2015 11:50:53 Windows Update 30-01-2015 16:58:20 Windows Update 02-02-2015 20:51:57 Windows Update 05-02-2015 22:11:09 Windows Update 09-02-2015 08:05:52 Windows Update 11-02-2015 17:19:55 Removed Bonjour 12-02-2015 03:00:58 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2015-02-11 22:19 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AEFE807-611D-484D-93F7-25D9B65796D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1135D3F6-6D48-4E99-9460-39CE7AFD1A05} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-09-13] (Egis Technology Inc.) Task: {1982C7AC-9584-4566-879A-5D2773481479} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION Task: {2C79938F-C1D8-4DEC-9F8B-CF11ADFA5981} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation) Task: {2DA4573C-DDFC-4675-9719-AF69C48AE18E} - \SMWPUpd No Task File <==== ATTENTION Task: {3EC5CB2C-B27F-4CA9-BB8E-2844F0D685CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {704815AB-D471-4C4B-BA29-6C9A1495465A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {7ECE05CC-7D1E-4266-9851-08CAABB2B7A1} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {8671DA96-DBF7-4EE5-987D-B6828102B485} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {8E3018C2-9461-4B1C-8BC4-48B5CC4412E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {99A4B69B-6870-4FE6-9CE2-D2DDB31A5C49} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {9B5BE1E6-80C0-4A70-9C9E-01492727853A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {A25BC11B-8165-488A-A825-D18A2FC707D8} - \SMW_UpdateTask_Time_333030313331343739302d2d5b50342a4155456c5a236c No Task File <==== ATTENTION Task: {B8F15E5F-281D-4F41-95B7-D0FA21C16447} - System32\Tasks\UpdaterEX => C:\Users\Dad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {BDD17E31-3C2D-4367-8DB4-BF731AA1DDC6} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {BFD11732-9F2D-466A-88C4-1DA04A59C80F} - \Run_Bobby_Browser No Task File <==== ATTENTION Task: {C531B928-1994-4775-B920-321FEE387F29} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION Task: {CA068506-E335-4171-B44D-CD8FF1B0D2F2} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated) Task: {D3A220AF-3415-4635-BF5E-A50BB647EFCB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {DBD97CDA-1D06-4B57-976B-D70BCED2C9CB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {DD1518FD-1192-41E4-B48B-7BB81C919FAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {E1A84CBA-5B8C-4B2A-9BBF-ED847296B24C} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-09-13] (Egis Technology Inc.) Task: {E6E74B23-3C03-4B43-8409-2955CCD6C5DC} - System32\Tasks\Smp => C:\Program Files\Common Files\GBUpdatePlus\smp.exe Task: {E75F042F-6A03-4239-8FEC-082C1C0C8F1C} - System32\Tasks\PastaLeads => C:\Program Files (x86)\pastaleads\ScheduledTask.exe Task: {EA50D362-D447-49CE-8514-A901F3D4A172} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {FF7602D1-EC88-483C-8519-69DBD3211851} - System32\Tasks\EgisTSR => C:\Program Files\Acer ProShield\EgisTSR.exe [2013-12-19] (Egis Technology Inc. ) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Dad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2014-09-19 12:14 - 2013-10-23 13:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll 2014-08-31 11:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-02-10 00:40 - 2011-06-13 17:59 - 00030080 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 2014-02-10 00:40 - 2014-02-10 00:40 - 00038312 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5500.0__14bcaafdb44b5951\Framework.Model.Controller.dll 2014-02-10 00:40 - 2014-02-10 00:40 - 00026040 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5500.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll 2014-02-10 00:40 - 2014-02-10 00:40 - 00066960 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.5500.0__3036420f80dd6947\Framework.Library.dll 2014-02-10 00:40 - 2014-02-10 00:40 - 00034192 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.5500.0__672b450de5a7e94a\Framework.Host.dll 2014-02-10 00:40 - 2014-02-10 00:40 - 00021920 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5500.0__9ecdf03bb2054f94\Framework.PluginInterface.dll 2014-10-25 20:52 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-12-19 10:32 - 2013-12-19 10:32 - 01407976 _____ () C:\Program Files\Acer ProShield\LIBEAY32.dll 2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-11 21:35 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-02-11 21:35 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-02-11 21:35 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-04-01 19:34 - 2013-04-11 14:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-08-29 05:35 - 2014-11-19 14:47 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-02-11 21:33 - 2015-01-23 02:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1203689296-2350690145-2900710007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1203689296-2350690145-2900710007-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rae Lynn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1203689296-2350690145-2900710007-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1203689296-2350690145-2900710007-500 - Administrator - Disabled) Dad (S-1-5-21-1203689296-2350690145-2900710007-1000 - Administrator - Enabled) => C:\Users\Dad Guest (S-1-5-21-1203689296-2350690145-2900710007-501 - Limited - Disabled) => C:\Users\Guest Mom (S-1-5-21-1203689296-2350690145-2900710007-1001 - Limited - Enabled) => C:\Users\Mom Rae Lynn (S-1-5-21-1203689296-2350690145-2900710007-1002 - Limited - Enabled) => C:\Users\Rae Lynn ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/12/2015 06:28:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SDTools.exe, version: 2.4.40.157, time stamp: 0x535a51a5 Faulting module name: dhcpcsvc.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4a5bd9b5 Exception code: 0xc0000005 Fault offset: 0x72001b2d Faulting process id: 0xb34 Faulting application start time: 0xSDTools.exe0 Faulting application path: SDTools.exe1 Faulting module path: SDTools.exe2 Report Id: SDTools.exe3 Error: (02/12/2015 03:40:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 07:43:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 07:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 06:57:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93 Faulting module name: RPCRT4.dll, version: 6.1.7601.18532, time stamp: 0x53c339ee Exception code: 0xc0000005 Fault offset: 0x0000000000012ab4 Faulting process id: 0x818 Faulting application start time: 0xmsiexec.exe0 Faulting application path: msiexec.exe1 Faulting module path: msiexec.exe2 Report Id: msiexec.exe3 Error: (02/11/2015 05:17:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8143 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8143 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/11/2015 11:18:35 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7066 System errors: ============= Error: (02/12/2015 06:16:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (02/12/2015 03:49:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (02/12/2015 03:49:37 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (02/12/2015 03:40:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (02/12/2015 03:40:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (02/12/2015 03:40:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (02/12/2015 03:40:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (02/11/2015 11:19:35 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (02/11/2015 06:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (02/11/2015 05:16:11 PM) (Source: DCOM) (EventID: 10016) (User: Home) Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}HomeGuestS-1-5-21-1203689296-2350690145-2900710007-501LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (02/12/2015 06:28:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDTools.exe2.4.40.157535a51a5dhcpcsvc.DLL_unloaded0.0.0.04a5bd9b5c000000572001b2db3401d046cff23b3983C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exedhcpcsvc.DLL7abf988f-b2c3-11e4-a655-c03fd559437b Error: (02/12/2015 03:40:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 07:43:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 07:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 06:57:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: msiexec.exe5.0.7601.175144ce79d93RPCRT4.dll6.1.7601.1853253c339eec00000050000000000012ab481801d046620068cae4C:\Windows\system32\msiexec.exeC:\Windows\system32\RPCRT4.dlle5a79621-b262-11e4-a14c-c03fd559437b Error: (02/11/2015 05:17:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8143 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8143 Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/11/2015 11:18:35 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7066 ==================== Memory info =========================== Processor: Intel® Pentium® CPU G3220 @ 3.00GHz Percentage of memory in use: 52% Total physical RAM: 3967.71 MB Available physical RAM: 1878.95 MB Total Pagefile: 7933.62 MB Available Pagefile: 5102.14 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:226.33 GB) (Free:129.8 GB) NTFS Drive d: (DATA) (Fixed) (Total:226.33 GB) (Free:226.18 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0AA8F87) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=226.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=226.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan Results.150212-0721.txt mbam 21215.txt
  9. shep711
    No-
  10. shep711
    DK the link you provided to Kaspersky still only brings up a security scan whic does not provide a report. I DL'd the Kaspersky Internet securtiy scanner loaded it and ran a scan nothing was found and NO report. So, alas, I used the ESET onlie and nothing was found. Here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ad4cf10bdbebfe4c95da16614407d12f # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-17 02:54:30 # local_time=2012-11-16 06:54:30 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777191 100 0 0 0 0 0 # compatibility_mode=1792 16777215 100 0 875222 875222 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 614781 614781 0 0 # scanned=98796 # found=0 # cleaned=0 # scan_time=8396
  11. shep711
    Dk I ran TDS Killer using the original instructions from you. I had to attach as the post was too long. THX
  12. shep711
    DK the only issue I have is being sure that the initial TDSS infection hasn't placed a backdoor on my computer and mucked up the security center. Let me know if you think its clear . The TFC did clear the temp files but when visiting the foxnews site AVIRA still detects it. From the info posted online it seems to be a false positive. Thank you for all your help.
  13. shep711
    DK here you are. BTW Avira only tags this when I am on the foxnews website. It is occuring for many others as well. MBAM did not get a hit on this .. Avira Free Antivirus Report file date: Wednesday, November 14, 2012 07:03 The program is running as an unrestricted full version. Online services are available. Licensee : Avira Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Microsoft Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : HP85525302658 Version information: BUILD.DAT : 13.0.0.2761 48279 Bytes 11/9/2012 16:45:00 AVSCAN.EXE : 13.4.0.262 638752 Bytes 11/13/2012 16:03:13 AVSCANRC.DLL : 13.4.0.219 54560 Bytes 10/10/2012 01:19:07 LUKE.DLL : 13.4.0.251 67360 Bytes 11/13/2012 16:03:39 AVSCPLR.DLL : 13.4.0.262 93984 Bytes 11/12/2012 22:04:21 AVREG.DLL : 13.4.0.244 245536 Bytes 11/12/2012 22:04:20 avlode.dll : 13.4.0.255 426272 Bytes 11/13/2012 16:03:49 avlode.rdf : 13.0.0.24 7196 Bytes 9/27/2012 19:30:38 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 23:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 23:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 23:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 9/6/2012 23:42:40 VBASE007.VDF : 7.11.45.207 2363904 Bytes 10/11/2012 00:52:17 VBASE008.VDF : 7.11.45.208 2048 Bytes 10/11/2012 00:52:17 VBASE009.VDF : 7.11.45.209 2048 Bytes 10/11/2012 00:52:17 VBASE010.VDF : 7.11.45.210 2048 Bytes 10/11/2012 00:52:17 VBASE011.VDF : 7.11.45.211 2048 Bytes 10/11/2012 00:52:17 VBASE012.VDF : 7.11.45.212 2048 Bytes 10/11/2012 00:52:17 VBASE013.VDF : 7.11.45.213 2048 Bytes 10/11/2012 00:52:17 VBASE014.VDF : 7.11.46.65 220160 Bytes 10/16/2012 21:34:30 VBASE015.VDF : 7.11.46.153 173568 Bytes 10/18/2012 18:35:47 VBASE016.VDF : 7.11.46.223 162304 Bytes 10/19/2012 18:35:47 VBASE017.VDF : 7.11.47.35 126464 Bytes 10/22/2012 16:59:23 VBASE018.VDF : 7.11.47.95 175616 Bytes 10/24/2012 21:50:08 VBASE019.VDF : 7.11.47.177 164352 Bytes 10/26/2012 22:28:57 VBASE020.VDF : 7.11.47.229 143360 Bytes 10/28/2012 22:28:58 VBASE021.VDF : 7.11.48.47 138240 Bytes 10/30/2012 22:28:59 VBASE022.VDF : 7.11.48.135 122880 Bytes 11/1/2012 22:28:59 VBASE023.VDF : 7.11.48.209 142848 Bytes 11/5/2012 22:29:00 VBASE024.VDF : 7.11.48.243 119296 Bytes 11/5/2012 22:29:00 VBASE025.VDF : 7.11.49.47 136704 Bytes 11/7/2012 10:21:34 VBASE026.VDF : 7.11.49.135 194560 Bytes 11/9/2012 16:13:48 VBASE027.VDF : 7.11.49.209 188416 Bytes 11/12/2012 22:04:18 VBASE028.VDF : 7.11.49.210 2048 Bytes 11/12/2012 22:04:19 VBASE029.VDF : 7.11.49.211 2048 Bytes 11/12/2012 22:04:19 VBASE030.VDF : 7.11.49.212 2048 Bytes 11/12/2012 22:04:19 VBASE031.VDF : 7.11.50.0 111104 Bytes 11/13/2012 22:01:48 Engine version : 8.2.10.198 AEVDF.DLL : 8.1.2.10 102772 Bytes 9/19/2012 23:42:55 AESCRIPT.DLL : 8.1.4.66 463227 Bytes 11/12/2012 16:04:28 AESCN.DLL : 8.1.9.2 131444 Bytes 9/26/2012 23:54:07 AESBX.DLL : 8.2.5.12 606578 Bytes 8/29/2012 01:58:06 AERDL.DLL : 8.2.0.74 643445 Bytes 11/7/2012 10:21:47 AEPACK.DLL : 8.3.0.40 815479 Bytes 11/12/2012 16:04:26 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 11/5/2012 22:29:12 AEHEUR.DLL : 8.1.4.132 5489016 Bytes 11/12/2012 16:04:23 AEHELP.DLL : 8.1.25.2 258423 Bytes 10/13/2012 00:52:32 AEGEN.DLL : 8.1.6.8 434548 Bytes 11/7/2012 10:21:38 AEEXP.DLL : 8.2.0.10 119158 Bytes 11/5/2012 22:29:14 AEEMU.DLL : 8.1.3.2 393587 Bytes 9/19/2012 23:42:55 AECORE.DLL : 8.1.29.2 201079 Bytes 11/7/2012 10:21:37 AEBB.DLL : 8.1.1.4 53619 Bytes 11/5/2012 22:29:04 AVWINLL.DLL : 13.4.0.163 25888 Bytes 9/20/2012 03:09:30 AVPREF.DLL : 13.4.0.163 50464 Bytes 9/20/2012 03:07:51 AVREP.DLL : 13.4.0.244 177952 Bytes 11/12/2012 22:04:20 AVARKT.DLL : 13.4.0.232 260384 Bytes 10/17/2012 01:55:29 AVEVTLOG.DLL : 13.4.0.232 167200 Bytes 10/17/2012 01:56:35 SQLITE3.DLL : 3.7.0.1 397088 Bytes 9/20/2012 03:17:40 AVSMTP.DLL : 13.4.0.163 62240 Bytes 9/20/2012 03:08:55 NETNT.DLL : 13.4.0.163 15648 Bytes 9/20/2012 03:16:26 RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 9/20/2012 04:40:13 RCTEXT.DLL : 13.4.0.163 66336 Bytes 10/19/2012 20:56:26 Configuration settings for the scan: Jobname.............................: AVGuardAsyncScan Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_50a2c192\guard_slideup.avp Reporting...........................: default Primary action......................: Interactive Secondary action....................: Quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Limit recursion depth...............: 20 Smart extensions....................: on Macrovirus heuristic................: on File heuristic......................: Complete Start of the scan: Wednesday, November 14, 2012 07:03 Starting search for hidden objects. The scan of running processes will be started: Scan process 'rsmsink.exe' - '28' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '104' Module(s) have been scanned Scan process 'mmc.exe' - '55' Module(s) have been scanned Scan process 'iexplore.exe' - '96' Module(s) have been scanned Scan process 'iexplore.exe' - '116' Module(s) have been scanned Scan process 'iexplore.exe' - '124' Module(s) have been scanned Scan process 'agent.exe' - '29' Module(s) have been scanned Scan process 'isuspm.exe' - '41' Module(s) have been scanned Scan process 'explorer.exe' - '159' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'BbDevMgr.exe' - '26' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'RIMDeviceManager.exe' - '36' Module(s) have been scanned Scan process 'avgnt.exe' - '72' Module(s) have been scanned Scan process 'msseces.exe' - '45' Module(s) have been scanned Scan process 'realsched.exe' - '27' Module(s) have been scanned Scan process 'issch.exe' - '12' Module(s) have been scanned Scan process 'atiptaxx.exe' - '33' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'WMPNetwk.exe' - '54' Module(s) have been scanned Scan process 'Wacom_Tablet.exe' - '36' Module(s) have been scanned Scan process 'Wacom_TabletUser.exe' - '18' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned Scan process 'VideoAcceleratorService.exe' - '47' Module(s) have been scanned Scan process 'UTSCSI.EXE' - '7' Module(s) have been scanned Scan process 'Wacom_Tablet.exe' - '24' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'spnsrvnt.exe' - '30' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '43' Module(s) have been scanned Scan process 'sntlkeyssrvr.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'crypserv.exe' - '14' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '48' Module(s) have been scanned Scan process 'avguard.exe' - '65' Module(s) have been scanned Scan process 'sched.exe' - '38' Module(s) have been scanned Scan process 'spoolsv.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '51' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '157' Module(s) have been scanned Scan process 'MsMpEng.exe' - '43' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'svchost.exe' - '55' Module(s) have been scanned Scan process 'lsass.exe' - '62' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '95' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\J722RA22\server[1].htm' Search path C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\J722RA22\server[1].htm could not be opened! System error [2]: The system cannot find the file specified. Begin scan in 'C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm' C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm [DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus Beginning disinfection: C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm [DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus [NOTE] The file was moved to the quarantine directory under the name '5748105e.qua'! End of the scan: Wednesday, November 14, 2012 07:07 Used time: 03:30 Minute(s) The scan has been done completely. 0 Scanned directories 491 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 490 Files not concerned 1 Archives were scanned 0 Warnings 1 Notes 69543 Objects were scanned with rootkit scan 0 Hidden objects were found The scan results will be transferred to the Guard.
  14. shep711
    DK I am on a DNS- the 13 other computers on the network have no securty error messages and the security check program doesn't find any errors. I looked at the article regarding the 1053 USERENV event and it doesn't offer any corrections to the problem. I am getting an virus detection when I open my browser from AVIRA finding this- HTML/rce.gen3. Never had it before. All full scans are clear. What happens next?
  15. shep711
    DK -I finally finished with the SP3 upload and all windows updates that were needed. The Security Center is still not running I went into the application logs after the SP3 down load and this seems to be the information message for the security center. "The Security Center service has been stopped. It was prevented from running by a software group policy." There is also an error message saying" Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. I do not know if this will help ...
  16. shep711
    DK Still no start.... Is this problem with the Security Center something that happens often?
  17. shep711
    DK I navigated Navigate through Local Computer Policy>Computer Configuration>Administrative Templates>Windows Components>Security Center. There is no listed folder "Security Center" within the "Windows Components" . FYI only forders listed in Windows Components : Event Forwarding; Search; Windows Remote Management ( WinRM) sub folders WinRM Client + WinRM Service; Windows remote shell; Windows Media Player: last one is Windows Update Shall do the Gpudate /force any way?
  18. shep711
    DK Not clear on your request. I'll give it a go. When I open up the security center to set to auto there are several tabs in the window . Dependencies has the following: Remote proceedure call (no sub directory listed); Windows Management Instumentation w/ sub directory of Remote Proceedure Call (RPC). Paths C:\WINDOWS\System32\svchost.exe -k netsvcs... is the path for Securtiy center and Windows Management Instrumentation; The path listed for RPC is C:\WINDOWS\system32\svchost.exe -k rpcss When trying to auto start the Securty Center error message is " The Security center service on local computer started and then stopped. Some services stop automatically if they have no work to do, for example the Performance logs and Alerts sevice." The performance logs is set to auto but does not start path is C:\WINDOWS\system32\smlogsvc.exe The alerter service is started and set to auto- path C:\WINDOWS\system32\svchost.exe -k LocalService. Hopefully this is what you needed.
  19. shep711
    DK - No Go on the Security Center...
  20. shep711
    DK -- Another one for you .. Farbar Service Scanner Version: 09-11-2012 Ran by cray (administrator) on 10-11-2012 at 16:52:46 Running from "C:\Documents and Settings\cray\Desktop" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x080000000400000001000000020000000300000008000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****
  21. shep711
    DK Still is not up and it did not ask me for the install disc either .. I ran another Tweeking window repair an pasted the log - Just trying to help. BTW thank you for your valuble help so far.... Starting Repairs... Start (11/10/2012 3:12:50 PM) Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (11/10/2012 3:12:50 PM) Done (11/10/2012 3:13:14 PM) Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (11/10/2012 3:13:14 PM) Done (11/10/2012 3:14:50 PM) Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (11/10/2012 3:14:50 PM) Done (11/10/2012 3:15:37 PM) Reset File Permissions 01/30 C:\Autodesk & Sub Folders Start (11/10/2012 3:15:37 PM) Done (11/10/2012 3:16:49 PM) Reset File Permissions 02/30 C:\bid clerk & Sub Folders Start (11/10/2012 3:16:49 PM) Done (11/10/2012 3:16:52 PM) Reset File Permissions 03/30 C:\BidView & Sub Folders Start (11/10/2012 3:16:52 PM) Done (11/10/2012 3:17:02 PM) Reset File Permissions 04/30 C:\cmdcons & Sub Folders Start (11/10/2012 3:17:02 PM) Done (11/10/2012 3:17:07 PM) Reset File Permissions 05/30 C:\ComboFix & Sub Folders Start (11/10/2012 3:17:07 PM) Done (11/10/2012 3:17:09 PM) Reset File Permissions 06/30 C:\Compaq & Sub Folders Start (11/10/2012 3:17:09 PM) Done (11/10/2012 3:17:16 PM) Reset File Permissions 07/30 C:\COpy Plans & Sub Folders Start (11/10/2012 3:17:16 PM) Done (11/10/2012 3:17:18 PM) Reset File Permissions 08/30 C:\Digital Takeoff Table Installer & Sub Folders Start (11/10/2012 3:17:18 PM) Done (11/10/2012 3:17:25 PM) Reset File Permissions 09/30 C:\divx & Sub Folders Start (11/10/2012 3:17:25 PM) Done (11/10/2012 3:17:27 PM) Reset File Permissions 10/30 C:\downloads & Sub Folders Start (11/10/2012 3:17:27 PM) Done (11/10/2012 3:17:29 PM) Reset File Permissions 11/30 C:\Firefox & Sub Folders Start (11/10/2012 3:17:29 PM) Done (11/10/2012 3:17:32 PM) Reset File Permissions 12/30 C:\Heritage Plaza Pict renovation & Sub Folders Start (11/10/2012 3:17:32 PM) Done (11/10/2012 3:17:34 PM) Reset File Permissions 13/30 C:\i386 & Sub Folders Start (11/10/2012 3:17:34 PM) Done (11/10/2012 3:17:59 PM) Reset File Permissions 14/30 C:\isqft dl & Sub Folders Start (11/10/2012 3:17:59 PM) Done (11/10/2012 3:18:01 PM) Reset File Permissions 15/30 C:\MSOCache & Sub Folders Start (11/10/2012 3:18:01 PM) Done (11/10/2012 3:18:06 PM) Reset File Permissions 16/30 C:\Oceana PDF Archs LS & Sub Folders Start (11/10/2012 3:18:06 PM) Done (11/10/2012 3:18:08 PM) Reset File Permissions 17/30 C:\OCS Documents & Sub Folders Start (11/10/2012 3:18:08 PM) Done (11/10/2012 3:18:59 PM) Reset File Permissions 18/30 C:\oncenter & Sub Folders Start (11/10/2012 3:18:59 PM) Done (11/10/2012 3:19:01 PM) Reset File Permissions 19/30 C:\Program Files & Sub Folders Start (11/10/2012 3:19:01 PM) Done (11/10/2012 3:21:26 PM) Reset File Permissions 20/30 C:\SNAP & Sub Folders Start (11/10/2012 3:21:26 PM) Done (11/10/2012 3:21:28 PM) Reset File Permissions 21/30 C:\Sub Hub DL & Sub Folders Start (11/10/2012 3:21:28 PM) Done (11/10/2012 3:21:33 PM) Reset File Permissions 22/30 C:\SYSTEM.SAV & Sub Folders Start (11/10/2012 3:21:33 PM) Done (11/10/2012 3:21:35 PM) Reset File Permissions 23/30 C:\TDSSKiller_Quarantine & Sub Folders Start (11/10/2012 3:21:35 PM) Done (11/10/2012 3:21:38 PM) Reset File Permissions 24/30 C:\temp & Sub Folders Start (11/10/2012 3:21:38 PM) Done (11/10/2012 3:21:40 PM) Reset File Permissions 25/30 C:\Tweaking.com_Windows_Repair_Logs & Sub Folders Start (11/10/2012 3:21:40 PM) Done (11/10/2012 3:21:42 PM) Reset File Permissions 26/30 C:\WINDOWS & Sub Folders Start (11/10/2012 3:21:42 PM) Done (11/10/2012 3:27:57 PM) Reset File Permissions 27/30 C:\WTablet & Sub Folders Start (11/10/2012 3:27:57 PM) Done (11/10/2012 3:28:00 PM) Reset File Permissions 28/30 C:\Zipped & Sub Folders Start (11/10/2012 3:28:00 PM) Done (11/10/2012 3:28:02 PM) Reset File Permissions 29/30 C:\__0X00F9 & Sub Folders Start (11/10/2012 3:28:02 PM) Done (11/10/2012 3:28:09 PM) Reset File Permissions 30/30 C:\__0X00FC & Sub Folders Start (11/10/2012 3:28:09 PM) Done (11/10/2012 3:28:11 PM) Register System Files Start (11/10/2012 3:28:11 PM) Done (11/10/2012 3:29:50 PM) Repair WMI Start (11/10/2012 3:29:50 PM) Step 01/03 - Deleting WMI Repository... The system cannot find the path specified. Step 02/03 - Rebuilding WMI Repository... Step 03/03 - Registering WMI... Invalid Global Switch. Done (11/10/2012 3:31:57 PM) Repair Windows Firewall Start (11/10/2012 3:31:57 PM) System error 1060 has occurred. The specified service does not exist as an installed service. The Windows Firewall/Internet Connection Sharing (ICS) service is not started. More help is available by typing NET HELPMSG 3521. System error 1060 has occurred. The specified service does not exist as an installed service. The service name is invalid. More help is available by typing NET HELPMSG 2185. The service name is invalid. More help is available by typing NET HELPMSG 2185. Done (11/10/2012 3:32:02 PM) Repair Internet Explorer Start (11/10/2012 3:32:02 PM) Done (11/10/2012 3:33:06 PM) Remove Policies Set By Infections Start (11/10/2012 3:33:06 PM) Done (11/10/2012 3:33:08 PM) Repair Winsock & DNS Cache Start (11/10/2012 3:33:08 PM) Done (11/10/2012 3:33:17 PM) Repair Proxy Settings Start (11/10/2012 3:33:17 PM) Done (11/10/2012 3:33:19 PM) Repair Windows Updates Start (11/10/2012 3:33:19 PM) The BITS service is not started. More help is available by typing NET HELPMSG 3521. The Automatic Updates service is not started. More help is available by typing NET HELPMSG 3521. The process cannot access the file because it is being used by another process. The process cannot access the file because it is being used by another process. The process cannot access the file because it is being used by another process. C:\WINDOWS\system32\catroot2\edb.log - The process cannot access the file because it is being used by another process. C:\WINDOWS\system32\catroot2\edbtmp.log - The process cannot access the file because it is being used by another process. C:\WINDOWS\system32\catroot2\tmp.edb - The process cannot access the file because it is being used by another process. The requested service has already been started. More help is available by typing NET HELPMSG 2182. 'bitsadmin.exe' is not recognized as an internal or external command, operable program or batch file. Done (11/10/2012 3:34:16 PM) Set Windows Services To Default Startup Start (11/10/2012 3:34:16 PM) Done (11/10/2012 3:34:30 PM) Repair MSI (Windows Installer) Start (11/10/2012 3:34:30 PM) The Windows Installer service is not started. More help is available by typing NET HELPMSG 3521. Done (11/10/2012 3:34:36 PM) Cleaning up empty logs... All Selected Repairs Done. Done (11/10/2012 3:34:36 PM) Total Repair Time: 00:22:14 ...YOU MUST RESTART YOUR SYSTEM...
  22. shep711
    DK -Security Center still will not start. I took the liberty of pasting a report from Spybot on a scan completed 11-1 where it found and repaired a file. This file can be recovered - Maybe this info will help.. I am also posting the results of the latest Security Check. Inoticed during the Security Check scan that it is trying to locate a file "HKLMRUN.TXT" and is unable to find it... Spy bot --- Report generated: 2012-11-01 16:46 --- Microsoft.WindowsSecurityCenter.AntiVirusOverride: [sBI $3604910C] Settings (Registry change, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2012-11-01 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2012-10-31 Includes\Adware.sbi (*) 2012-10-30 Includes\AdwareC.sbi (*) 2010-08-12 Includes\Cookies.sbi (*) 2010-12-14 Includes\Dialer.sbi (*) 2012-09-26 Includes\DialerC.sbi (*) 2012-01-31 Includes\HeavyDuty.sbi (*) 2012-10-15 Includes\Hijackers.sbi (*) 2012-09-25 Includes\HijackersC.sbi (*) 2010-09-15 Includes\iPhone.sbi (*) 2012-03-13 Includes\Keyloggers.sbi (*) 2012-03-13 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2012-08-28 Includes\Malware.sbi (*) 2012-10-30 Includes\MalwareC.sbi (*) 2012-10-24 Includes\PUPS.sbi (*) 2012-10-30 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2012-06-18 Includes\Security.sbi (*) 2011-12-13 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2012-09-04 Includes\Spyware.sbi (*) 2012-09-03 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2011-09-28 Includes\Trojans.sbi (*) 2012-10-31 Includes\TrojansC-02.sbi (*) 2012-10-30 Includes\TrojansC-03.sbi (*) 2012-10-24 Includes\TrojansC-04.sbi (*) 2012-08-30 Includes\TrojansC-05.sbi (*) 2012-10-31 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll Results of screen317's Security Check version 0.99.54 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Windows Defender Malwarebytes Anti-Malware version 1.65.1.1000 Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 7% ````````````````````End of Log``````````````````````
  23. shep711
    OK Here you go. Results of screen317's Security Check version 0.99.54 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Windows Defender Malwarebytes Anti-Malware version 1.65.1.1000 Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Windows Defender MSMpEng.exe Windows Defender MSASCui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Windows Defender MSASCui.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 7% ````````````````````End of Log``````````````````````
  24. shep711
    DK The new log from Security Check Results of screen317's Security Check version 0.99.54 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Windows Defender Malwarebytes Anti-Malware version 1.65.1.1000 Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 8% ````````````````````End of Log``````````````````````
  25. shep711
    DK Here is the log Results of screen317's Security Check version 0.99.54 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Windows Defender Malwarebytes Anti-Malware version 1.65.1.1000 Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 8% ````````````````````End of Log``````````````````````
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.