shep711

Hello I am sure my computer is infected. I have run Spy bot and I have premium MB ( after infection, free version before). MB qt but still have problems- MB Log and SpyBOT logs are attached,.

>>>>>>>

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Dad (administrator) on HOME on 12-02-2015 08:07:41
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad & Mom & Rae Lynn & Guest (Available profiles: Dad & Mom & Rae Lynn & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Egis Technology Inc.) C:\Program Files\Common Files\EgisTec CommonModule\eLock\eLockServ.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe

==================== Registry (Whitelisted) ==================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Dad at 2015-02-12 08:08:20
Running from C:\Users\Dad\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer Framework (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5500 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\Booster-Web) (Version: 2 - Appli LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3220 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1203689296-2350690145-2900710007-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
ProShield (HKLM-x32\...\InstallShield_{08CCD7B4-9EED-4926-805D-C4FFF869989A}) (Version: 1.4.1.16 - Egis Technology Inc.)
ProShield (Version: 1.4.1.16 - Egis Technology Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6878 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1203689296-2350690145-2900710007-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

23-01-2015 23:32:35 Windows Update
27-01-2015 11:50:53 Windows Update
30-01-2015 16:58:20 Windows Update
02-02-2015 20:51:57 Windows Update
05-02-2015 22:11:09 Windows Update
09-02-2015 08:05:52 Windows Update
11-02-2015 17:19:55 Removed Bonjour
12-02-2015 03:00:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-02-11 22:19 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEFE807-611D-484D-93F7-25D9B65796D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1135D3F6-6D48-4E99-9460-39CE7AFD1A05} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-09-13] (Egis Technology Inc.)
Task: {1982C7AC-9584-4566-879A-5D2773481479} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {2C79938F-C1D8-4DEC-9F8B-CF11ADFA5981} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {2DA4573C-DDFC-4675-9719-AF69C48AE18E} - \SMWPUpd No Task File <==== ATTENTION
Task: {3EC5CB2C-B27F-4CA9-BB8E-2844F0D685CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {704815AB-D471-4C4B-BA29-6C9A1495465A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {7ECE05CC-7D1E-4266-9851-08CAABB2B7A1} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {8671DA96-DBF7-4EE5-987D-B6828102B485} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {8E3018C2-9461-4B1C-8BC4-48B5CC4412E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {99A4B69B-6870-4FE6-9CE2-D2DDB31A5C49} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9B5BE1E6-80C0-4A70-9C9E-01492727853A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A25BC11B-8165-488A-A825-D18A2FC707D8} - \SMW_UpdateTask_Time_333030313331343739302d2d5b50342a4155456c5a236c No Task File <==== ATTENTION
Task: {B8F15E5F-281D-4F41-95B7-D0FA21C16447} - System32\Tasks\UpdaterEX => C:\Users\Dad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {BDD17E31-3C2D-4367-8DB4-BF731AA1DDC6} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BFD11732-9F2D-466A-88C4-1DA04A59C80F} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {C531B928-1994-4775-B920-321FEE387F29} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {CA068506-E335-4171-B44D-CD8FF1B0D2F2} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {D3A220AF-3415-4635-BF5E-A50BB647EFCB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {DBD97CDA-1D06-4B57-976B-D70BCED2C9CB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {DD1518FD-1192-41E4-B48B-7BB81C919FAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E1A84CBA-5B8C-4B2A-9BBF-ED847296B24C} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-09-13] (Egis Technology Inc.)
Task: {E6E74B23-3C03-4B43-8409-2955CCD6C5DC} - System32\Tasks\Smp => C:\Program Files\Common Files\GBUpdatePlus\smp.exe
Task: {E75F042F-6A03-4239-8FEC-082C1C0C8F1C} - System32\Tasks\PastaLeads => C:\Program Files (x86)\pastaleads\ScheduledTask.exe
Task: {EA50D362-D447-49CE-8514-A901F3D4A172} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {FF7602D1-EC88-483C-8519-69DBD3211851} - System32\Tasks\EgisTSR => C:\Program Files\Acer ProShield\EgisTSR.exe [2013-12-19] (Egis Technology Inc. )
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Dad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-09-19 12:14 - 2013-10-23 13:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-08-31 11:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-10 00:40 - 2011-06-13 17:59 - 00030080 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2014-02-10 00:40 - 2014-02-10 00:40 - 00038312 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5500.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2014-02-10 00:40 - 2014-02-10 00:40 - 00026040 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5500.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2014-02-10 00:40 - 2014-02-10 00:40 - 00066960 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.5500.0__3036420f80dd6947\Framework.Library.dll
2014-02-10 00:40 - 2014-02-10 00:40 - 00034192 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.5500.0__672b450de5a7e94a\Framework.Host.dll
2014-02-10 00:40 - 2014-02-10 00:40 - 00021920 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5500.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2014-10-25 20:52 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-19 10:32 - 2013-12-19 10:32 - 01407976 _____ () C:\Program Files\Acer ProShield\LIBEAY32.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-11 21:35 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-11 21:35 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-11 21:35 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-01 19:34 - 2013-04-11 14:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-08-29 05:35 - 2014-11-19 14:47 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-02-11 21:33 - 2015-01-23 02:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1203689296-2350690145-2900710007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1203689296-2350690145-2900710007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1203689296-2350690145-2900710007-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rae Lynn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1203689296-2350690145-2900710007-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1203689296-2350690145-2900710007-500 - Administrator - Disabled)
Dad (S-1-5-21-1203689296-2350690145-2900710007-1000 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-1203689296-2350690145-2900710007-501 - Limited - Disabled) => C:\Users\Guest
Mom (S-1-5-21-1203689296-2350690145-2900710007-1001 - Limited - Enabled) => C:\Users\Mom
Rae Lynn (S-1-5-21-1203689296-2350690145-2900710007-1002 - Limited - Enabled) => C:\Users\Rae Lynn

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 06:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDTools.exe, version: 2.4.40.157, time stamp: 0x535a51a5
Faulting module name: dhcpcsvc.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x72001b2d
Faulting process id: 0xb34
Faulting application start time: 0xSDTools.exe0
Faulting application path: SDTools.exe1
Faulting module path: SDTools.exe2
Report Id: SDTools.exe3

Error: (02/12/2015 03:40:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 07:43:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 07:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 06:57:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93
Faulting module name: RPCRT4.dll, version: 6.1.7601.18532, time stamp: 0x53c339ee
Exception code: 0xc0000005
Fault offset: 0x0000000000012ab4
Faulting process id: 0x818
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (02/11/2015 05:17:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8143

Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8143

Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2015 11:18:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7066

System errors:
=============
Error: (02/12/2015 06:16:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (02/12/2015 03:49:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (02/12/2015 03:49:37 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (02/12/2015 03:40:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (02/12/2015 03:40:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (02/12/2015 03:40:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (02/12/2015 03:40:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (02/11/2015 11:19:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/11/2015 06:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/11/2015 05:16:11 PM) (Source: DCOM) (EventID: 10016) (User: Home)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}HomeGuestS-1-5-21-1203689296-2350690145-2900710007-501LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (02/12/2015 06:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDTools.exe2.4.40.157535a51a5dhcpcsvc.DLL_unloaded0.0.0.04a5bd9b5c000000572001b2db3401d046cff23b3983C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exedhcpcsvc.DLL7abf988f-b2c3-11e4-a655-c03fd559437b

Error: (02/12/2015 03:40:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 07:43:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 07:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 06:57:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe5.0.7601.175144ce79d93RPCRT4.dll6.1.7601.1853253c339eec00000050000000000012ab481801d046620068cae4C:\Windows\system32\msiexec.exeC:\Windows\system32\RPCRT4.dlle5a79621-b262-11e4-a14c-c03fd559437b

Error: (02/11/2015 05:17:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8143

Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8143

Error: (02/11/2015 11:18:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2015 11:18:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7066

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 3967.71 MB
Available physical RAM: 1878.95 MB
Total Pagefile: 7933.62 MB
Available Pagefile: 5102.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:226.33 GB) (Free:129.8 GB) NTFS
Drive d: (DATA) (Fixed) (Total:226.33 GB) (Free:226.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0AA8F87)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=226.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=226.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan Results.150212-0721.txt

mbam 21215.txt

November 17, 2012

No-

November 17, 2012

DK the link you provided to Kaspersky still only brings up a security scan whic does not provide a report. I DL'd the Kaspersky Internet securtiy scanner loaded it and ran a scan nothing was found and NO report. So, alas, I used the ESET onlie and nothing was found. Here is the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ad4cf10bdbebfe4c95da16614407d12f

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-17 02:54:30

# local_time=2012-11-16 06:54:30 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1280 16777191 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 875222 875222 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 614781 614781 0 0

# scanned=98796

# found=0

# cleaned=0

# scan_time=8396

November 15, 2012

Dk I ran TDS Killer using the original instructions from you. I had to attach as the post was too long. THX

November 15, 2012

DK the only issue I have is being sure that the initial TDSS infection hasn't placed a backdoor on my computer and mucked up the security center. Let me know if you think its clear .

The TFC did clear the temp files but when visiting the foxnews site AVIRA still detects it. From the info posted online it seems to be a false positive. Thank you for all your help.

November 14, 2012

DK here you are. BTW Avira only tags this when I am on the foxnews website. It is occuring for many others as well. MBAM did not get a hit on this ..

Avira Free Antivirus

Report file date: Wednesday, November 14, 2012 07:03

The program is running as an unrestricted full version.

Online services are available.

Licensee : Avira Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Microsoft Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : HP85525302658

Version information:

BUILD.DAT : 13.0.0.2761 48279 Bytes 11/9/2012 16:45:00

AVSCAN.EXE : 13.4.0.262 638752 Bytes 11/13/2012 16:03:13

AVSCANRC.DLL : 13.4.0.219 54560 Bytes 10/10/2012 01:19:07

LUKE.DLL : 13.4.0.251 67360 Bytes 11/13/2012 16:03:39

AVSCPLR.DLL : 13.4.0.262 93984 Bytes 11/12/2012 22:04:21

AVREG.DLL : 13.4.0.244 245536 Bytes 11/12/2012 22:04:20

avlode.dll : 13.4.0.255 426272 Bytes 11/13/2012 16:03:49

avlode.rdf : 13.0.0.24 7196 Bytes 9/27/2012 19:30:38

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:50:29

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:50:31

VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 23:50:34

VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 23:50:36

VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 23:50:37

VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:42:40

VBASE006.VDF : 7.11.41.250 4902400 Bytes 9/6/2012 23:42:40

VBASE007.VDF : 7.11.45.207 2363904 Bytes 10/11/2012 00:52:17

VBASE008.VDF : 7.11.45.208 2048 Bytes 10/11/2012 00:52:17

VBASE009.VDF : 7.11.45.209 2048 Bytes 10/11/2012 00:52:17

VBASE010.VDF : 7.11.45.210 2048 Bytes 10/11/2012 00:52:17

VBASE011.VDF : 7.11.45.211 2048 Bytes 10/11/2012 00:52:17

VBASE012.VDF : 7.11.45.212 2048 Bytes 10/11/2012 00:52:17

VBASE013.VDF : 7.11.45.213 2048 Bytes 10/11/2012 00:52:17

VBASE014.VDF : 7.11.46.65 220160 Bytes 10/16/2012 21:34:30

VBASE015.VDF : 7.11.46.153 173568 Bytes 10/18/2012 18:35:47

VBASE016.VDF : 7.11.46.223 162304 Bytes 10/19/2012 18:35:47

VBASE017.VDF : 7.11.47.35 126464 Bytes 10/22/2012 16:59:23

VBASE018.VDF : 7.11.47.95 175616 Bytes 10/24/2012 21:50:08

VBASE019.VDF : 7.11.47.177 164352 Bytes 10/26/2012 22:28:57

VBASE020.VDF : 7.11.47.229 143360 Bytes 10/28/2012 22:28:58

VBASE021.VDF : 7.11.48.47 138240 Bytes 10/30/2012 22:28:59

VBASE022.VDF : 7.11.48.135 122880 Bytes 11/1/2012 22:28:59

VBASE023.VDF : 7.11.48.209 142848 Bytes 11/5/2012 22:29:00

VBASE024.VDF : 7.11.48.243 119296 Bytes 11/5/2012 22:29:00

VBASE025.VDF : 7.11.49.47 136704 Bytes 11/7/2012 10:21:34

VBASE026.VDF : 7.11.49.135 194560 Bytes 11/9/2012 16:13:48

VBASE027.VDF : 7.11.49.209 188416 Bytes 11/12/2012 22:04:18

VBASE028.VDF : 7.11.49.210 2048 Bytes 11/12/2012 22:04:19

VBASE029.VDF : 7.11.49.211 2048 Bytes 11/12/2012 22:04:19

VBASE030.VDF : 7.11.49.212 2048 Bytes 11/12/2012 22:04:19

VBASE031.VDF : 7.11.50.0 111104 Bytes 11/13/2012 22:01:48

Engine version : 8.2.10.198

AEVDF.DLL : 8.1.2.10 102772 Bytes 9/19/2012 23:42:55

AESCRIPT.DLL : 8.1.4.66 463227 Bytes 11/12/2012 16:04:28

AESCN.DLL : 8.1.9.2 131444 Bytes 9/26/2012 23:54:07

AESBX.DLL : 8.2.5.12 606578 Bytes 8/29/2012 01:58:06

AERDL.DLL : 8.2.0.74 643445 Bytes 11/7/2012 10:21:47

AEPACK.DLL : 8.3.0.40 815479 Bytes 11/12/2012 16:04:26

AEOFFICE.DLL : 8.1.2.50 201084 Bytes 11/5/2012 22:29:12

AEHEUR.DLL : 8.1.4.132 5489016 Bytes 11/12/2012 16:04:23

AEHELP.DLL : 8.1.25.2 258423 Bytes 10/13/2012 00:52:32

AEGEN.DLL : 8.1.6.8 434548 Bytes 11/7/2012 10:21:38

AEEXP.DLL : 8.2.0.10 119158 Bytes 11/5/2012 22:29:14

AEEMU.DLL : 8.1.3.2 393587 Bytes 9/19/2012 23:42:55

AECORE.DLL : 8.1.29.2 201079 Bytes 11/7/2012 10:21:37

AEBB.DLL : 8.1.1.4 53619 Bytes 11/5/2012 22:29:04

AVWINLL.DLL : 13.4.0.163 25888 Bytes 9/20/2012 03:09:30

AVPREF.DLL : 13.4.0.163 50464 Bytes 9/20/2012 03:07:51

AVREP.DLL : 13.4.0.244 177952 Bytes 11/12/2012 22:04:20

AVARKT.DLL : 13.4.0.232 260384 Bytes 10/17/2012 01:55:29

AVEVTLOG.DLL : 13.4.0.232 167200 Bytes 10/17/2012 01:56:35

SQLITE3.DLL : 3.7.0.1 397088 Bytes 9/20/2012 03:17:40

AVSMTP.DLL : 13.4.0.163 62240 Bytes 9/20/2012 03:08:55

NETNT.DLL : 13.4.0.163 15648 Bytes 9/20/2012 03:16:26

RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 9/20/2012 04:40:13

RCTEXT.DLL : 13.4.0.163 66336 Bytes 10/19/2012 20:56:26

Configuration settings for the scan:

Jobname.............................: AVGuardAsyncScan

Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_50a2c192\guard_slideup.avp

Reporting...........................: default

Primary action......................: Interactive

Secondary action....................: Quarantine

Scan master boot sector.............: on

Scan boot sector....................: off

Process scan........................: on

Scan registry.......................: off

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Limit recursion depth...............: 20

Smart extensions....................: on

Macrovirus heuristic................: on

File heuristic......................: Complete

Start of the scan: Wednesday, November 14, 2012 07:03

Starting search for hidden objects.

The scan of running processes will be started:

Scan process 'rsmsink.exe' - '28' Module(s) have been scanned

Scan process 'dllhost.exe' - '45' Module(s) have been scanned

Scan process 'vssvc.exe' - '48' Module(s) have been scanned

Scan process 'avscan.exe' - '104' Module(s) have been scanned

Scan process 'mmc.exe' - '55' Module(s) have been scanned

Scan process 'iexplore.exe' - '96' Module(s) have been scanned

Scan process 'iexplore.exe' - '116' Module(s) have been scanned

Scan process 'iexplore.exe' - '124' Module(s) have been scanned

Scan process 'agent.exe' - '29' Module(s) have been scanned

Scan process 'isuspm.exe' - '41' Module(s) have been scanned

Scan process 'explorer.exe' - '159' Module(s) have been scanned

Scan process 'msdtc.exe' - '40' Module(s) have been scanned

Scan process 'dllhost.exe' - '61' Module(s) have been scanned

Scan process 'BbDevMgr.exe' - '26' Module(s) have been scanned

Scan process 'ctfmon.exe' - '25' Module(s) have been scanned

Scan process 'RIMDeviceManager.exe' - '36' Module(s) have been scanned

Scan process 'avgnt.exe' - '72' Module(s) have been scanned

Scan process 'msseces.exe' - '45' Module(s) have been scanned

Scan process 'realsched.exe' - '27' Module(s) have been scanned

Scan process 'issch.exe' - '12' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '33' Module(s) have been scanned

Scan process 'avshadow.exe' - '25' Module(s) have been scanned

Scan process 'WMPNetwk.exe' - '54' Module(s) have been scanned

Scan process 'Wacom_Tablet.exe' - '36' Module(s) have been scanned

Scan process 'Wacom_TabletUser.exe' - '18' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned

Scan process 'VideoAcceleratorService.exe' - '47' Module(s) have been scanned

Scan process 'UTSCSI.EXE' - '7' Module(s) have been scanned

Scan process 'Wacom_Tablet.exe' - '24' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'spnsrvnt.exe' - '30' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '43' Module(s) have been scanned

Scan process 'sntlkeyssrvr.exe' - '31' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'crypserv.exe' - '14' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '48' Module(s) have been scanned

Scan process 'avguard.exe' - '65' Module(s) have been scanned

Scan process 'sched.exe' - '38' Module(s) have been scanned

Scan process 'spoolsv.exe' - '54' Module(s) have been scanned

Scan process 'svchost.exe' - '51' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '157' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '43' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'svchost.exe' - '55' Module(s) have been scanned

Scan process 'lsass.exe' - '62' Module(s) have been scanned

Scan process 'services.exe' - '27' Module(s) have been scanned

Scan process 'winlogon.exe' - '95' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\J722RA22\server[1].htm'

Search path C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\J722RA22\server[1].htm could not be opened!

System error [2]: The system cannot find the file specified.

Begin scan in 'C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm'

C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm

[DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus

Beginning disinfection:

C:\Documents and Settings\cray\Local Settings\Temporary Internet Files\Content.IE5\V5R9C09O\server[1].htm

[DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus

[NOTE] The file was moved to the quarantine directory under the name '5748105e.qua'!

End of the scan: Wednesday, November 14, 2012 07:07

Used time: 03:30 Minute(s)

The scan has been done completely.

0 Scanned directories

491 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 Files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

490 Files not concerned

1 Archives were scanned

0 Warnings

1 Notes

69543 Objects were scanned with rootkit scan

0 Hidden objects were found

The scan results will be transferred to the Guard.

November 14, 2012

DK I am on a DNS- the 13 other computers on the network have no securty error messages and the security check program doesn't find any errors. I looked at the article regarding the 1053 USERENV event and it doesn't offer any corrections to the problem. I am getting an virus detection when I open my browser from AVIRA finding this- HTML/rce.gen3. Never had it before. All full scans are clear. What happens next?

November 13, 2012

DK -I finally finished with the SP3 upload and all windows updates that were needed. The Security Center is still not running I went into the application logs after the SP3 down load and this seems to be the information message for the security center.

"The Security Center service has been stopped. It was prevented from running by a software group policy."

There is also an error message saying"

Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

I do not know if this will help ...

November 12, 2012

DK Still no start.... Is this problem with the Security Center something that happens often?

November 12, 2012

DK I navigated

Navigate through Local Computer Policy>Computer Configuration>Administrative Templates>Windows Components>Security Center.

There is no listed folder "Security Center" within the "Windows Components" . FYI only forders listed in Windows Components : Event Forwarding; Search; Windows Remote Management ( WinRM) sub folders WinRM Client + WinRM Service; Windows remote shell; Windows Media Player: last one is Windows Update

Shall do the Gpudate /force any way?

November 11, 2012

DK Not clear on your request. I'll give it a go. When I open up the security center to set to auto there are several tabs in the window . Dependencies has the following: Remote proceedure call (no sub directory listed); Windows Management Instumentation w/ sub directory of Remote Proceedure Call (RPC).

Paths C:\WINDOWS\System32\svchost.exe -k netsvcs... is the path for Securtiy center and Windows Management Instrumentation; The path listed for RPC is

C:\WINDOWS\system32\svchost.exe -k rpcss

When trying to auto start the Securty Center error message is " The Security center service on local computer started and then stopped. Some services stop automatically if they have no work to do, for example the Performance logs and Alerts sevice."

The performance logs is set to auto but does not start path is C:\WINDOWS\system32\smlogsvc.exe

The alerter service is started and set to auto- path C:\WINDOWS\system32\svchost.exe -k LocalService.

Hopefully this is what you needed.

November 11, 2012

DK - No Go on the Security Center...

November 11, 2012

DK -- Another one for you ..

Farbar Service Scanner Version: 09-11-2012

Ran by cray (administrator) on 10-11-2012 at 16:52:46

Running from "C:\Documents and Settings\cray\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)

0x080000000400000001000000020000000300000008000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

November 10, 2012

DK Still is not up and it did not ask me for the install disc either .. I ran another Tweeking window repair an pasted the log - Just trying to help. BTW thank you for your valuble help so far....

Starting Repairs...

Start (11/10/2012 3:12:50 PM)

Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (11/10/2012 3:12:50 PM)

Done (11/10/2012 3:13:14 PM)

Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (11/10/2012 3:13:14 PM)

Done (11/10/2012 3:14:50 PM)

Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (11/10/2012 3:14:50 PM)

Done (11/10/2012 3:15:37 PM)

Reset File Permissions 01/30

C:\Autodesk & Sub Folders

Start (11/10/2012 3:15:37 PM)

Done (11/10/2012 3:16:49 PM)

Reset File Permissions 02/30

C:\bid clerk & Sub Folders

Start (11/10/2012 3:16:49 PM)

Done (11/10/2012 3:16:52 PM)

Reset File Permissions 03/30

C:\BidView & Sub Folders

Start (11/10/2012 3:16:52 PM)

Done (11/10/2012 3:17:02 PM)

Reset File Permissions 04/30

C:\cmdcons & Sub Folders

Start (11/10/2012 3:17:02 PM)

Done (11/10/2012 3:17:07 PM)

Reset File Permissions 05/30

C:\ComboFix & Sub Folders

Start (11/10/2012 3:17:07 PM)

Done (11/10/2012 3:17:09 PM)

Reset File Permissions 06/30

C:\Compaq & Sub Folders

Start (11/10/2012 3:17:09 PM)

Done (11/10/2012 3:17:16 PM)

Reset File Permissions 07/30

C:\COpy Plans & Sub Folders

Start (11/10/2012 3:17:16 PM)

Done (11/10/2012 3:17:18 PM)

Reset File Permissions 08/30

C:\Digital Takeoff Table Installer & Sub Folders

Start (11/10/2012 3:17:18 PM)

Done (11/10/2012 3:17:25 PM)

Reset File Permissions 09/30

C:\divx & Sub Folders

Start (11/10/2012 3:17:25 PM)

Done (11/10/2012 3:17:27 PM)

Reset File Permissions 10/30

C:\downloads & Sub Folders

Start (11/10/2012 3:17:27 PM)

Done (11/10/2012 3:17:29 PM)

Reset File Permissions 11/30

C:\Firefox & Sub Folders

Start (11/10/2012 3:17:29 PM)

Done (11/10/2012 3:17:32 PM)

Reset File Permissions 12/30

C:\Heritage Plaza Pict renovation & Sub Folders

Start (11/10/2012 3:17:32 PM)

Done (11/10/2012 3:17:34 PM)

Reset File Permissions 13/30

C:\i386 & Sub Folders

Start (11/10/2012 3:17:34 PM)

Done (11/10/2012 3:17:59 PM)

Reset File Permissions 14/30

C:\isqft dl & Sub Folders

Start (11/10/2012 3:17:59 PM)

Done (11/10/2012 3:18:01 PM)

Reset File Permissions 15/30

C:\MSOCache & Sub Folders

Start (11/10/2012 3:18:01 PM)

Done (11/10/2012 3:18:06 PM)

Reset File Permissions 16/30

C:\Oceana PDF Archs LS & Sub Folders

Start (11/10/2012 3:18:06 PM)

Done (11/10/2012 3:18:08 PM)

Reset File Permissions 17/30

C:\OCS Documents & Sub Folders

Start (11/10/2012 3:18:08 PM)

Done (11/10/2012 3:18:59 PM)

Reset File Permissions 18/30

C:\oncenter & Sub Folders

Start (11/10/2012 3:18:59 PM)

Done (11/10/2012 3:19:01 PM)

Reset File Permissions 19/30

C:\Program Files & Sub Folders

Start (11/10/2012 3:19:01 PM)

Done (11/10/2012 3:21:26 PM)

Reset File Permissions 20/30

C:\SNAP & Sub Folders

Start (11/10/2012 3:21:26 PM)

Done (11/10/2012 3:21:28 PM)

Reset File Permissions 21/30

C:\Sub Hub DL & Sub Folders

Start (11/10/2012 3:21:28 PM)

Done (11/10/2012 3:21:33 PM)

Reset File Permissions 22/30

C:\SYSTEM.SAV & Sub Folders

Start (11/10/2012 3:21:33 PM)

Done (11/10/2012 3:21:35 PM)

Reset File Permissions 23/30

C:\TDSSKiller_Quarantine & Sub Folders

Start (11/10/2012 3:21:35 PM)

Done (11/10/2012 3:21:38 PM)

Reset File Permissions 24/30

C:\temp & Sub Folders

Start (11/10/2012 3:21:38 PM)

Done (11/10/2012 3:21:40 PM)

Reset File Permissions 25/30

C:\Tweaking.com_Windows_Repair_Logs & Sub Folders

Start (11/10/2012 3:21:40 PM)

Done (11/10/2012 3:21:42 PM)

Reset File Permissions 26/30

C:\WINDOWS & Sub Folders

Start (11/10/2012 3:21:42 PM)

Done (11/10/2012 3:27:57 PM)

Reset File Permissions 27/30

C:\WTablet & Sub Folders

Start (11/10/2012 3:27:57 PM)

Done (11/10/2012 3:28:00 PM)

Reset File Permissions 28/30

C:\Zipped & Sub Folders

Start (11/10/2012 3:28:00 PM)

Done (11/10/2012 3:28:02 PM)

Reset File Permissions 29/30

C:\__0X00F9 & Sub Folders

Start (11/10/2012 3:28:02 PM)

Done (11/10/2012 3:28:09 PM)

Reset File Permissions 30/30

C:\__0X00FC & Sub Folders

Start (11/10/2012 3:28:09 PM)

Done (11/10/2012 3:28:11 PM)

Register System Files

Start (11/10/2012 3:28:11 PM)

Done (11/10/2012 3:29:50 PM)

Repair WMI

Start (11/10/2012 3:29:50 PM)

Step 01/03 - Deleting WMI Repository...

The system cannot find the path specified.

Step 02/03 - Rebuilding WMI Repository...

Step 03/03 - Registering WMI...

Invalid Global Switch.

Done (11/10/2012 3:31:57 PM)

Repair Windows Firewall

Start (11/10/2012 3:31:57 PM)

System error 1060 has occurred.

The specified service does not exist as an installed service.

The Windows Firewall/Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

System error 1060 has occurred.

The specified service does not exist as an installed service.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Done (11/10/2012 3:32:02 PM)

Repair Internet Explorer

Start (11/10/2012 3:32:02 PM)

Done (11/10/2012 3:33:06 PM)

Remove Policies Set By Infections

Start (11/10/2012 3:33:06 PM)

Done (11/10/2012 3:33:08 PM)

Repair Winsock & DNS Cache

Start (11/10/2012 3:33:08 PM)

Done (11/10/2012 3:33:17 PM)

Repair Proxy Settings

Start (11/10/2012 3:33:17 PM)

Done (11/10/2012 3:33:19 PM)

Repair Windows Updates

Start (11/10/2012 3:33:19 PM)

The BITS service is not started.

More help is available by typing NET HELPMSG 3521.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The process cannot access the file because it is being used by another process.

C:\WINDOWS\system32\catroot2\edb.log - The process cannot access the file because it is being used by another process.

C:\WINDOWS\system32\catroot2\edbtmp.log - The process cannot access the file because it is being used by another process.

C:\WINDOWS\system32\catroot2\tmp.edb - The process cannot access the file because it is being used by another process.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

'bitsadmin.exe' is not recognized as an internal or external command,

operable program or batch file.

Done (11/10/2012 3:34:16 PM)

Set Windows Services To Default Startup

Start (11/10/2012 3:34:16 PM)

Done (11/10/2012 3:34:30 PM)

Repair MSI (Windows Installer)

Start (11/10/2012 3:34:30 PM)

The Windows Installer service is not started.

More help is available by typing NET HELPMSG 3521.

Done (11/10/2012 3:34:36 PM)

Cleaning up empty logs...

All Selected Repairs Done.

Done (11/10/2012 3:34:36 PM)

Total Repair Time: 00:22:14

...YOU MUST RESTART YOUR SYSTEM...

November 10, 2012

DK -Security Center still will not start. I took the liberty of pasting a report from Spybot on a scan completed 11-1 where it found and repaired a file. This file can be recovered - Maybe this info will help.. I am also posting the results of the latest Security Check. Inoticed during the Security Check scan that it is trying to locate a file "HKLMRUN.TXT" and is unable to find it...

Spy bot

--- Report generated: 2012-11-01 16:46 ---

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [sBI $3604910C] Settings (Registry change, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2012-11-01 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-11-04 advcheck.dll (1.6.5.20)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2012-10-31 Includes\Adware.sbi (*)

2012-10-30 Includes\AdwareC.sbi (*)

2010-08-12 Includes\Cookies.sbi (*)

2010-12-14 Includes\Dialer.sbi (*)

2012-09-26 Includes\DialerC.sbi (*)

2012-01-31 Includes\HeavyDuty.sbi (*)

2012-10-15 Includes\Hijackers.sbi (*)

2012-09-25 Includes\HijackersC.sbi (*)

2010-09-15 Includes\iPhone.sbi (*)

2012-03-13 Includes\Keyloggers.sbi (*)

2012-03-13 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2012-08-28 Includes\Malware.sbi (*)

2012-10-30 Includes\MalwareC.sbi (*)

2012-10-24 Includes\PUPS.sbi (*)

2012-10-30 Includes\PUPSC.sbi (*)

2010-01-25 Includes\Revision.sbi (*)

2012-06-18 Includes\Security.sbi (*)

2011-12-13 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2012-09-04 Includes\Spyware.sbi (*)

2012-09-03 Includes\SpywareC.sbi (*)

2010-03-08 Includes\Tracks.uti

2011-09-28 Includes\Trojans.sbi (*)

2012-10-31 Includes\TrojansC-02.sbi (*)

2012-10-30 Includes\TrojansC-03.sbi (*)

2012-10-24 Includes\TrojansC-04.sbi (*)

2012-08-30 Includes\TrojansC-05.sbi (*)

2012-10-31 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 7%

````````````````````End of Log``````````````````````

November 10, 2012

OK Here you go.

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Windows Defender MSMpEng.exe

Windows Defender MSASCui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Windows Defender MSASCui.exe

Windows Defender MsMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 7%

````````````````````End of Log``````````````````````

November 10, 2012

DK The new log from Security Check

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 8%

````````````````````End of Log``````````````````````

November 9, 2012

DK Here is the log

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 8%

````````````````````End of Log``````````````````````

Events

Profiles

Forums

Posts posted by shep711

Important Information