Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIndows Firewall Error: 1068


  • Please log in to reply
24 replies to this topic

#1 davidkoleda

davidkoleda

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 05 January 2013 - 07:37 AM

Hi, I run Xp SP2 32bit;
on 12/27/12 i was victim of a virus, removed succesfully. Anyway still remains a problem, Windows firewall won't start up, Windows says that the problem is that Windows Firewall service / ICS is not running, if i try to run it form services.msc receive error message 1068: unable to start service.
I also tried the procedure advised here: http://support.microsoft.com/kb/920074/en-us. But none of these two procedure worked.
BFE service just doesn't appear in the list.
I run FSS diagnostic tool, as advised here: http://www.smartestcomputing.us.com/topic/49542-cant-start-windows-firewall%3B-windows-firewall-service-missing-fix/
and i post here the log: http://wikisend.com/download/605764/FSS.txt .

Thanks.

Edited by hamluis, 05 January 2013 - 10:41 AM.
Moved from XP to Am I infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:32 AM

Posted 05 January 2013 - 04:02 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 davidkoleda

davidkoleda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 06 January 2013 - 10:19 AM

Here, all the logs:

Security check: http://wikisend.com/download/275100/checkup.txt

Running Security Check Windows shown an error: Line -1 Error: Variable must be of type "Object". But then it run normally.

FSS: http://wikisend.com/download/183694/FSS.txt

MiniToolbox: http://wikisend.com/download/486290/Result.txt

Malwarebytes: http://wikisend.com/download/441250/mbam-log-2013-01-06 (15-01-18).txt

aswMBR: http://wikisend.com/download/247782/aswMBR.txt

Edited by davidkoleda, 06 January 2013 - 10:20 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:32 AM

Posted 06 January 2013 - 02:24 PM

I need all logs to be pasted into your reply not linked to somewhere else.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 davidkoleda

davidkoleda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 06 January 2013 - 04:34 PM

I need all logs to be pasted into your reply not linked to somewhere else.


Ok,is just that every forum as its own rules.


SECURITY CHECK:


Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versione 1.70.0.1100
TuneUp Utilities Language Pack (en-US)
CCleaner
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Mozilla Firefox (17.0.1)
Google Chrome 14.0.835.163
Google Chrome 14.0.835.186
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

FSS:

Farbar Service Scanner Version: 05-01-2013
Ran by Administrator (administrator) on 06-01-2013 at 14:08:21
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt: "C:\DOCUME~1\ADMINI~1\wgsdgsdgdsgsd.dll".


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt: "C:\DOCUME~1\ADMINI~1\wgsdgsdgdsgsd.dll".


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-19 23:39] - [2005-03-12 02:05] - 0111104 ____A (Microsoft Corporation) 70D2ECFB8A547EF053E3751F62E08300

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0045568 ____A (Microsoft Corporation) 1A4CCB390093D1A6F0EEC063F44AFF31

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0332288 ____A (Microsoft Corporation) 1DA364FA673E18BC1DE8F5CDF3657DBD

C:\WINDOWS\system32\netman.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0198144 ____A (Microsoft Corporation) 4AD6F202266A25BC0CC1DCE2A3D91563

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0145408 ____A (Microsoft Corporation) A91ACDD987DC3E0E1FCEDDA6F1FFEF2A

C:\WINDOWS\system32\srsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0171008 ____A (Microsoft Corporation) BA4E8AC9A60C4527C969D08F3ABE9D36

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-19 23:34] - [2004-08-19 23:34] - 0073472 ____A (Microsoft Corporation) 896F566AFC498077172EAE8A50E8BAF8

C:\WINDOWS\system32\wscsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0081408 ____A (Microsoft Corporation) 17F70F4E37452A30C35565052AB68BE9

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0145408 ____A (Microsoft Corporation) A91ACDD987DC3E0E1FCEDDA6F1FFEF2A

C:\WINDOWS\system32\wuauserv.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0006656 ____A (Microsoft Corporation) 4CBB7CC975E5B67022A7F95DFC6EF9EC

C:\WINDOWS\system32\qmgr.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0382464 ____A (Microsoft Corporation) 04E8321935AD5643FF59901F3EF5F4F3

C:\WINDOWS\system32\es.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0243200 ____A (Microsoft Corporation) 16A4DE76313DD3ABF7635565BAAF1512

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0060416 ____A (Microsoft Corporation) E0CC838265401128097D182FB583889A

C:\WINDOWS\system32\svchost.exe
[2004-08-19 23:39] - [2004-08-19 23:39] - 0014336 ____A (Microsoft Corporation) 73955B04F209D8A1C633867841267A96

C:\WINDOWS\system32\rpcss.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0395776 ____A (Microsoft Corporation) 0C015AB735A4624C44CB5696E9208C4C

C:\WINDOWS\system32\services.exe
[2004-08-19 23:39] - [2004-08-19 23:39] - 0108544 ____A (Microsoft Corporation) E77F6FA2A15390F1727F4C1C55B69DA6


Extra List:
=======
cmdHlp(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000C0000000B0000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****


MINITOOLBOX:

MiniToolBox by Farbar Version: 25-11-2012
Ran by Administrator (administrator) on 06-01-2013 at 14:21:02
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================


ATTENZIONE: Impossibile ottenere informazioni dell'host dal sistema: [MISTER]. Alcuni comandi potrebbero non essere disponibili.
Esecuzione del server non riuscito.



# ----------------------------------
# Configurazione IP interfaccia
# ----------------------------------
pushd interface ip


# Configurazione IP interfaccia per "Connessione alla rete locale (LAN)"

set address name="Connessione alla rete locale (LAN)" source=dhcp
set dns name="Connessione alla rete locale (LAN)" source=dhcp register=PRIMARY
set wins name="Connessione alla rete locale (LAN)" source=dhcp

# Configurazione IP interfaccia per "PdaNet Broadband Connection"

set address name="PdaNet Broadband Connection" source=dhcp
set dns name="PdaNet Broadband Connection" source=dhcp register=PRIMARY
set wins name="PdaNet Broadband Connection" source=dhcp

# Configurazione IP interfaccia per "Connessione alla rete locale (LAN) 9"

set address name="Connessione alla rete locale (LAN) 9" source=dhcp
set dns name="Connessione alla rete locale (LAN) 9" source=dhcp register=PRIMARY
set wins name="Connessione alla rete locale (LAN) 9" source=dhcp


popd
# Termine della configurazione IP interfaccia




Configurazione IP di Windows



Nome host . . . . . . . . . . . . . . : Mister

Suffisso DNS primario . . . . . . . :

Tipo nodo . . . . . . . . . : Sconosciuto

Routing IP abilitato. . . . . . . . . : No

Proxy WINS abilitato . . . . . . . . : No

Elenco di ricerca suffissi DNS. . . . : WL-363



Scheda Ethernet Connessione alla rete locale (LAN):



Suffisso DNS specifico per connessione: WL-363

Descrizione . . . . . . . . . . . . . : Intel® 82566DM Gigabit Network Connection

Indirizzo fisico. . . . . . . . . . . : 00-0F-FE-62-2E-46

DHCP abilitato. . . . . . . . . . . . : Sì

Configurazione automatica abilitata : Sì

Indirizzo IP. . . . . . . . . . . . . : 192.168.0.102

Subnet mask . . . . . . . . . . . . . : 255.255.255.0

Gateway predefinito . . . . . . . . . : 192.168.0.1

Server DHCP . . . . . . . . . . . . . : 192.168.0.1

Server DNS . . . . . . . . . . . . . : 85.37.17.10

85.38.28.86

Lease ottenuto. . . . . . . . . . . . : domenica 6 gennaio 2013 13.55.06

Scadenza lease . . . . . . . . . . . : mercoledì 4 gennaio 2023 13.55.06



Scheda Ethernet PdaNet Broadband Connection:



Stato supporto . . . . . . . . . . . : Supporto disconnesso

Descrizione . . . . . . . . . . . . . : PdaNet Broadband Adapter

Indirizzo fisico. . . . . . . . . . . : 00-26-37-BD-39-42



Scheda Ethernet Connessione alla rete locale (LAN) 9:



Stato supporto . . . . . . . . . . . : Supporto disconnesso

Descrizione . . . . . . . . . . . . . : TAP-Win32 Adapter V9

Indirizzo fisico. . . . . . . . . . . : 00-FF-10-8C-37-84

Server: nsp-mo1.interbusiness.it
Address: 85.37.17.10

Nome: google.com.WL-363
Address: 212.48.8.140



Esecuzione di Ping google.com [173.194.35.1] con 32 byte di dati:



Risposta da 173.194.35.1: byte=32 durata=28ms TTL=54

Risposta da 173.194.35.1: byte=32 durata=26ms TTL=54



Statistiche Ping per 173.194.35.1:

Pacchetti: Trasmessi = 2, Ricevuti = 2, Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 26ms, Massimo = 28ms, Medio = 27ms

Server: nsp-mo1.interbusiness.it
Address: 85.37.17.10

Nome: yahoo.com.WL-363
Address: 212.48.8.140



Esecuzione di Ping yahoo.com [98.139.183.24] con 32 byte di dati:



Risposta da 98.139.183.24: byte=32 durata=176ms TTL=50

Risposta da 98.139.183.24: byte=32 durata=168ms TTL=50



Statistiche Ping per 98.139.183.24:

Pacchetti: Trasmessi = 2, Ricevuti = 2, Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 168ms, Massimo = 176ms, Medio = 172ms



Esecuzione di Ping 127.0.0.1 con 32 byte di dati:



Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128



Statistiche Ping per 127.0.0.1:

Pacchetti: Trasmessi = 2, Ricevuti = 2, Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 0ms, Massimo = 0ms, Medio = 0ms

===========================================================================
Elenco interfacce
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f fe 62 2e 46 ...... Intel® 82566DM Gigabit Network Connection - Miniport dell'Utilità di pianificazione pacchetti
0x3 ...00 26 37 bd 39 42 ...... PdaNet Broadband Adapter - Miniport dell'Utilità di pianificazione pacchetti
0x4 ...00 ff 10 8c 37 84 ...... TAP-Win32 Adapter V9 - Miniport dell'Utilità di pianificazione pacchetti
===========================================================================
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfac. Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.102 192.168.0.102 20
192.168.0.0 255.255.255.0 192.168.0.102 192.168.0.102 20
192.168.0.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.102 192.168.0.102 20
224.0.0.0 240.0.0.0 192.168.0.102 192.168.0.102 20
255.255.255.255 255.255.255.255 192.168.0.102 4 1
255.255.255.255 255.255.255.255 192.168.0.102 192.168.0.102 1
255.255.255.255 255.255.255.255 192.168.0.102 3 1
Gateway predefinito: 192.168.0.1
===========================================================================
Route permanenti:
Nessuno
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [247296] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [247296] (Microsoft Corporation)
Catalog5 04 C:\Programmi\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/03/2013 05:02:50 PM) (Source: Application Error) (User: )
Description: Applicazione che ha provocato l'errore softwareupdate.exe, versione 2.1.3.127, modulo che ha provocato l'errore urlmon.dll, versione 8.0.6001.18702, indirizzo errore 0x00039c84.
Elaborazione evento specifico al supporto per [softwareupdate.exe!ws!] in corso

Error: (01/02/2013 00:45:44 PM) (Source: Application Error) (User: )
Description: Applicazione che ha provocato l'errore bioshock.exe, versione 1.0.0.0, modulo che ha provocato l'errore bioshock.exe, versione 1.0.0.0, indirizzo errore 0x001cee4d.
Elaborazione evento specifico al supporto per [bioshock.exe!ws!] in corso

Error: (12/31/2012 02:26:55 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 eraser.exe, P2 6.0.9.2620, P3 4fbad9e6, P4 mscorlib, P5 2.0.0.0, P6 4889dc80, P7 219d, P8 0, P9 clr20r30, P10 clr20r31.

Error: (12/31/2012 02:14:03 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 eraser.exe, P2 6.0.9.2620, P3 4fbad9e6, P4 mscorlib, P5 2.0.0.0, P6 4889dc80, P7 219d, P8 0, P9 clr20r30, P10 clr20r31.

Error: (12/31/2012 02:13:26 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 eraser.exe, P2 6.0.9.2620, P3 4fbad9e6, P4 mscorlib, P5 2.0.0.0, P6 4889dc80, P7 219d, P8 0, P9 clr20r30, P10 clr20r31.

Error: (12/31/2012 02:13:10 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 eraser.exe, P2 6.0.9.2620, P3 4fbad9e6, P4 mscorlib, P5 2.0.0.0, P6 4889dc80, P7 219d, P8 0, P9 clr20r30, P10 clr20r31.

Error: (12/31/2012 02:03:11 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 eraser.exe, P2 6.0.9.2620, P3 4fbad9e6, P4 mscorlib, P5 2.0.0.0, P6 4889dc80, P7 219d, P8 0, P9 clr20r30, P10 clr20r31.

Error: (12/30/2012 05:07:00 PM) (Source: Application Hang) (User: )
Description: Applicazione in stallo CoDWaW LanFixed.exe, versione 1.7.0.0, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error: (12/26/2012 06:26:31 PM) (Source: Application Hang) (User: )
Description: Applicazione in stallo iTunes.exe, versione 11.0.1.12, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error: (12/26/2012 06:26:02 PM) (Source: Application Hang) (User: )
Description: Applicazione in stallo iTunes.exe, versione 11.0.1.12, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.


System errors:
=============
Error: (01/06/2013 02:23:22 PM) (Source: DCOM) (User: MISTER)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:22:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:22:22 PM) (Source: DCOM) (User: MISTER)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:21:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:20:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:19:52 PM) (Source: DCOM) (User: MISTER)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:19:22 PM) (Source: DCOM) (User: MISTER)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:18:51 PM) (Source: DCOM) (User: MISTER)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:18:19 PM) (Source: DCOM) (User: MISTER)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (01/06/2013 02:17:44 PM) (Source: DCOM) (User: MISTER)
Description: Il server {8BC3F05E-D86B-11D0-A075-00C04FB68820} non si è registrato con DCOM entro il tempo d'attesa richiesto.


Microsoft Office Sessions:
=========================
Error: (07/26/2012 05:54:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 6562 seconds with 2640 seconds of active time. This session ended with a crash.

Error: (06/12/2011 03:55:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 3636 seconds with 3480 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Soluzione Light Versione 1.5
7-Zip 9.20
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advertising Center (Version: 0.0.0.1)
Aggiornamento della protezione per Windows XP (KB896358) (Version: 1)
Aggiornamento per Windows XP (KB911164) (Version: 1)
Aggiornamento per Windows XP (KB931836) (Version: 1)
Aggiornamento rapido per Windows XP - KB815304 (Version: 20050114.083524)
Aggiornamento rapido per Windows XP - KB885222 (Version: 2)
Aggiornamento rapido per Windows XP - KB886199 (Version: 20041006.113435)
Aggiornamento rapido per Windows XP - KB889673 (Version: 20041116.085848)
Aggiornamento rapido per Windows XP - KB895246 (Version: 1)
Aggiornamento rapido per Windows XP (KB909095) (Version: 1)
Aggiornamento rapido per Windows XP (KB923232) (Version: 3)
AiO_Scan_CDA (Version: 71.0.215.000)
AiOSoftwareNPI (Version: 71.0.215.000)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.9.1.0)
Assistente per l'accesso a Windows Live (Version: 5.000.818.5)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.719)
Baldur's Gate™ II - Shadows of Amn™
BioShock (Version: 2.5.0000)
Bonjour (Version: 3.0.0.10)
BSR Screen Recorder 6
BufferChm (Version: 70.0.170.000)
Bullzip PDF Printer 7.2.0.1319 (Version: 7.2.0.1319)
C3100 (Version: 71.0.215.000)
c3100_Help (Version: 71.0.215.000)
Call of Duty Modern Warfare 2
Call of Duty® - World at War™ (Version: 1.0)
Call of Duty® - World at War™ (Version: 1.7)
Call of Duty® - World at War™ 1.1 Patch
Call of Duty® - World at War™ 1.1 Patch (Version: 1.1)
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.2 Patch (Version: 1.2)
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.4 Patch (Version: 1.4)
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.5 Patch (Version: 1.5)
Call of Duty® - World at War™ 1.6 Patch
Call of Duty® - World at War™ 1.6 Patch (Version: 1.6)
Call of Duty® - World at War™ 1.7 Patch
Call of Duty® - World at War™ 1.7 Patch (Version: 1.7)
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Patch (Version: 1.5)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (Version: 1.6)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version: 1.7)
CamStudio Lossless Codec
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
CCleaner (Version: 3.26)
CleanMem (Version: v2.3.1)
COMODO Internet Security (Version: 5.5.64714.1383)
Connect (Version: 1.0.0.1)
Corel Applications
CustomerResearchQFolder (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.45.4.0315)
Daum PotPlayer 1.5.30857
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp Dalet Codec (Version: Release 4)
dBpoweramp DSP Effects (Version: Release 7)
dBpoweramp FLAC Codec (Version: Release 14 (FLAC 1.2.1))
dBpoweramp m4a Codec (Version: Release 14 r2)
dBpoweramp Monkeys Audio Codec
dBPowerAMP Mp2 and BwfMp2 codec (Version: Release 6)
dBpoweramp mp3 (Fraunhofer IIS) Codec (Version: Release 2a (v4.0.3))
dBpoweramp Music Converter (Version: Release 13.3)
dBpoweramp Ogg Vorbis Codec (Version: Release 19 (Vorbis v1.2.0))
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DNA (Version: 2.2.4 (16502))
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DolbyFiles (Version: 2.0)
Dragon Age: Origins (Version: 1.03)
Dropbox (Version: 1.6.10)
eMule
Eraser 6.0.9.2343 (Version: 6.0.2343)
ERUNT 1.1j
eSupportQFolder (Version: 1.00.0000)
Favorit
Fax_CDA (Version: 71.0.215.000)
FileHippo.com Update Checker
FileMaker Pro 7 (Version: 7.0.1.0)
Flight Simulator X Service Pack 1
Foxit Reader (Version: 5.4.3.920)
FTL version 1.01 (Version: 1.01)
Galaxy Nexus ToolKit (Version: 7.5.0.0)
Google Chrome (Version: 23.0.1271.97)
Google Update Helper (Version: 1.3.21.123)
High Definition Audio - KB888111 (Version: 20040219.000000)
HP Backup and Recovery Manager (Version: 2.3i)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Essential (Version: 1.9.1.3)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update (Version: 3.0.7.014)
HP Solution Center 7.0 (Version: 7.0)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
ImagXpress (Version: 7.0.74.0)
ImgBurn (Version: 2.5.6.0)
Infognition ScreenPressor v2.1 (Remove Only)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Management Engine Interface
Intel® PRO Network Connections (Version: )
iTunes (Version: 11.0.1.12)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 14.0.8089.726)
KC Softwares SUMo
KeyScrambler (Version: 2.9.3.0)
kuler (Version: 2.0)
LightScribe System Software (Version: 1.18.8.1)
Logitech Gaming Software (Version: 4.40)
Malwarebytes Anti-Malware versione 1.70.0.1100 (Version: 1.70.0.1100)
MarketResearch (Version: 70.0.170.000)
Menu Templates - Starter Kit (Version: 9.4.2.0)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Italian Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Golf 3.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Groove MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office InfoPath MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft Software Update for Web Folders (Italian) 12 (Version: 12.0.4518.1018)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WinUsb 1.0
Microsoft WinUsb 2.0
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
MobileMe Control Panel (Version: 3.1.8.0)
MotioninJoy ds3 driver version 0.6.0001 (Version: 0.6.00001)
Movie Templates - Starter Kit (Version: 9.4.2.0)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSU Screen Capture Lossless Codec v1.2 (Remove Only)
Music Manager
Need for Speed SHIFT (Version: 1.0.0.0)
Nero BurnRights (Version: 3.4.10.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.8.100)
Nero DiscSpeed (Version: 5.4.10.100)
Nero DriveSpeed (Version: 4.4.10.100)
Nero InfoTool (Version: 6.4.10.100)
Nero Installer (Version: 4.4.8.1)
Nero Live (Version: 1.4.40.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero PhotoSnap (Version: 1.53.2.0)
Nero Recode (Version: 4.4.22.0)
Nero Rescue Agent (Version: 2.4.11.100)
Nero ShowTime (Version: 5.4.13.100)
Nero StartSmart (Version: 9.4.11.100)
Nero Vision (Version: 6.4.9.100)
Nero WaveEditor (Version: 5.4.23.0)
NeroBurningROM (Version: 9.2.5.100)
NeroExpress (Version: 9.4.13.100)
NeroLiveGadget (Version: 1.2.7.100)
neroxml (Version: 1.0.0)
NewCopy_CDA (Version: 71.0.215.000)
NVIDIA Driver grafico 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA PhysX (Version: 9.09.0814)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
Pacchetto di compatibilità per Office System 2007 (Version: 12.0.6514.5001)
Pacchetto driver Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Package: Galaxy Nexus ToolKit [JellyBean Edition] (Version: 1.0.0.0)
Pannello di controllo NVIDIA 301.42 (Version: 301.42)
PanoStandAlone (Version: 70.0.170.000)
Parser MSXML 4.0 SP2 e SDK (Version: 4.20.9818.0)
PdaNet for Android 3.50
PDF Settings CS4 (Version: 9.0)
PeerGuardian 2.0 (Version: 2.0.6.5)
Photoshop Camera Raw (Version: 5.0)
ProductContextNPI (Version: 71.0.215.000)
Prototype™ (Version: 1.0)
PunkBuster Services (Version: 0.988)
qBittorrent 3.0.0
QuickTime (Version: 7.72.80.56)
Raccolta foto di Windows Live (Version: 14.0.8081.709)
Readme (Version: 71.0.215.000)
Realtek High Definition Audio Driver (Version: 5.10.0.5275)
Recuva (Version: 1.41)
S.W.A.T. 4
SafeHouse Explorer 3.01 (Version: 3.01.00.1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
San Andreas Mod Installer (Version: 1.1)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SDMSSplash (Version: 1.0.0)
SecurityKISS Tunnel v0.3.0
SixaxisPairTool 0.2.3 (Version: 0.2.3)
Skype Click to Call (Version: 6.5.11422)
Skype™ 6.0 (Version: 6.0.126)
SolutionCenter (Version: 70.0.170.000)
SoundTrax (Version: 4.4.23.0)
SpaceChem
Status (Version: 70.0.170.000)
Steam (Version: 1.0.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
Supporto applicazioni Apple (Version: 2.3.2)
swMSM (Version: 12.0.0.1)
Tales of Pirates Online (Version: 2.00)
TeraCopy 2.2
The Godfather™ II (Version: 1.0.764.0)
The Sims 2 Family Fun Stuff
The Sims 2 University
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 Glamour Life Stuff
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Live with Friends
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Tom Clancy's H.A.W.X (Version: 1.02.00000)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
TuneUp Utilities Language Pack (en-US) (Version: 9.0.2000.16)
TVersity Codec Pack 1.7 (Version: 1.7)
TVersity Media Server 1.9.7 (Version: 1.9.7)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unload (Version: 7.0.0)
WanMiniport1st
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Worms Reloaded
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Yacc 0.4.0.3 (Version: 0.4.0.3)

========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 2039.23 MB
Available physical RAM: 1514.95 MB
Total Pagefile: 3930.87 MB
Available Pagefile: 3133.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.8 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:222.87 GB) (Free:78.15 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:10 GB) (Free:8.21 GB) NTFS
4 Drive f: (Volume) (Fixed) (Total:1863.01 GB) (Free:1297.36 GB) NTFS

========================= Users: ========================================

Account utente per \\MISTER

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0
Esecuzione comando riuscita.


**** End of log ****


MALWAREBYTES:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versione database: v2013.01.06.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MISTER [amministratore]

06/01/2013 15.01.18
mbam-log-2013-01-06 (15-01-18).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 238907
Tempo impiegato: 7 minuti, 17 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)


aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-06 15:30:30
-----------------------------
15:30:30.468 OS Version: Windows 5.1.2600 Service Pack 2
15:30:30.468 Number of processors: 2 586 0x605
15:30:30.500 ComputerName: MISTER UserName:
15:30:33.625 Initialize success
15:32:00.343 AVAST engine defs: 13010600
15:32:19.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:32:19.421 Disk 0 Vendor: ST3250820AS 3.CHL Size: 238475MB BusType: 3
15:32:19.421 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
15:32:19.437 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
15:32:19.453 Disk 0 MBR read successfully
15:32:19.468 Disk 0 MBR scan
15:32:19.500 Disk 0 unknown MBR code
15:32:19.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228220 MB offset 63
15:32:19.531 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10244 MB offset 467395110
15:32:19.546 Disk 0 scanning sectors +488376000
15:32:19.625 Disk 0 scanning C:\WINDOWS\system32\drivers
15:32:31.937 Service scanning
15:32:59.593 Modules scanning
15:33:09.062 Disk 0 trace - called modules:
15:33:09.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a84e1e8]<<
15:33:09.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7dfab8]
15:33:09.109 3 CLASSPNP.SYS[b80e905b] -> nt!IofCallDriver -> \Device\00000079[0x8a7ce260]
15:33:09.125 5 ACPI.sys[b7e64620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7cdd98]
15:33:09.125 \Driver\atapi[0x8a7e01a0] -> IRP_MJ_CREATE -> 0x8a84e1e8
15:33:10.015 AVAST engine scan C:\WINDOWS
15:33:20.062 AVAST engine scan C:\WINDOWS\system32
15:37:12.843 AVAST engine scan C:\WINDOWS\system32\drivers
15:37:41.171 AVAST engine scan C:\Documents and Settings\Administrator
16:06:56.046 AVAST engine scan C:\Documents and Settings\All Users
16:10:03.375 Scan finished successfully
16:13:01.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:13:01.875 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:32 AM

Posted 06 January 2013 - 04:58 PM

We have several issues there but let's run couple more scans first.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 davidkoleda

davidkoleda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 07 January 2013 - 04:58 PM

Actually i do not remember if, in the first procedure i rebooted the PC after the malwarebytes scan, is that a problem??

Anyway, here the new logs, thanks for your help!

AdwCleaner:

# AdwCleaner v2.104 - Logfile creato il 07/01/2013 alle 13:50:12
# Aggiornamento 29/12/2012 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 2 (32 bits)
# Utente : Administrator - MISTER
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\Administrator\Dati applicazioni\OpenCandy
Cartella Eliminato : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\AskToolbarInfo
Chiave Eliminata : HKCU\Software\Ask.com
Chiave Eliminata : HKCU\Software\AskToolbar
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\facemoods.com
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Chiave Eliminata : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2304564
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\facemoods.com
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search_USA Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chiave Eliminata : HKLM\Software\OpenCandy

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

*************************

AdwCleaner[S1].txt - [7295 octets] - [07/01/2013 13:50:12]

########## EOF - C:\AdwCleaner[S1].txt - [7355 octets] ##########


ESET:


C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Sun\Java\Deployment\cache\6.0\16\665de5d0-1812b0c6 Java/Agent.FH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\runctf.lnk.vir Win32/Reveton.M trojan cleaned by deleting - quarantined
F:\Programmi\LIMBO\limbo_lang.exe a variant of Win32/Kryptik.EIF trojan cleaned by deleting - quarantined

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:32 AM

Posted 07 January 2013 - 05:42 PM

i rebooted the PC after the malwarebytes scan, is that a problem??

No.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 davidkoleda

davidkoleda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 08 January 2013 - 02:04 PM

OK, here's the log; but i had some problems: when i first run the repair procedure,Windows Repair got stuck on a step, like for 3 hours, and i absolutely needed to work on the PC, so i decided to click the stop button, but actually it didn't stop the step, so i clicked the x button and exited form the program. After some work, and a reboot i did again the procedure, but starting directly form the Repair step, clicking on the reboot on finish button, i left the PC alone, and when i came back the pC was stuck on Windows XP start page, the light blue one, so i decided to shut down the PC manually with the button and reboot. Now the PC seems to be ok, Windows Security center now is visibleeven though it says that i have no antivirus, and no firewall installed, which is not true. Is this ok??
Also, when i did the ESET scan on final i did not choose to delete infected files, i think they're just in quarantine, is that ok??
Thanks.


Farbar Service Scanner Version: 05-01-2013
Ran by Administrator (administrator) on 08-01-2013 at 19:56:37
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-19 23:39] - [2005-03-12 02:05] - 0111104 ____A (Microsoft Corporation) 70D2ECFB8A547EF053E3751F62E08300

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0045568 ____A (Microsoft Corporation) 1A4CCB390093D1A6F0EEC063F44AFF31

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0332288 ____A (Microsoft Corporation) 1DA364FA673E18BC1DE8F5CDF3657DBD

C:\WINDOWS\system32\netman.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0198144 ____A (Microsoft Corporation) 4AD6F202266A25BC0CC1DCE2A3D91563

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0145408 ____A (Microsoft Corporation) A91ACDD987DC3E0E1FCEDDA6F1FFEF2A

C:\WINDOWS\system32\srsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0171008 ____A (Microsoft Corporation) BA4E8AC9A60C4527C969D08F3ABE9D36

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-19 23:34] - [2004-08-19 23:34] - 0073472 ____A (Microsoft Corporation) 896F566AFC498077172EAE8A50E8BAF8

C:\WINDOWS\system32\wscsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0081408 ____A (Microsoft Corporation) 17F70F4E37452A30C35565052AB68BE9

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0145408 ____A (Microsoft Corporation) A91ACDD987DC3E0E1FCEDDA6F1FFEF2A

C:\WINDOWS\system32\wuauserv.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0006656 ____A (Microsoft Corporation) 4CBB7CC975E5B67022A7F95DFC6EF9EC

C:\WINDOWS\system32\qmgr.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0382464 ____A (Microsoft Corporation) 04E8321935AD5643FF59901F3EF5F4F3

C:\WINDOWS\system32\es.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0243200 ____A (Microsoft Corporation) 16A4DE76313DD3ABF7635565BAAF1512

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0060416 ____A (Microsoft Corporation) E0CC838265401128097D182FB583889A

C:\WINDOWS\system32\svchost.exe
[2004-08-19 23:39] - [2004-08-19 23:39] - 0014336 ____A (Microsoft Corporation) 73955B04F209D8A1C633867841267A96

C:\WINDOWS\system32\rpcss.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0395776 ____A (Microsoft Corporation) 0C015AB735A4624C44CB5696E9208C4C

C:\WINDOWS\system32\services.exe
[2004-08-19 23:39] - [2004-08-19 23:39] - 0108544 ____A (Microsoft Corporation) E77F6FA2A15390F1727F4C1C55B69DA6


Extra List:
=======
cmdHlp(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000C0000000B0000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:32 AM

Posted 08 January 2013 - 07:13 PM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download fix.reg file from here: http://www.bleepstatic.com/fhost/uploads/1/fix.reg
Double click on fix.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 davidkoleda

davidkoleda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 11 January 2013 - 10:05 AM

Here it is, still windows doesn't recognize any antivirus or firewall.

Farbar Service Scanner Version: 05-01-2013
Ran by Administrator (administrator) on 11-01-2013 at 16:03:53
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-19 23:39] - [2005-03-12 02:05] - 0111104 ____A (Microsoft Corporation) 70D2ECFB8A547EF053E3751F62E08300

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 07:14] - [2004-08-04 07:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0045568 ____A (Microsoft Corporation) 1A4CCB390093D1A6F0EEC063F44AFF31

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0332288 ____A (Microsoft Corporation) 1DA364FA673E18BC1DE8F5CDF3657DBD

C:\WINDOWS\system32\netman.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0198144 ____A (Microsoft Corporation) 4AD6F202266A25BC0CC1DCE2A3D91563

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0145408 ____A (Microsoft Corporation) A91ACDD987DC3E0E1FCEDDA6F1FFEF2A

C:\WINDOWS\system32\srsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0171008 ____A (Microsoft Corporation) BA4E8AC9A60C4527C969D08F3ABE9D36

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-19 23:34] - [2004-08-19 23:34] - 0073472 ____A (Microsoft Corporation) 896F566AFC498077172EAE8A50E8BAF8

C:\WINDOWS\system32\wscsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0081408 ____A (Microsoft Corporation) 17F70F4E37452A30C35565052AB68BE9

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0145408 ____A (Microsoft Corporation) A91ACDD987DC3E0E1FCEDDA6F1FFEF2A

C:\WINDOWS\system32\wuauserv.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0006656 ____A (Microsoft Corporation) 4CBB7CC975E5B67022A7F95DFC6EF9EC

C:\WINDOWS\system32\qmgr.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0382464 ____A (Microsoft Corporation) 04E8321935AD5643FF59901F3EF5F4F3

C:\WINDOWS\system32\es.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0243200 ____A (Microsoft Corporation) 16A4DE76313DD3ABF7635565BAAF1512

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0060416 ____A (Microsoft Corporation) E0CC838265401128097D182FB583889A

C:\WINDOWS\system32\svchost.exe
[2004-08-19 23:39] - [2004-08-19 23:39] - 0014336 ____A (Microsoft Corporation) 73955B04F209D8A1C633867841267A96

C:\WINDOWS\system32\rpcss.dll
[2004-08-19 23:39] - [2004-08-19 23:39] - 0395776 ____A (Microsoft Corporation) 0C015AB735A4624C44CB5696E9208C4C

C:\WINDOWS\system32\services.exe
[2004-08-19 23:39] - [2004-08-19 23:39] - 0108544 ____A (Microsoft Corporation) E77F6FA2A15390F1727F4C1C55B69DA6


Extra List:
=======
cmdHlp(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000C0000000B0000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#12 davidkoleda

davidkoleda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 11 January 2013 - 10:49 AM

Just a few seconds ago comodo internet security asked me if i wanted java to run some file like wdgswdgswdgs...i ordered to block it, but maybe this means that i'm not clean. ALso i tried to install a program, but winodws installer seems not to work.
I'm thinking of formatting the whole stuff...

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:32 AM

Posted 11 January 2013 - 05:01 PM

What is your AV and firewall?
Avira + Comodo?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 davidkoleda

davidkoleda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 13 January 2013 - 08:19 AM

What is your AV and firewall?
Avira + Comodo?


Yes

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:32 AM

Posted 13 January 2013 - 01:19 PM

Try this: https://forum.avast.com/index.php?topic=23457.0

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users