Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Essentials won't update


  • Please log in to reply
34 replies to this topic

#1 prairiedances

prairiedances

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 01 February 2013 - 11:55 AM

I'm running Windows XP and for some reason my Windows Security Essentials won't update. I keep getting the error message OX80070424. I tried Windows Fix it but it said wasn't able to repair the problem. The error report said: "windows update components must be repaired". I ran Malwarebytes but it came clean. Is this a virus or something else? Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 PM

Posted 01 February 2013 - 11:56 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 10:28 AM

Thanks! FYI, I didn't get a notification saying that you responded so I apologize for my late reply. I tried to update it today, and it worked.
TDSSKiller report:

\system32\DRIVERS\usbhub.sys
10:27:28.0953 1660 usbhub - ok
10:27:28.0953 1660 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:27:28.0968 1660 usbprint - ok
10:27:28.0984 1660 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:27:28.0984 1660 usbscan - ok
10:27:29.0000 1660 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:27:29.0015 1660 USBSTOR - ok
10:27:29.0015 1660 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:27:29.0031 1660 usbuhci - ok
10:27:29.0046 1660 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:27:29.0046 1660 VgaSave - ok
10:27:29.0062 1660 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
10:27:29.0062 1660 ViaIde - ok
10:27:29.0078 1660 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:27:29.0078 1660 VolSnap - ok
10:27:29.0109 1660 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:27:29.0125 1660 VSS - ok
10:27:29.0140 1660 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:27:29.0156 1660 W32Time - ok
10:27:29.0156 1660 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:27:29.0156 1660 Wanarp - ok
10:27:29.0156 1660 WDICA - ok
10:27:29.0171 1660 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:27:29.0187 1660 wdmaud - ok
10:27:29.0187 1660 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:27:29.0187 1660 WebClient - ok
10:27:29.0250 1660 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:27:29.0250 1660 winmgmt - ok
10:27:29.0296 1660 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:27:29.0296 1660 WmdmPmSN - ok
10:27:29.0328 1660 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:27:29.0359 1660 Wmi - ok
10:27:29.0390 1660 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:27:29.0406 1660 WmiApSrv - ok
10:27:29.0453 1660 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:27:29.0468 1660 WZCSVC - ok
10:27:29.0484 1660 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:27:29.0500 1660 xmlprov - ok
10:27:29.0500 1660 ================ Scan global ===============================
10:27:29.0515 1660 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:27:29.0531 1660 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:27:29.0546 1660 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:27:29.0562 1660 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:27:29.0562 1660 [Global] - ok
10:27:29.0562 1660 ================ Scan MBR ==================================
10:27:29.0578 1660 [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
10:27:29.0828 1660 \Device\Harddisk0\DR0 - ok
10:27:29.0828 1660 ================ Scan VBR ==================================
10:27:29.0843 1660 [ 850F5865E76DCEF21B4D9E8706332476 ] \Device\Harddisk0\DR0\Partition1
10:27:29.0843 1660 \Device\Harddisk0\DR0\Partition1 - ok
10:27:29.0843 1660 [ 7A5FBBFA03A9CA49185E4069A1AE05C3 ] \Device\Harddisk0\DR0\Partition2
10:27:29.0843 1660 \Device\Harddisk0\DR0\Partition2 - ok
10:27:29.0843 1660 ============================================================
10:27:29.0843 1660 Scan finished
10:27:29.0843 1660 ============================================================
10:27:29.0843 2096 Detected object count: 0
10:27:29.0843 2096 Actual detected object count: 0

#4 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 10:47 AM

this is the aswMBR log. While I was running it, Windows Security Essentials came up with a found threat on the computer. it was the Trojan: Win32/sirefef!cfg

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-04 10:30:28
-----------------------------
10:30:28.312 OS Version: Windows 5.1.2600 Service Pack 3
10:30:28.312 Number of processors: 2 586 0x170A
10:30:28.312 ComputerName: HP88342945029 UserName: Grant Writer
10:30:29.187 Initialize success
10:32:29.468 AVAST engine defs: 13020400
10:32:45.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:32:45.781 Disk 0 Vendor: ST316081 3.CH Size: 152627MB BusType: 3
10:32:45.796 Disk 0 MBR read successfully
10:32:45.796 Disk 0 MBR scan
10:32:45.890 Disk 0 unknown MBR code
10:32:45.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140317 MB offset 63
10:32:45.921 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12291 MB offset 287386785
10:32:45.937 Disk 0 scanning sectors +312560640
10:32:46.015 Disk 0 scanning C:\WINDOWS\system32\drivers
10:33:05.593 Service scanning
10:33:17.906 Service MpKsl0a79a6e3 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FA746D0-4CB0-4A8F-83F1-81894D4B64CF}\MpKsl0a79a6e3.sys **LOCKED** 32
10:33:32.765 Modules scanning
10:34:04.531 Disk 0 trace - called modules:
10:34:04.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:34:04.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8695a030]
10:34:04.546 3 CLASSPNP.SYS[f7537fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8639d028]
10:34:05.375 AVAST engine scan C:\WINDOWS
10:34:21.562 AVAST engine scan C:\WINDOWS\system32
10:37:33.640 AVAST engine scan C:\WINDOWS\system32\drivers
10:37:56.062 AVAST engine scan C:\Documents and Settings\Grant Writer
10:44:46.500 AVAST engine scan C:\Documents and Settings\All Users
10:45:39.921 Scan finished successfully
10:46:04.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Grant Writer\Desktop\MBR.dat"
10:46:05.078 The log file has been saved successfully to "C:\Documents and Settings\Grant Writer\Desktop\feb 4 aswMBR.txt"

#5 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 11:31 AM

ESET Online results:

C:\Documents and Settings\Grant Writer\Local Settings\Temp\plugtmp-45\plugin-98765.pdf JS/Exploit.Pdfka.PMN trojan cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 PM

Posted 04 February 2013 - 11:32 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 12:23 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.04.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Grant Writer :: HP88342945029 [administrator]

2/4/2013 11:36:17 AM
mbam-log-2013-02-04 (11-36-17).txt

Scan type: Full scan (C:\|D:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401863
Time elapsed: 46 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 12:26 PM

MiniToolBox by Farbar Version:10-01-2013
Ran by Grant Writer (administrator) on 04-02-2013 at 12:25:21
Running from "C:\Documents and Settings\Grant Writer\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82567V-2 Gigabit Network Connection = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : HP88342945029

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mvnhc.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : mvnhc.com

Description . . . . . . . . . . . : Intel® 82567V-2 Gigabit Network Connection

Physical Address. . . . . . . . . : 00-22-64-23-12-C7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.0.0.72

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.0.0.4

192.0.0.1

192.0.0.3

DHCP Server . . . . . . . . . . . : 192.0.0.11

DNS Servers . . . . . . . . . . . : 192.0.0.11

192.168.1.21

192.0.0.12

198.6.100.6

4.2.2.1

Primary WINS Server . . . . . . . : 192.0.0.12

Secondary WINS Server . . . . . . : 192.0.0.11

Lease Obtained. . . . . . . . . . : Monday, February 04, 2013 10:21:44 AM

Lease Expires . . . . . . . . . . : Monday, February 11, 2013 10:21:44 AM

Server: mtvauth2.mvnhc.com
Address: 192.0.0.11

Name: google.com
Addresses: 173.194.43.38, 173.194.43.34, 173.194.43.32, 173.194.43.33
173.194.43.41, 173.194.43.35, 173.194.43.39, 173.194.43.40, 173.194.43.36
173.194.43.37, 173.194.43.46



Pinging google.com [173.194.43.34] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 173.194.43.34:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: mtvauth2.mvnhc.com
Address: 192.0.0.11

Name: yahoo.com
Addresses: 98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 22 64 23 12 c7 ...... Intel® 82567V-2 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.0.0.1 192.0.0.72 20
0.0.0.0 0.0.0.0 192.0.0.3 192.0.0.72 20
0.0.0.0 0.0.0.0 192.0.0.4 192.0.0.72 20
54.243.189.26 255.255.255.255 192.0.0.1 192.0.0.72 1
74.125.226.227 255.255.255.255 192.0.0.1 192.0.0.72 1
74.125.226.233 255.255.255.255 192.0.0.2 192.0.0.72 1
74.208.4.9 255.255.255.255 192.0.0.2 192.0.0.72 1
98.139.183.24 255.255.255.255 192.0.0.1 192.0.0.72 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
173.194.43.1 255.255.255.255 192.0.0.1 192.0.0.72 1
174.35.22.55 255.255.255.255 192.0.0.1 192.0.0.72 1
192.0.0.0 255.255.255.0 192.0.0.72 192.0.0.72 20
192.0.0.72 255.255.255.255 127.0.0.1 127.0.0.1 20
192.0.0.255 255.255.255.255 192.0.0.72 192.0.0.72 20
199.27.73.129 255.255.255.255 192.0.0.2 192.0.0.72 1
208.43.87.2 255.255.255.255 192.0.0.1 192.0.0.72 1
208.43.120.24 255.255.255.255 192.0.0.2 192.0.0.72 1
212.227.219.229 255.255.255.255 192.0.0.1 192.0.0.72 1
224.0.0.0 240.0.0.0 192.0.0.72 192.0.0.72 20
255.255.255.255 255.255.255.255 192.0.0.72 192.0.0.72 1
Default Gateway: 192.0.0.4
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/04/2013 10:23:33 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/01/2013 11:42:24 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/01/2013 11:41:55 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/01/2013 09:55:52 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/28/2013 11:11:21 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/25/2013 07:55:28 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/24/2013 08:19:05 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/22/2013 11:18:18 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/22/2013 11:18:14 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/22/2013 10:58:10 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL


System errors:
=============
Error: (02/04/2013 10:23:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.990.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/04/2013 10:23:24 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (02/01/2013 11:41:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.990.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/01/2013 09:55:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.990.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/01/2013 09:47:22 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/29/2013 09:20:58 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/28/2013 11:11:18 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.533.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/28/2013 11:02:41 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/25/2013 07:55:28 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.533.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/25/2013 07:47:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7500_7600_7700_Help (Version: 1.00.0000)
ABBYY FineReader for ScanSnap ™ 4.1 (Version: 8.02.380.7259)
Acrobat.com (Version: 1.7.186)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader XI (11.0.01) (Version: 11.0.01)
Altiris Software Virtualization Agent (Version: 2.1.2096)
BPD_HPSU (Version: 1.00.0000)
BPD_Scan (Version: 2.00.0000)
BPDfax (Version: 70.0.184.000)
BPDSoftware (Version: 70.0.283.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 70.0.170.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
CardMinder (Version: V4.1L10)
CardMinder V4.1 (Version: 4.1.10.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CorePLS_Full_QFolder (Version: 1.00.0000)
CorePLS_Min_QFolder (Version: 1.00.0000)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Google Chrome (Version: 24.0.1312.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.123)
GoToMeeting 5.2.0.952 (Version: 5.2.0.952)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Backup and Recovery Manager (Version: 2.5C)
HP Care Pack Core (Version: 1.0.0.0)
HP Care Pack Products (Version: 1.0.0.0)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Help and Support (Version: 4.2.0010)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP LaserJet P2015 Series 1.0 (Version: 1.0)
HP LaserJet P2030 Series
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Photosmart Essential (Version: 1.9.1.3)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 11.14.0001)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.003.001.001)
hppFonts (Version: 000.106.00040)
HPPhotoSmartExpress (Version: 70.0.170.000)
hppIOFiles (Version: 001.001.00024)
hppLJP2015 (Version: 000.104.00224)
hppManualsP2015 (Version: 000.104.00210)
hppMSRedist (Version: 1.01.0000)
HPProductAssistant (Version: 70.0.170.000)
hppTLBXFXP2015 (Version: 001.000.00012)
hppusgP2015 (Version: 001.000.00012)
hppusgP2030 (Version: 000.000.00005)
hppWebRegMM (Version: 000.001.00001)
HPSSupply (Version: 2.1.1.0000)
hpzTLBXFX (Version: 002.002.00170)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 13.1.33.0 (Version: 13.1.33.0)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1274)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
L7600 (Version: 50.0.165.000)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works 6.0 (Version: 06.00.1829)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MPM (Version: 1.00.0000)
MrvlUsgTracking (Version: 1.0.7)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NirSoft BlueScreenView
OCR Software by I.R.I.S 7.0 (Version: 7.0)
PanoStandAlone (Version: 70.0.170.000)
Product_SF_Full_QFolder (Version: 1.00.0000)
Product_SF_Min_QFolder (Version: 1.00.0000)
ProductContext (Version: 50.0.165.000)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5708)
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller 1.94 (Version: 1.94)
Scan (Version: 7.0.0.0)
ScanSnap (Version: 5.0.21.1)
ScanSnap Manager (Version: V5.0L21)
ScanSnap Organizer (Version: 4.1.11.3)
ScanSnap Organizer (Version: V4.1L11)
SolutionCenter (Version: 70.0.170.000)
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 5.5.1012)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
UMPlayer 0.98 [P4] (Version: 0.98)
Unload (Version: 7.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell™ 1.0 (Version: 2)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 989.1 MB
Available physical RAM: 349.03 MB
Total Pagefile: 2385.46 MB
Available Pagefile: 1709.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.78 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:137.03 GB) (Free:112.87 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12 GB) (Free:7.64 GB) NTFS
9 Drive l: () (Removable) (Total:3.74 GB) (Free:3.22 GB) FAT32

========================= Users: ========================================

User accounts for \\HP88342945029

admin Administrator ASPNET
Grant Writer Guest guestpc
HelpAssistant MIS SUPPORT_388945a0

========================= Restore Points ==================================

31-10-2012 21:18:05 System Checkpoint
02-11-2012 15:28:18 System Checkpoint
06-11-2012 17:19:44 System Checkpoint
08-11-2012 19:10:58 System Checkpoint
14-11-2012 18:42:45 System Checkpoint
15-11-2012 19:35:19 System Checkpoint
19-11-2012 19:30:55 System Checkpoint
26-11-2012 21:50:23 System Checkpoint
29-11-2012 18:18:50 System Checkpoint
03-12-2012 18:52:04 System Checkpoint
05-12-2012 21:08:26 System Checkpoint
07-12-2012 17:29:25 System Checkpoint
10-12-2012 19:23:26 System Checkpoint
11-12-2012 20:32:29 System Checkpoint
12-12-2012 21:33:31 System Checkpoint
13-12-2012 16:55:41 Installed Windows Internet Explorer 8.
13-12-2012 17:52:58 Removed Adobe Reader X (10.1.4).
17-12-2012 20:25:19 System Checkpoint
20-12-2012 15:38:24 System Checkpoint
21-12-2012 17:12:19 System Checkpoint
24-12-2012 17:58:52 System Checkpoint
28-12-2012 16:15:51 System Checkpoint
31-12-2012 17:58:20 System Checkpoint
04-01-2013 17:39:53 System Checkpoint
08-01-2013 18:26:00 System Checkpoint
09-01-2013 22:57:08 System Checkpoint
11-01-2013 17:48:29 System Checkpoint
14-01-2013 16:18:44 Installed Java 7 Update 11
15-01-2013 17:46:16 System Checkpoint
16-01-2013 18:31:18 System Checkpoint
18-01-2013 21:05:41 System Checkpoint
22-01-2013 22:25:36 System Checkpoint
24-01-2013 13:26:03 System Checkpoint
25-01-2013 15:55:09 System Checkpoint
29-01-2013 17:41:47 System Checkpoint
01-02-2013 19:19:12 System Checkpoint

**** End of log ****

#9 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 12:28 PM

Farbar Service Scanner Version: 30-01-2013
Ran by Grant Writer (administrator) on 04-02-2013 at 12:27:11
Running from "C:\Documents and Settings\Grant Writer\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2006-02-27 21:00] - [2008-04-13 19:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2006-02-27 21:00] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 12:34 PM

Tried to open chrome to get back to bleeping computer after adwcleaner reboot the computer it came up as : google chrome is corrupt, unable to locate preferences. Mozilla opened with no issues though.

# AdwCleaner v2.110 - Logfile created 02/04/2013 at 12:29:11
# Updated 03/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Grant Writer - HP88342945029
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Grant Writer\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Grant Writer\Application Data\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Grant Writer\Application Data\Mozilla\Firefox\Profiles\b8jptr3r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Grant Writer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2193 octets] - [04/02/2013 12:29:11]

########## EOF - C:\AdwCleaner[S1].txt - [2253 octets] ##########

#11 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 12:41 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Microsoft Windows XP x86
Ran by Grant Writer on Mon 02/04/2013 at 12:36:07.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Grant Writer\Application Data\mozilla\firefox\profiles\b8jptr3r.default\prefs.js

user_pref("extensions.AMAZONNEW_NS_PH.hxxpsDadList", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankomete
user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\
Emptied folder: C:\Documents and Settings\Grant Writer\Application Data\mozilla\firefox\profiles\b8jptr3r.default\minidumps [14 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/04/2013 at 12:41:02.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 12:44 PM

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/04/2013 12:43:25 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* Update [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys : 72,960 : 07/06/2007 00:52 AM : d92fce6729ee150a15a7cdbc433f390e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB937894$\mqac.sys : 72,960 : 02/27/2006 09:00 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 07/06/2007 09:05 AM : 157a32ddc6a019a4e31b19d604d2f127 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 02:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/04/2013 12:44:19 PM
Execution time: 0 hours(s), 1 minute(s), and 1 seconds(s)

#13 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 12:54 PM

Thanks for your help so far. I tried to extract autroruns but I don't think I'm doing it right. I'm not sure how to scan using the program. Can you help please? Thanks.

#14 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 February 2013 - 01:33 PM

I think this is what I was suppose to do?

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HP LaserJet P2030 Install" "" "" "File not found: E:\Setup.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "hpbdfawep" "WEP MFC Application" "" "c:\program files\hp\dfawep\bin\hpbdfawep.exe"
+ "HPUsageTracking" " " "" "c:\program files\hp\hp ut\bin\hppusg.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Microsoft Works Portfolio" "Microsoft® Works PortFolio" "Microsoft® Corporation" "c:\program files\microsoft works\wkssb.exe"
+ "Microsoft Works Update Detection" "Microsoft® Works Update Detection" "Microsoft® Corporation" "c:\program files\microsoft works\wkdetect.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "Recguard" "Recguard Application" "" "c:\windows\sminst\recguard.exe"
+ "Reminder" "Reminder_XP" "" "c:\windows\creator\remind_xp.exe"
+ "Scheduler" "Scheduler" "" "c:\windows\sminst\scheduler.exe"
+ "SetRefresh" "SetRefresh" "Hewlett-Packard Company" "c:\program files\compaq\setrefresh\setrefresh.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\real\realplayer\update\realsched.exe"
+ "ToolBoxFX" "HPTLBXFX" "HP" "c:\program files\hp\toolboxfx\bin\hptlbxfx.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "CardMinder Viewer.lnk" "CardMinder Viewer" "PFU LIMITED" "c:\program files\pfu\scansnap\cardminder\cardlauncher.exe"
+ "Conversion to PDF with ScanSnap Organizer.lnk" "PfuSsOrgOcrChk Application" "PFU LIMITED" "c:\program files\pfu\scansnap\organizer\pfussorgocrchk.exe"
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
+ "Microsoft Works Calendar Reminders.lnk" "Microsoft® Works Calendar Reminder Service" "Microsoft® Corporation" "c:\program files\common files\microsoft shared\works shared\wkcalrem.exe"
+ "ScanSnap Manager.lnk" "ScanSnap Manager" "PFU LIMITED" "c:\program files\pfu\scansnap\driver\pfussmon.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "GoToMeeting" "GoToMeeting" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotomeeting\457\g2mstart.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: file:///C:/DOCUME~1/GRANTW~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
+ "1" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "RealNetworks Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealDownloader" "c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "MP Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\mpcmdrun.exe"
+ "RealPlayerRealUpgradeLogonTaskS-1-5-21-2585511966-3772591434-1322672914-1009.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "RealPlayerRealUpgradeScheduledTaskS-1-5-21-2585511966-3772591434-1322672914-1009.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeLogonTaskS-1-5-21-2585511966-3772591434-1322672914-1009.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeScheduledTaskS-1-5-21-2585511966-3772591434-1322672914-1009.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "0176251236890864mcinstcleanup" "" "" "File not found: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\017625~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IviRegMgr" "RegMgr Module" "InterVideo" "c:\program files\common files\intervideo\regmgr\iviregmgr.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\msmpeng.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "RealNetworks Downloader Resolver Service" "Manage different Downloader versions in RealNetworks' products." "" "c:\program files\realnetworks\realdownloader\rndlresolversvc.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ac97intc" "Intel® Integrated Controller Hub Audio Driver" "Intel Corporation" "c:\windows\system32\drivers\ac97intc.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E100B" "NDIS 5 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "e1yexpress" "Intel® Gigabit Network Connection NDIS 5.1 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1y5132.sys"
+ "FSLX" "FSL System Driver" "Altiris, Inc." "c:\windows\system32\drivers\fslx.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "hljqshpu" "" "" "File not found: C:\WINDOWS\system32\drivers\hljqshpu.sys"
+ "HPFXBULK" "hpfxbulk.sys" "Hewlett Packard" "c:\windows\system32\drivers\hpfxbulk.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "i81x" "Miniport Driver for Intel Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\i81xnt5.sys"
+ "iAimFP0" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv01nt.sys"
+ "iAimFP1" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv02nt.sys"
+ "iAimFP2" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv05nt.sys"
+ "iAimFP3" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wsiintxx.sys"
+ "iAimFP4" "Local Flat Panel Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wvchntxx.sys"
+ "iAimFP5" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv07nt.sys"
+ "iAimFP6" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv08nt.sys"
+ "iAimFP7" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv09nt.sys"
+ "iAimTV0" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\watv01nt.sys"
+ "iAimTV1" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\watv02nt.sys"
+ "iAimTV3" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\watv04nt.sys"
+ "iAimTV4" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wch7xxnt.sys"
+ "iAimTV5" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\watv10nt.sys"
+ "iAimTV6" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\watv06nt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "iaStor" "" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "kqvpscbt" "" "" "File not found: C:\WINDOWS\system32\drivers\kqvpscbt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NAL" "Intel® Network Adapter Diagnostic Driver" "Intel Corporation " "c:\windows\system32\drivers\iqvw32.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "InterVideo Audio Decoder" "IVIAUDIO LOGID.63916" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Audio Processor" "" "" "c:\program files\intervideo\common\bin\iviaudioprocess.ax"
+ "Intervideo CDSF Filter" "Bouncing Ball Filter (Sample)" "Microsoft Corporation" "c:\program files\intervideo\common\bin\ivicdsf.ax"
+ "InterVideo Navigator" "IVINAV LOGID.63916" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "InterVideo Video Decoder" "IVIVIDEO LOGID.63916" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Mp3 Transform Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer MPEG4 Transform Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "HP2030LM" "Rendering" "Marvell Semiconductor India Private Limited." "c:\windows\system32\hp2030lm.dll"
+ "hpz3l4sa" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l4sa.dll"

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 PM

Posted 04 February 2013 - 09:33 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users