Jump to content

Computer being wiped out!


Recommended Posts

  • Replies 81
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Here are the DDS scans from my husband's desktop computer ----


DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702Run by XP at 14:30:27 on 2013-07-05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1867 [GMT -4:00].AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}FW: ZoneAlarm Free Firewall Firewall *Disabled*.============== Running Processes ================.c:Program FilesMicrosoft Security ClientMsMpEng.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32LEXBCES.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32LEXPPS.EXEC:Program FilesAnalog DevicesSoundMAXspkrmon.exeC:WINDOWSsystem32MsPMSPSv.exeC:Program FilesLogitechLWSWebcam SoftwareLWS.exeC:Program FilesMicrosoft Security Clientmsseces.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesPIXELAImageMixer 3 SE Ver.4Transfer UtilityCameraMonitor.exeC:Program FilesNETGEARWG111v3WG111v3.exeC:Program FilesMozilla Firefoxfirefox.exeC:WINDOWSsystem32wbemwmiprvse.exeC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSsystem32svchost.exe -k NetworkServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k imgsvcC:WINDOWSSystem32svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer, optimized for Bing and MSNuProxyOverride = <local>dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:program filescheck point software technologies ltdzonealarm1.8.21.15bhzonealarm.dllBHO: {5848763c-2668-44ca-adbe-2999a6ee2858} - <orphaned>BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program filesmicrosoftbingbar7.1.391.0BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - c:program filescheck point software technologies ltdzonealarm1.8.21.15zonealarmTlbr.dlluRun: [cdloader] "c:documents and settingsxpapplication datamjusbspcdloader2.exe" MAGICJACKuRun: [ctfmon.exe] c:windowssystem32ctfmon.exemRun: [ROC_roc_dec12] "c:program filesavg secure searchROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12mRun: [HF_G_Jul] "c:program filesavg secure searchHF_G_Jul.exe" /DoActionmRun: [ROC_ROC_JULY_P1] "c:program filesavg secure searchROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1mRun: [LWS] c:program fileslogitechlwswebcam softwareLWS.exe -hidemRun: [search Protection] c:documents and settingsall usersapplication datasearch protectionSearchProtection.exemRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkeymRun: [ZoneAlarm] "c:program filescheckpointzonealarmzatray.exe"mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDY0NjU2MTI5LUJBKzEtS1YzKzctWEwrMS1UNS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsy"&"prod=90"&"ver=10.0.1170StartupFolder: c:docume~1alluse~1startm~1programsstartupimagem~1.lnk - c:program filespixelaimagemixer 3 se ver.4transfer utilityCameraMonitor.exeStartupFolder: c:docume~1alluse~1startm~1programsstartupnetgea~1.lnk - c:program filesnetgearwg111v3WG111v3.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDrives = dword:0mPolicies-WindowsSystem: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlIE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = Interfaces{07038188-69C3-41A5-A531-2B95039B3116} : DHCPNameServer = Interfaces{1E9ADD0A-1096-43F8-BB7D-54E4E43FF27A} : DHCPNameServer = Interfaces{2D53517B-9C8C-4843-AAD3-4F87E01CEBF6} : DHCPNameServer = avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - LocalServer32 - <no file>Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:documents and settingsxpapplication datamozillafirefoxprofilesj0o3rvlf.defaultFF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarmFF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dllFF - plugin: c:program filesgoogleupdate1.3.21.145npGoogleUpdate3.dllFF - plugin: c:windowssystem32macromedflashNPSWF32_11_7_700_224.dllFF - plugin: c:windowssystem32npdeployJava1.dllFF - plugin: c:windowssystem32npptools.dllFF - ExtSQL: 2013-06-28 06:55; ffxtlbr@zonealarm.com; c:documents and settingsxpapplication datamozillafirefoxprofilesj0o3rvlf.defaultextensionsffxtlbr@zonealarm.com.============= SERVICES / DRIVERS ===============.R0 gfibto;gfibto;c:windowssystem32driversgfibto.sys [2013-6-18 13560]R0 KL1;kl1;c:windowssystem32driverskl1.sys [2012-11-4 133208]R0 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2013-1-20 195296]R1 kl2;kl2;c:windowssystem32driverskl2.sys [2012-11-4 11352]R1 KLIF;Kaspersky Lab Driver;c:windowssystem32driversklif.sys [2012-11-4 485808]R1 Vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2013-6-19 527976]R2 EAPPkt;Realtek EAPPkt Protocol;c:windowssystem32driversEAPPkt.sys [2007-10-9 38144]R2 vsmon;TrueVector Internet Monitor;c:program filescheckpointzonealarmvsmon.exe -service --> c:program filescheckpointzonealarmvsmon.exe -service [?]R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:program filescheckpointzonealarmZAPrivacyService.exe [2013-6-18 54160]R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:windowssystem32ZDCndis5.sys [2009-11-6 20736]S?4 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys --> c:windowssystem32driversmbamswissarmy.sys [?]S3 gfiark;gfiark;c:windowssystem32driversgfiark.sys [2013-6-18 41584]S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:windowssystem32driverswg111v3.sys [2007-12-28 287232]S3 RTL8192cu;Belkin Wireless Adapter;c:windowssystem32driversrtwlanu.sys --> c:windowssystem32driversrtwlanu.sys [?]S3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:windowssystem32driversWlanGZXP.sys [2009-12-11 735232].=============== File Associations ===============..scr: <filetype is not registered>.=============== Created Last 30 ================.2013-07-05 10:39:27 7068072 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{3fc77f85-3929-43ca-b764-b879f887210d}mpengine.dll2013-07-03 20:03:59 2106216 ----a-w- c:program filesmozilla firefoxD3DCompiler_43.dll2013-07-03 20:03:59 116120 ----a-w- c:program filesmozilla firefoxcrashreporter.exe2013-07-03 20:03:58 263576 ----a-w- c:program filesmozilla firefoxbrowsercomponentsbrowsercomps.dll2013-07-03 20:03:57 74136 ----a-w- c:program filesmozilla firefoxbreakpadinjector.dll2013-07-03 20:03:57 19352 ----a-w- c:program filesmozilla firefoxAccessibleMarshal.dll2013-07-03 16:44:13 7068072 ------w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updatesbackupmpengine.dll2013-06-29 22:40:32 -------- d-----w- c:program filesESET2013-06-29 22:36:11 -------- d-----w- c:documents and settingsxpapplication dataCheck Point Software Technologies LTD2013-06-27 21:15:57 -------- d-----w- c:program filesCheck Point Software Technologies LTD2013-06-27 21:15:37 -------- d-----w- c:program filesCheckPoint2013-06-27 20:59:12 238872 ------w- c:windowssystem32MpSigStub.exe2013-06-27 20:56:06 -------- d-----w- c:program filesMicrosoft Security Client2013-06-21 22:43:37 -------- d-----w- c:program filesAVAST Software2013-06-21 22:43:07 -------- d-----w- c:documents and settingsall usersapplication dataAVAST Software2013-06-21 15:57:41 22856 ----a-w- c:windowssystem32driversmbam.sys2013-06-21 15:57:41 -------- d-----w- c:program filesMalwarebytes' Anti-Malware2013-06-18 16:47:18 41584 ----a-w- c:windowssystem32driversgfiark.sys2013-06-18 15:37:24 -------- d-----w- c:documents and settingsxpapplication dataLavasoftStatistics2013-06-18 15:29:57 -------- d-----w- c:documents and settingsall usersapplication dataDownloaded Installations2013-06-18 15:29:43 -------- d-----w- c:documents and settingsxpapplication dataSecureSearch2013-06-18 15:28:21 13560 ----a-w- c:windowssystem32driversgfibto.sys.==================== Find3M ====================.2013-06-15 17:54:21 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-06-15 17:54:21 692104 ----a-w- c:windowssystem32FlashPlayerApp.exe2013-05-07 22:30:06 920064 ----a-w- c:windowssystem32wininet.dll2013-05-07 22:30:05 43520 ------w- c:windowssystem32licmgr10.dll2013-05-07 22:30:05 1469440 ------w- c:windowssystem32inetcpl.cpl2013-05-07 21:53:29 385024 ------w- c:windowssystem32html.iec2013-05-03 01:26:26 2193536 ----a-w- c:windowssystem32ntoskrnl.exe2013-05-03 00:38:18 2070144 ----a-w- c:windowssystem32ntkrnlpa.exe2013-04-10 01:31:19 1876352 ----a-w- c:windowssystem32win32k.sys.============= FINISH: 14:31:26.89 ===============





.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 2/28/2009 1:48:30 PMSystem Uptime: 7/5/2013 10:02:35 AM (4 hours ago).Motherboard: Dell Computer Corp. | | 0W2563Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 37 GiB total, 10.07 GiB free.D: is FIXED (FAT32) - 12 GiB total, 4.4 GiB free.E: is CDROM ()H: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP11: 4/21/2013 4:08:20 PM - System CheckpointRP12: 4/24/2013 10:25:55 AM - System CheckpointRP13: 4/26/2013 6:36:31 AM - System CheckpointRP14: 4/27/2013 3:08:35 PM - System CheckpointRP15: 4/28/2013 3:44:22 PM - System CheckpointRP16: 4/29/2013 4:22:25 PM - System CheckpointRP17: 4/30/2013 4:39:57 PM - System CheckpointRP18: 5/1/2013 5:41:01 PM - System CheckpointRP19: 5/2/2013 5:43:48 PM - System CheckpointRP20: 5/3/2013 6:03:14 PM - System CheckpointRP21: 5/4/2013 7:03:13 PM - System CheckpointRP22: 5/7/2013 12:25:05 PM - System CheckpointRP23: 5/8/2013 12:58:17 PM - System CheckpointRP24: 5/15/2013 3:10:26 PM - System CheckpointRP25: 5/15/2013 9:05:35 PM - Software Distribution Service 3.0RP26: 5/17/2013 10:14:21 AM - System CheckpointRP27: 5/21/2013 1:58:01 PM - System CheckpointRP28: 5/23/2013 11:51:22 AM - System CheckpointRP29: 5/29/2013 9:41:05 AM - System CheckpointRP30: 6/15/2013 12:54:17 PM - System CheckpointRP31: 6/16/2013 3:00:18 AM - Software Distribution Service 3.0RP32: 6/18/2013 7:40:06 AM - System CheckpointRP33: 6/19/2013 9:51:06 PM - Removed Spelling Dictionaries Support For Adobe Reader 9.RP34: 6/21/2013 11:41:51 AM - Removed Ad-Aware Antivirus.RP35: 6/21/2013 6:43:37 PM - avast! Free Antivirus SetupRP36: 6/21/2013 7:05:13 PM - Removed Adobe Reader 9.1.RP37: 6/22/2013 8:11:23 PM - System CheckpointRP38: 6/22/2013 8:52:07 PM - Removed Adobe Reader XI (11.0.03).RP39: 6/22/2013 8:53:38 PM - Removed Java 6 Update 22RP40: 6/22/2013 8:54:27 PM - Removed Java 6 Update 35RP41: 6/22/2013 8:55:45 PM - avast! Free Antivirus SetupRP42: 6/24/2013 7:54:33 AM - System CheckpointRP43: 6/25/2013 8:28:43 AM - System CheckpointRP44: 6/26/2013 10:43:25 AM - System CheckpointRP45: 6/27/2013 4:59:11 PM - Software Distribution Service 3.0RP46: 6/28/2013 5:10:12 PM - System CheckpointRP47: 6/29/2013 7:01:12 AM - Software Distribution Service 3.0RP48: 6/29/2013 6:34:36 PM - Software Distribution Service 3.0RP49: 6/30/2013 7:00:01 PM - System CheckpointRP50: 7/1/2013 7:38:11 AM - Software Distribution Service 3.0RP51: 7/2/2013 11:35:34 AM - Software Distribution Service 3.0RP52: 7/3/2013 12:44:06 PM - Software Distribution Service 3.0RP53: 7/4/2013 12:57:55 PM - System CheckpointRP54: 7/5/2013 6:39:13 AM - Software Distribution Service 3.0.==== Installed Programs ======================.Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginEasy Hi-Q Recorder 2.4ESET Online Scanner v3Google Earth Plug-inGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)ImageMixer 3 SE Ver.4 Transfer UtilityImageMixer 3 SE Ver.4 Video ToolsIntel® PRO Network Adapters and DriversInterVideo WinDVD 4Lexmark 640 SeriesLogitech Webcam SoftwareLWS Help_mainLWS Webcam SoftwaremagicJackMalwarebytes Anti-Malware version .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Easy Assist v2Microsoft Security ClientMicrosoft Security EssentialsMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMSXML 6.0 Parser (KB925673)Music Transfer Utility Ver.1NETGEAR WG111v3 wireless USB 2.0 adapterOGA Notifier 2.0.0048.0PDFCreatorSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544521)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2699988)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2753842)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB982132)SoundMAXSpywareBlaster 5.0The SWORD ProjectUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB971029)VC 9.0 RuntimeWebFldrs XPWindows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows Presentation FoundationWindows XP Service Pack 3XML Paper Specification Shared Components Pack 1.0ZoneAlarm AntivirusZoneAlarm FirewallZoneAlarm Free FirewallZoneAlarm SecurityZoneAlarm Security Toolbar.==== Event Viewer Messages From Past Week ========.6/28/2013 1:08:00 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.6/28/2013 1:01:14 PM, error: Service Control Manager [7034] - The spkrmon service terminated unexpectedly. It has done this 1 time(s).6/28/2013 1:01:14 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).6/28/2013 1:01:14 PM, error: Service Control Manager [7031] - The ZoneAlarm Privacy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/28/2013 1:01:13 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service..==== End Of File ===========================

Link to comment
Share on other sites

I see three Anti-virus programs on this machine ... Microsoft Security Essentials, ZoneAlarm and AVG. You only need one Anti-virus running full time. These are resource hogs and will fight each other for the system's resources, as well as possibly fight each other's definitions.


Please download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.

Link to comment
Share on other sites

I'm having some problems....


I was going to just use Zonealarm for the antivirus and firewall so I tried to uninstall MSE, but it won't uninstall by using Add/Remove.


When I tried to add the Zonealarm antivirus to the firewall which I already had, it wouldn't do it because it said there was a conflict with MSE.


I can't find AVG on this computer. "Maybe" I already deleted it earlier today when I took some things off using Add/Remove.....but I can't remember.




Another thing that is happening is that every time this desktop starts up, it shows the "new hardware Wizard".........but I haven't added any new hardware. How can I see what it is trying to add so I can figure out whether to let it add it or not?





Here is the checkup.txt file ----

Results of screen317's Security Check version 0.99.68
Windows XP Service Pack 3 x86
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ZoneAlarm Free Firewall Antivirus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Link to comment
Share on other sites

Do this to uninstall MSE:

Windows XP

  • Click Start, click Run, type appwiz.cpl in the Run text box, and then click OK.
  • Select Microsoft Security Essentials, and then click Uninstall.
  • Restart the computer.


Download http://www.filehippo.com/download_hijackthis/ Save it to your Documents, then click to open


Click 'Do a System Scan and Save logfile'.
The HJT log will open in notepad.
Copy and paste the HJT log from notepad in your next reply.

Link to comment
Share on other sites

I'm having a hard time with this desktop......it is really slow, and I had to use IE instead of Firefox to finally be able to download HJT.





It also will not remove Microsoft Security Essentials. I tried numerous times and just get an error message that says


"Cannot complete uninstall wizard.


An error has prevented the Security Essentials uninstall wizard from continuing. Please restart your computer and try again.


Error code: 0x80070643"

Link to comment
Share on other sites

Here is the HJT file ---


Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:29:12 PM, on 7/6/2013Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesCheckPointZoneAlarmvsmon.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32LEXBCES.EXEC:WINDOWSsystem32LEXPPS.EXEC:WINDOWSsystem32spoolsv.exeC:Program FilesAnalog DevicesSoundMAXspkrmon.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32MsPMSPSv.exeC:Program FilesCheckPointZoneAlarmZAPrivacyService.exeC:WINDOWSSystem32svchost.exeC:Program FilesLogitechLWSWebcam SoftwareLWS.exeC:Program FilesCheckPointZoneAlarmzatray.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesPIXELAImageMixer 3 SE Ver.4Transfer UtilityCameraMonitor.exeC:Program FilesNETGEARWG111v3WG111v3.exec:Program FilesMicrosoft Security ClientMsMpEng.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:WINDOWSsystem32msiexec.exeC:Program FilesTrend MicroHiJackThisHiJackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.bing.comR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bing.comR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Internet Explorer, optimized for Bing and MSNO2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:Program FilesCheck Point Software Technologies LTDzonealarm1.8.21.15bhzonealarm.dllO2 - BHO: (no name) - {5848763c-2668-44ca-adbe-2999a6ee2858} - (no file)O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program FilesMicrosoftBingBar7.1.391.0BingExt.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll (file missing)O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll (file missing)O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program FilesMicrosoftBingBar7.1.391.0BingExt.dll" (file missing)O3 - Toolbar: (no name) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - (no file)O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:Program FilesCheck Point Software Technologies LTDzonealarm1.8.21.15zonealarmTlbr.dllO4 - HKLM..Run: [ROC_roc_dec12] "C:Program FilesAVG Secure SearchROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12O4 - HKLM..Run: [HF_G_Jul] "C:Program FilesAVG Secure SearchHF_G_Jul.exe" /DoActionO4 - HKLM..Run: [ROC_ROC_JULY_P1] "C:Program FilesAVG Secure SearchROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1O4 - HKLM..Run: [LWS] C:Program FilesLogitechLWSWebcam SoftwareLWS.exe -hideO4 - HKLM..Run: [search Protection] C:Documents and SettingsAll UsersApplication DataSearch ProtectionSearchProtection.exeO4 - HKLM..Run: [MSC] "c:Program FilesMicrosoft Security Clientmsseces.exe" -hide -runkeyO4 - HKLM..Run: [ZoneAlarm] "C:Program FilesCheckPointZoneAlarmzatray.exe"O4 - HKLM..RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDY0NjU2MTI5LUJBKzEtS1YzKzctWEwrMS1UNS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsy"&"prod=90"&"ver=10.0.1170O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.lnk = ?O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:Program FilesNETGEARWG111v3WG111v3.exeO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO15 - Trusted Zone: my.magicjack.comO15 - Trusted Zone: reg.talk4free.comO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CABO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238555054312O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dllO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343585051281O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dllO16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cabO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dllO18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXEO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exeO23 - Service: spkrmon - Unknown owner - C:Program FilesAnalog DevicesSoundMAXspkrmon.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:Program FilesCheckPointZoneAlarmvsmon.exeO23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:Program FilesCheckPointZoneAlarmZAPrivacyService.exe--End of file - 8488 bytes

Link to comment
Share on other sites

Download Combofix from any of the links below, and save it to your desktop.<--Important

Link 1
Link 2
Link 3


Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

  • Double click combofix.exe and follow the prompts.

  • When finished, it will produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply

After rebooting ensure your Security applications have been re-enabled.

Link to comment
Share on other sites

No, this is not normal!


Download AdWareCleaner http://www.bleepingcomputer.com/download/adwcleaner/
or from here http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
to your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:AdwCleaner[sn].txt as well - n is the order number.

Link to comment
Share on other sites

This computer doesn't have an option to run a program "as an administrator" so I just have to double-click to run things.



Here is the file from the scan.....


# AdwCleaner v2.304 - Logfile created 07/08/2013 at 14:09:03# Updated 03/07/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : XP - DELL-7AA614E45C# Boot Mode : Normal# Running from : C:Documents and SettingsXPDesktopAdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****- Internet Explorer v8.0.6001.18702[OK] Registry is clean.- Mozilla Firefox v22.0 (en-US)File : C:Documents and SettingsXPApplication DataMozillaFirefoxProfilesj0o3rvlf.defaultprefs.js[OK] File is clean.*************************AdwCleaner[s1].txt - [7721 octets] - [29/06/2013 18:25:13]AdwCleaner[s2].txt - [758 octets] - [08/07/2013 14:09:03]########## EOF - C:AdwCleaner[s2].txt - [817 octets] ##########

Link to comment
Share on other sites

That looks good. Let's see if RKill finds anything.


Download Rkill by Grinler and save it to your desktop.Link 1
Link 2

    [*]Double-click on the Rkill desktop icon to run the tool. [*]If using Vista, right-click on it and Run As Administrator. [*]A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. [*]If not, delete the file, then download and use the one provided in Link 2. [*]If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. [*]If the tool does not run from any of the links provided, please let me know.

Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Personal Security and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Personal Security when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Personal Security . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.


Post the log file.


Link to comment
Share on other sites

Here is the rkill log ---


Rkill 2.5.3 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 07/09/2013 11:18:36 AM in x86 mode.Windows Version: Microsoft Windows XP Service Pack 3Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * C:WINDOWSsystem32MsPMSPSv.exe (PID: 1692) [WD-HEUR]1 proccess terminated!Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * Windows Firewall Disabled [HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "EnableFirewall" = dword:00000000Checking Windows Service Integrity: * RpcSs => %SystemRoot%system32svchost.exe -k rpcss [incorrect ImagePath]Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * HOSTS file entries found: localhostProgram finished at: 07/09/2013 11:19:47 AMExecution time: 0 hours(s), 1 minute(s), and 11 seconds(s)

Link to comment
Share on other sites

It worked this time :-)



ComboFix 13-07-09.01 - XP 07/09/2013 14:32:58.5.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1862 [GMT -4:00]Running from: c:documents and settingsXPDesktopComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}..((((((((((((((((((((((((( Files Created from 2013-06-09 to 2013-07-09 )))))))))))))))))))))))))))))))..2013-07-09 18:29 . 2013-07-09 18:29 -------- d-----w- c:documents and settingsNetworkServiceLocal SettingsApplication DataPCHealth2013-07-08 18:23 . 2013-06-12 01:18 7068072 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{5E40B60C-EAB9-4F85-BE05-20DDA51D7FD3}mpengine.dll2013-07-08 18:01 . 2013-06-12 01:18 7068072 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll2013-07-06 20:28 . 2013-07-06 20:28 388096 ----a-r- c:documents and settingsXPApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe2013-07-06 20:28 . 2013-07-06 20:28 -------- d-----w- c:program filesTrend Micro2013-07-06 01:25 . 2013-02-21 18:44 74584 ----a-w- c:windowssystem32driversklflt.sys2013-06-29 22:36 . 2013-06-29 22:36 -------- d-----w- c:documents and settingsXPApplication DataCheck Point Software Technologies LTD2013-06-27 21:15 . 2013-06-27 21:15 -------- d-----w- c:program filesCheck Point Software Technologies LTD2013-06-27 21:15 . 2013-06-27 21:18 -------- d-----w- c:program filesCheckPoint2013-06-27 20:59 . 2013-05-02 15:28 238872 ------w- c:windowssystem32MpSigStub.exe2013-06-27 20:56 . 2013-06-27 20:56 -------- d-----w- c:program filesMicrosoft Security Client2013-06-21 22:45 . 2013-05-09 08:58 229648 ----a-w- c:windowssystem32aswBoot.exe2013-06-21 22:43 . 2013-06-21 22:43 -------- d-----w- c:program filesAVAST Software2013-06-21 22:43 . 2013-06-23 00:58 -------- d-----w- c:documents and settingsAll UsersApplication DataAVAST Software2013-06-21 15:57 . 2013-06-23 01:00 -------- d-----w- c:program filesMalwarebytes' Anti-Malware2013-06-21 15:57 . 2013-04-04 18:50 22856 ----a-w- c:windowssystem32driversmbam.sys2013-06-18 16:47 . 2013-04-11 15:06 41584 ----a-w- c:windowssystem32driversgfiark.sys2013-06-18 15:37 . 2013-06-18 15:37 -------- d-----w- c:documents and settingsXPApplication DataLavasoftStatistics2013-06-18 15:29 . 2013-06-18 15:29 -------- d-----w- c:documents and settingsAll UsersApplication DataDownloaded Installations2013-06-18 15:29 . 2013-06-18 15:29 -------- d-----w- c:documents and settingsXPApplication DataSecureSearch2013-06-18 15:28 . 2013-06-18 15:28 13560 ----a-w- c:windowssystem32driversgfibto.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-15 17:54 . 2012-05-18 20:23 692104 ----a-w- c:windowssystem32FlashPlayerApp.exe2013-06-15 17:54 . 2011-09-23 14:21 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-05-07 22:30 . 2004-08-04 12:00 920064 ----a-w- c:windowssystem32wininet.dll2013-05-07 22:30 . 2004-08-04 12:00 43520 ------w- c:windowssystem32licmgr10.dll2013-05-07 22:30 . 2004-08-04 12:00 1469440 ------w- c:windowssystem32inetcpl.cpl2013-05-07 21:53 . 2004-08-04 12:00 385024 ------w- c:windowssystem32html.iec2013-05-03 01:26 . 2004-08-04 12:00 2193536 ----a-w- c:windowssystem32ntoskrnl.exe2013-05-03 00:38 . 2004-08-03 22:59 2070144 ----a-w- c:windowssystem32ntkrnlpa.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"LWS"="c:program filesLogitechLWSWebcam SoftwareLWS.exe" [2010-05-07 165208]"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2013-01-27 947152]"ZoneAlarm"="c:program filesCheckPointZoneAlarmzatray.exe" [2013-06-20 73832].[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDY0NjU2MTI5LUJBKzEtS1YzKzctWEwrMS1UNS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsy&prod=90&ver=10.0.1170" [?].[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2007-02-26 437160].c:documents and settingsAll UsersStart MenuProgramsStartupImageMixer 3 SE Camera Monitor Ver.4.lnk - c:program filesPIXELAImageMixer 3 SE Ver.4Transfer UtilityCameraMonitor.exe [2012-12-1 253952]NETGEAR WG111v3 Smart Wizard.lnk - c:program filesNETGEARWG111v3WG111v3.exe [2008-7-1 2326528].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]c:program filesSUPERAntiSpywareSASWINLO.DLL [bU].[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]@="Service".[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZyXEL G-220v3 Wireless USB Adapter Utility.lnk]backup=c:windowspssZyXEL G-220v3 Wireless USB Adapter Utility.lnkCommon Startup.[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]"FirewallOverride"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]"EnableFirewall"= 0 (0x0).[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]"%windir%system32sessmgr.exe"=.R0 gfibto;gfibto;c:windowssystem32driversgfibto.sys [6/18/2013 11:28 AM 13560]R1 kl2;kl2;c:windowssystem32driverskl2.sys [11/4/2012 10:17 PM 11352]R2 EAPPkt;Realtek EAPPkt Protocol;c:windowssystem32driversEAPPkt.sys [10/9/2007 2:13 PM 38144]R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:program filesCheckPointZoneAlarmZAPrivacyService.exe [6/18/2013 3:34 AM 54160]S3 gfiark;gfiark;c:windowssystem32driversgfiark.sys [6/18/2013 12:47 PM 41584]S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:windowssystem32driverswg111v3.sys [12/28/2007 4:02 PM 287232]S3 RTL8192cu;Belkin Wireless Adapter;c:windowssystem32DRIVERSrtwlanu.sys --> c:windowssystem32DRIVERSrtwlanu.sys [?]S3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:windowssystem32driversWlanGZXP.sys [12/11/2009 9:33 PM 735232].Contents of the 'Scheduled Tasks' folder.2013-07-09 c:windowsTasksAdobe Flash Player Updater.job- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-05-18 17:54].2013-07-09 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 19:52].2013-07-09 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 19:52].2013-07-09 c:windowsTasksMicrosoft Antimalware Scheduled Scan.job- c:program filesMicrosoft Security ClientMpCmdRun.exe [2013-01-27 15:11].2013-07-09 c:windowsTasksOGALogon.job- c:windowssystem32OGAEXEC.exe [2009-08-03 20:07]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlTrusted Zone: magicjack.commyTrusted Zone: talk4free.comregFF - ProfilePath - c:documents and settingsXPApplication DataMozillaFirefoxProfilesj0o3rvlf.defaultFF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarmFF - ExtSQL: 2013-06-28 06:55; ffxtlbr@zonealarm.com; c:documents and settingsXPApplication DataMozillaFirefoxProfilesj0o3rvlf.defaultextensionsffxtlbr@zonealarm.com..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-07-09 14:41Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]@DACL=(02 0000)@="Wireless""ProcessGroupPolicy"="ProcessWIRELESSPolicy""DllName"=expand:"gptext.dll""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{25537BA6-77A8-11D2-9B6C-0000F8080861}]@DACL=(02 0000)@="Folder Redirection""ProcessGroupPolicyEx"="ProcessGroupPolicyEx""DllName"=expand:"fdeploy.dll""NoMachinePolicy"=dword:00000001"NoSlowLink"=dword:00000001"PerUserLocalSettings"=dword:00000001"NoGPOListChanges"=dword:00000000"NoBackgroundPolicy"=dword:00000000"GenerateGroupPolicy"="GenerateGroupPolicy""EventSources"=multi:"(Folder Redirection,Application)0000".[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]@DACL=(02 0000)@="Microsoft Disk Quota""NoMachinePolicy"=dword:00000000"NoUserPolicy"=dword:00000001"NoSlowLink"=dword:00000001"NoBackgroundPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001"PerUserLocalSettings"=dword:00000000"RequiresSuccessfulRegistry"=dword:00000001"EnableAsynchronousProcessing"=dword:00000000"DllName"=expand:"dskquota.dll""ProcessGroupPolicy"="ProcessGroupPolicy".[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]@DACL=(02 0000)@="QoS Packet Scheduler""ProcessGroupPolicy"="ProcessPSCHEDPolicy""DllName"=expand:"gptext.dll""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]@DACL=(02 0000)@="Scripts""ProcessGroupPolicy"="ProcessScriptsGroupPolicy""ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx""GenerateGroupPolicy"="GenerateScriptsGroupPolicy""DllName"=expand:"gptext.dll""NoSlowLink"=dword:00000001"NoGPOListChanges"=dword:00000001"NotifyLinkTransition"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]@DACL=(02 0000)@="Internet Explorer Zonemapping""DllName"="c:WINDOWSsystem32iedkcs32.dll""ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap""NoGPOListChanges"=dword:00000001"RequiresSucessfulRegistry"=dword:00000001"DisplayName"="@c:WINDOWSsystem32iedkcs32.dll.mui,-3051""RequiresSuccessfulRegistry"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{7B849a69-220F-451E-B3FE-2CB811AF94AE}]@DACL=(02 0000)@="Internet Explorer User Accelerators""DisplayName"="@c:WINDOWSsystem32iedkcs32.dll.mui,-3051""DllName"="c:WINDOWSsystem32iedkcs32.dll""NoGPOListChanges"=dword:00000001"ProcessGroupPolicy"="ProcessGroupPolicyForActivities""ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx""RequiresSuccessfulRegistry"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]@DACL=(02 0000)"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO""GenerateGroupPolicy"="SceGenerateGroupPolicy""ExtensionRsopPlanningDebugLevel"=dword:00000001"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx""ExtensionDebugLevel"=dword:00000001"DllName"=expand:"scecli.dll"@="Security""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001"MaxNoGPOListChangesInterval"=dword:000003c0.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]@DACL=(02 0000)"ProcessGroupPolicyEx"="ProcessGroupPolicyEx""GenerateGroupPolicy"="GenerateGroupPolicy""ProcessGroupPolicy"="ProcessGroupPolicy""DllName"="c:WINDOWSsystem32iedkcs32.dll"@="Internet Explorer Branding""NoSlowLink"=dword:00000001"NoBackgroundPolicy"=dword:00000000"NoGPOListChanges"=dword:00000001"NoMachinePolicy"=dword:00000001"DisplayName"="@c:WINDOWSsystem32iedkcs32.dll.mui,-3014".[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]@DACL=(02 0000)"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO""DllName"=expand:"scecli.dll"@="EFS recovery""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001"RequiresSuccessfulRegistry"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]@DACL=(02 0000)@="802.3 Group Policy""DisplayName"=expand:"@dot3gpclnt.dll,-100""ProcessGroupPolicyEx"="ProcessLANPolicyEx""GenerateGroupPolicy"="GenerateLANPolicy""DllName"=expand:"dot3gpclnt.dll""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{C631DF4C-088F-4156-B058-4375F0853CD8}]@DACL=(02 0000)@="Microsoft Offline Files""DllName"=expand:"%SystemRoot%System32cscui.dll""EnableAsynchronousProcessing"=dword:00000000"NoBackgroundPolicy"=dword:00000000"NoGPOListChanges"=dword:00000000"NoMachinePolicy"=dword:00000000"NoSlowLink"=dword:00000000"NoUserPolicy"=dword:00000001"PerUserLocalSettings"=dword:00000000"ProcessGroupPolicy"="ProcessGroupPolicy""RequiresSuccessfulRegistry"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{c6dc5466-785a-11d2-84d0-00c04fb169f7}]@DACL=(02 0000)@="Software Installation""DllName"=expand:"appmgmts.dll""ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx""GenerateGroupPolicy"="GenerateGroupPolicy""NoBackgroundPolicy"=dword:00000000"RequiresSucessfulRegistry"=dword:00000000"NoSlowLink"=dword:00000001"PerUserLocalSettings"=dword:00000001"EventSources"=multi:"(Application Management,Application)00(MsiInstaller,Application)0000".[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]@DACL=(02 0000)@="Internet Explorer Machine Accelerators""DisplayName"="@c:WINDOWSsystem32iedkcs32.dll.mui,-3051""DllName"="c:WINDOWSsystem32iedkcs32.dll""NoGPOListChanges"=dword:00000001"ProcessGroupPolicy"="ProcessGroupPolicyForActivities""ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx""RequiresSuccessfulRegistry"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{e437bc1c-aa7d-11d2-a382-00c04f991e27}]@DACL=(02 0000)@="IP Security""ProcessGroupPolicy"="ProcessIPSECPolicy""DllName"=expand:"gptext.dll""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000000.[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList]@DACL=(02 0000)"HelpAssistant"=dword:00000000"TsInternetUser"=dword:00000000"SQLAgentCmdExec"=dword:00000000"NetShowServices"=dword:00000000"IWAM_"=dword:00010000"IUSR_"=dword:00010000"VUSR_"=dword:00010000.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(5608)c:windowssystem32WININET.dllc:windowssystem32ieframe.dllc:windowssystem32webcheck.dllc:windowssystem32WPDShServiceObj.dllc:windowssystem32PortableDeviceTypes.dllc:windowssystem32PortableDeviceApi.dll.Completion time: 2013-07-09 14:44:01ComboFix-quarantined-files.txt 2013-07-09 18:43ComboFix2.txt 2013-07-07 18:58.Pre-Run: 9,750,212,608 bytes freePost-Run: 9,737,994,240 bytes free.- - End Of File - - F0D1B871DABCBF34F764012505837AC98F558EB6672622401DA993E1E865C861

Link to comment
Share on other sites

Uninstall (if found):


Kaspersky --->

Download Kaspersky Lab Products Remover

Note: Enter the CAPTCHA code and if you have more than one product installed, select which to remove in the drop down. If you still have issues with a Kaspersky product, try using the remover tool in Safe Mode. Anti-Virus/Internet Security 6.0/7.0 cannot be removed using a 64-bit operating system.


Trend Micro---> click uninstall tab

Download Trend Micro Diagnostic Toolkit 32-bit | 64-bit

Note: You will be prompted for a password when you extract these uninstallers, use “novirus“. Run the Support Tool executable and use the same procedure as aboveAVAST--->

Download AVAST Software Uninstall Utility

Special Note: Needs to be started from Safe Mode, the program will offer to reboot you into Safe Mode on launch. If you did not install the Avast product to the default install location, you need to point to it in the boxLavasoft ---> Ad-Aware AntivirusAd-Aware Browsing Protection --->Add/Remove programs


VIPRE Antivirus---> Add/Remove programs


After uninstalling all of the above, flush the DNS cache and restore MS's Hosts file:

Copy and paste these lines in Note pad.


@Echo onpushdwindowssystem32driversetcattrib -h -s -r hostsecho localhost>HOSTSattrib +r +h +s hostspopdipconfig /releaseipconfig /renewipconfig /flushdnsnetsh winsock reset allnetsh int ip reset allshutdown -r -t 1del %0


Save as flush.bat to your desktop.Double click on the flush.bat file to run it.Your computer will reboot itself.


Tell me how your husband's computer is running now.

Link to comment
Share on other sites

Well, I tried doing the uninstalls you told me to do above and here is what happened.....


Kaspersky --->

[ I didn't find any Kaspersky files on this computer (did a Search)]


Trend Micro---> click uninstall tab.

[Did this but it didn't remove HiJackThis]


[This computer won't go into Safe Mode, it never has since we got it.]


Lavasoft ---> Ad-Aware Antivirus[ Not listed in Add/Remove. I didn't find any Lavasoft files on this computer (did a Search)]


VIPRE Antivirus---> Add/Remove programs

[ Not listed in Add/Remove. I didn't find any Vipre files on this computer (did a Search)]




I didn't do the DNS flush because i'm not sure if you want me to run the Avast uninsatll in regular mode first or not.

Link to comment
Share on other sites

It isn't showing in the task manager processes/user list. What should I do?



Bad news------'my' desktop computer is doing all that weird stuff again. It isn't fixed. It seemed ok for a few days but now all the icons and text are HUGE again 'sometimes', my computer shuts itself off at night sometimes, some of my files/ folders look say they are 'empty' again when I go to my hard drive, etc etc etc. I guess we will have to go back to fixing my computer when we are done with my husbands............this is so awful!!!!!!!

Link to comment
Share on other sites

I'm not quite sure what info you want me to post because I do not see anything called a repair info log. But there is a 'Reset log' that was produced so I assume that must be it.



deleted SYSTEMCurrentControlSetServicesTcpipParametersInterfaces{1E9ADD0A-1096-43F8-BB7D-54E4E43FF27A}IpAutoconfigurationAddressdeleted SYSTEMCurrentControlSetServicesTcpipParametersInterfaces{1E9ADD0A-1096-43F8-BB7D-54E4E43FF27A}IpAutoconfigurationMaskdeleted SYSTEMCurrentControlSetServicesTcpipParametersInterfaces{1E9ADD0A-1096-43F8-BB7D-54E4E43FF27A}IpAutoconfigurationSeedadded SYSTEMCurrentControlSetServicesTcpipParametersNameServer<completed>


There was also a 'Repair Info" tab on the screen of the scan so here is what was in that tab ---

Set Windows Services To Default Startup:This will set the Windows services to their default startup state. Special thanks to http://www.blackviper.com/ for having all the default information handy.This will set the services startup by the "sc config" command and not by the registry.To edit or view, all services and their startup are in the services_startup.txt in the files folder.





I was not sure if I was supposed to restart the computer like it says since you didn't tell me I should.....so I did 'not' restart it yet.

Link to comment
Share on other sites

Also, I don't know if this is important to you or not, but there were 2 differences between the screenshot you showed me above and the screen that came up when it ran.


1. There were more things in the list than what your screenshot shows. (I just left them checked, I hope that was ok)


2. Not all the things in the list were checked. Some were and some were not. But I made sure that only the ones yu showed me to check were checked and unchecked the ones you showed should be unchecked.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Create New...