Jump to content

Recommended Posts

Disconnect your computer from the Internet and unplug it from the modem. Leave it that way until we finish with Husband's computer.

 

 

 

Set Windows Services To Default Startup

This is what I want you to do, then restart the computer.

 

Copy and paste the 'repair info log'.

 

Tell me if your Husband's computer is running normally now.

Link to post
Share on other sites
  • Replies 81
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

I must be doing something wrong.

 

I unchecked everything in the list of the tweaking program that I had left open since I ran it yesterday and then I checked "Set Windows Services To Default Startup" clicked Start.

 

It ran and then said it needed to restart the compueter. But when the computer restarted, this program did not open up again. I thought it would open and give me the file you wanted ( 'repair info log' ) but it didn't. Now I don't know where to find that log, sorry.

 

 

 

 

As far as my computer, I cannot disconnect it from the internet because it is our main computer where we have our phone set up. We use MagicJack so my computer needs to remain online. My computer is also the one with the modem. My husband's desktop and laptop ar both connected by using those wall socket adaptors. I'm not sure what to do now.....just not use my computer at all until his is fixed???

Link to post
Share on other sites

 

As far as my computer, I cannot disconnect it from the internet because it is our main computer where we have our phone set up. We use MagicJack so my computer needs to remain online. My computer is also the one with the modem. My husband's desktop and laptop ar both connected by using those wall socket adaptors. I'm not sure what to do now.....just not use my computer at all until his is fixed???

 

Let's do this... I want you to unplug everything from the wallsocket adaptors .... if you can reset the modem, then do so. Wait about a minute to plug everything back in. Reset your password for MagicJack, then let's proceed.

Link to post
Share on other sites

ok, when I first started up my husband's computer today, it went through some knid of 'chkdsk' thingy before it started but starts fine now.

 

 

I did what you said above.....unplugged and reset. So I'm ready to do whatever is next.

Link to post
Share on other sites

I had to search the internet to find out what an "elevated command prompt" was....lol.

 

But it was easy to do and here is what the scan said....

 

"Windows Resource Protection did not find any integrity violations."

Link to post
Share on other sites

Good .... run both computers for a day or so and let me know how they're doing.

 

Also, if you opened any suspicious e-mails or sent any while you were on vacation, it would be a good idea to change the email passwords too. See if you can use a friend's computer to make this change.

Link to post
Share on other sites

I will run them over the wekend and get back to you. Thank you for your tremendous help. I am assuming that you are feeling that both the computers are fixed.

 

I would truly like to know what happened so I can do whatever is necessary to keep it from happening again.

 

Did someone gain access to our laptop vis the public WiFi places/

 

Were they able to install viruses? Spyware? What?

 

'How' did it pass from one computer to our other computers???

 

What are the VERY BEST things we can have on all our computers to protect them?

Link to post
Share on other sites

... I suspect a DNS and Hosts File 'poisoning' due to the public Wifi connections.

I didn't see any viruses. If one computer is affected from public connections, then when it's re-connected to the home network, the other computers will be affected too.

 

It's almost bedthirty here, so Let me get back to you later, with better explanations :)

Link to post
Share on other sites
  • 4 weeks later...

Yes, back and as confused as ever lol

 

I don't know where to start. I read back over what we did and I am confused about what to do now.

 

1) His desktop is running much slower than normal...takes forever to come up when I turn it on.

 

2) There are 2 windows that pop up when the computer starts----they are "found new hardware wizard" windows. But it doesn't give any name for the new hardware-----both just say "unknown". I tried letting it install to see what it is but it won't install. How do I get rid of them?

 

3) Avast is in this desktop but this computer has never started in Safe Mode. It was used when we bought it several years ago and it would never start in safe mode. How do I remove Avast?

Link to post
Share on other sites

I went back and did some things over again..........

 

I ran these -

 

Kaspersky --->

 

 

Trend Micro---> click uninstall tab.

 

 

AVAST--->

[This computer won't go into Safe Mode, it never has since we got it.]

[sHOULD I RUN IT IN REGULAR MODE??]

 

 

Lavasoft ---> Ad-Aware Antivirus[ Not listed in Add/Remove. I didn't find any Lavasoft files on this computer (did a Search)]

 

VIPRE Antivirus---> Add/Remove programs

[ Not listed in Add/Remove. I didn't find any Vipre files on this computer (did a Search)]

 

 

 

I didn't do the DNS flush because i'm not sure if you want me to run the Avast uninsatll in regular mode first or not.

 

 

How do I get rid of HiJack This?

Link to post
Share on other sites

See if this 'repair' will help fix safe mode http://www.tweaking.com/content/page/tweaking_com_repair_windows_safe_mode.html

Click the download from MajorGeeks.

If not... then follow instructions here:

 

To uninstall Avast completely,first disable Avast's self protection. You can stop/disable it in services.

  • 1. Download aswClear.exe on your desktop
  • 2. Disable Avast!'s self-protection system ---> see if the uninstaller works without going into Windows in Safe Mode
  • 3. Run the downloaded utility
  • 4. Locate the folder where you saved Avast!
  • 5. Click "Uninstall"
  • 6. When prompted, click "Yes" to restart your computer

 

Don't worry about LavaSoft and Viper for right now.

Is HijackThis! showing in add/remove? Click to uninstall .... if not showing there, just delete it.

 

After doing all of the above, download Farbar Recovery Scan Tool and save it to your desktop.

 

You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

    [*]Double-click to run it. When the tool opens click Yes to disclaimer. [*]Press Scan button. [*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. [*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Sorry, but I am confused....

 

You said

"To uninstall Avast completely,first disable Avast's self protection. You can stop/disable it in services."

 

Where do I find "services"? I don't see anything at all like that when I open the aswClear.exe icon on my desktop.

 

All it has is a menu with a long list of items to choose from that you want to uninstall. I don't even know which one to choose.

Link to post
Share on other sites

That tweaking program is somewhat confusing. I'm not sure I did it right.

 

When I ran it, it only took a few seconds to do. It said it was 'done' but there was also a button that says "Stop". When I clicked the Stop button, it said it was 'stopping after it finished running'...??? I thought that when it said 'done' in the main widow that that meant it was finished??? I let it sit a while just in case it was still doing something but it just sat there. Why does it say it will stop after it is finished running but said 'done' in the main window??? Am I doing something wrong?

Link to post
Share on other sites

Sometimes you have to wait until a utility is "fully done" ... you're working on an old XP computer, let it go the distance. Don't push the 'stop' button!

=========================================================================

 

 

Let's move on to downloading Farbar Recovery Scan Tool and saving it to your desktop. We'll get back to the other stuff later.

 

You need to run the version (32 bits) compatible with your system.

 

    [*]Double-click to run it. When the tool opens click Yes to disclaimer. [*]Press Scan button. [*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. [*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

ok, I guess you will tell me when to go back and do anything again.

 

Here are the files from the Farbar scan-----

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013Ran by XP (administrator) on 15-08-2013 19:57:47Running from C:Documents and SettingsXPDesktopMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal==================== Processes (Whitelisted) ===================(Microsoft Corporation) c:Program FilesMicrosoft Security ClientMsMpEng.exe(Check Point Software Technologies LTD) C:Program FilesCheckPointZoneAlarmvsmon.exe(Lexmark International, Inc.) C:WINDOWSsystem32LEXBCES.EXE(Lexmark International, Inc.) C:WINDOWSsystem32LEXPPS.EXE() C:Program FilesAnalog DevicesSoundMAXspkrmon.exe(Microsoft Corporation) C:WINDOWSsystem32MsPMSPSv.exe(Check Point Software Technologies, Ltd.) C:Program FilesCheckPointZoneAlarmZAPrivacyService.exe(Logitech Inc.) C:Program FilesLogitechLWSWebcam SoftwareLWS.exe(Microsoft Corporation) C:Program FilesMicrosoft Security Clientmsseces.exe(Check Point Software Technologies LTD) C:Program FilesCheckPointZoneAlarmzatray.exe(PIXELA CORPORATION) C:Program FilesPIXELAImageMixer 3 SE Ver.4Transfer UtilityCameraMonitor.exe() C:Program FilesNETGEARWG111v3WG111v3.exe(Mozilla Corporation) C:Program FilesMozilla Firefoxfirefox.exe(Microsoft Corporation) C:WINDOWSsystem32wuauclt.exe==================== Registry (Whitelisted) ==================HKLM...Run: [LWS] - C:Program FilesLogitechLWSWebcam SoftwareLWS.exe [165208 2010-05-07] (Logitech Inc.)HKLM...Run: [MSC] - c:Program FilesMicrosoft Security Clientmsseces.exe [947152 2013-01-27] (Microsoft Corporation)HKLM...Run: [ZoneAlarm] - C:Program FilesCheckPointZoneAlarmzatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)HKLM...Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDY0NjU2MTI5LUJBKzEtS1YzKzctWEwrMS1UNS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsy"&"prod=90"&"ver=10.0.1170 [x]WinlogonNotify!SASWinLogon: C:Program FilesSUPERAntiSpywareSASWINLO.DLL [X]WinlogonNotifyWgaLogon: WgaLogon.dll (Microsoft Corporation)Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupImageMixer 3 SE Camera Monitor Ver.4.lnkShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.4.lnk -> C:Program FilesPIXELAImageMixer 3 SE Ver.4Transfer UtilityCameraMonitor.exe (PIXELA CORPORATION)Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupNETGEAR WG111v3 Smart Wizard.lnkShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:Program FilesNETGEARWG111v3WG111v3.exe ()==================== Internet (Whitelisted) ====================HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=FC7F00111129D9F3&affID=119557&tt=110813_Dmntr&tsp=4972HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZX^yyyyyy^S03505^us&ptb=4A7E7AB6-1BCE-4471-9B78-909400741D3E&ind=2012092912&n=77ee19f0&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FC7F00111129D9F3&affID=119557&tt=110813_Dmntr&tsp=4972SearchScopes: HKCU - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZX^yyyyyy^S03505^us&ptb=4A7E7AB6-1BCE-4471-9B78-909400741D3E&ind=2012092912&n=77ee19f0&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {B803D5B0-9E0A-4C6B-A8C0-0661DD7D9922} URL = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=a8c7e8b572d2493aa00b7a251ed11606&tu=10G9y008l2B0CO0&sku=&tstsId=&ver=&&r=203SearchScopes: HKCU - {C0EC99BE-CF49-4EB7-A35E-E9D6AD1E2D8A} URL = http://search.avg.com/route/?d=4cb310d5&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=usBHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:Program FilesCheck Point Software Technologies LTDzonealarm1.8.21.15bhzonealarm.dll (Check Point Software Technologies LTD)BHO: getsav-in 5.0 - {4BE8F5F5-ED41-46DD-BB00-5F64B2B60951} - C:Documents and SettingsXPLocal SettingsApplication Datagetsav-iniegetsav-in_1376318103.dll No FileBHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program FilesMicrosoftBingBar7.1.391.0BingExt.dll (Microsoft Corporation.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll No FileBHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll No FileToolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program FilesMicrosoftBingBar7.1.391.0BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:Program FilesCheck Point Software Technologies LTDzonealarm1.8.21.15zonealarmTlbr.dll (Check Point Software Technologies LTD)Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No FileDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CABDPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238555054312DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dllDPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cabDPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dllHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No FileHandler: ipp - No CLSID Value -Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:Program FilesCommon FilesMicrosoft SharedInformation Retrievalmsitss.dll (Microsoft Corporation)Handler: msdaipp - No CLSID Value -TcpipParameters: [DhcpNameServer] 192.168.1.254FireFox:========FF ProfilePath: C:Documents and SettingsXPApplication DataMozillaFirefoxProfilesj0o3rvlf.defaultFF user.js: detected! => C:Documents and SettingsXPApplication DataMozillaFirefoxProfilesj0o3rvlf.defaultuser.jsFF SelectedSearchEngine: Delta SearchFF Homepage: https://login.yahoo.com/config/login_verify2?.intl=us&.src=ymFF Plugin: @adobe.com/FlashPlayer - C:WINDOWSsystem32MacromedFlashNPSWF32_11_7_700_224.dll ()FF Plugin: @Google.com/GoogleEarthPlugin - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:WINDOWSsystem32npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/WPF,version=3.5 - c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)FF Plugin: @RadioRage_4j.com/Plugin - C:Program FilesRadioRage_4jbar1.binNP4jStub.dll No FileFF Plugin: @tools.google.com/Google Update;version=3 - C:Program FilesGoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:Program FilesGoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)FF SearchPlugin: C:Documents and SettingsXPApplication DataMozillaFirefoxProfilesj0o3rvlf.defaultsearchpluginsbabylon.xmlFF SearchPlugin: C:Documents and SettingsXPApplication DataMozillaFirefoxProfilesj0o3rvlf.defaultsearchpluginsBrowserDefender.xmlFF Extension: No Name - C:Documents and SettingsXPApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}FF Extension: zonealarm.com - C:Documents and SettingsXPApplication [email protected]alarm.comFF Extension: TopArcadeHits - C:Documents and SettingsXPApplication DataMozillaFirefoxProfilesj0o3rvlf.defaultExtensions{0113D088-8ED1-468C-B225-585A9C53B5E3}FF Extension: Default - C:Program FilesMozilla Firefoxbrowserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}FF HKLM...FirefoxExtensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionFF HKLM...FirefoxExtensions: [[email protected]_4j.com] C:Program FilesRadioRage_4jbar1.binFF HKLM...FirefoxExtensions: [[email protected]] C:Program FilesJavajre6libdeployjqsffFF HKLM...FirefoxExtensions: [[email protected]] C:Program FilesMozilla [email protected]========================== Services (Whitelisted) =================R2 LexBceS; C:WINDOWSsystem32LEXBCES.EXE [311296 2006-04-17] (Lexmark International, Inc.)R2 MsMpSvc; c:Program FilesMicrosoft Security ClientMsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)R2 spkrmon; C:Program FilesAnalog DevicesSoundMAXspkrmon.exe [61440 2003-08-28] ()R2 vsmon; C:Program FilesCheckPointZoneAlarmvsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)R2 WMDM PMSP Service; C:WINDOWSsystem32MsPMSPSv.exe [53248 2001-05-01] (Microsoft Corporation)R2 ZAPrivacyService; C:Program FilesCheckPointZoneAlarmZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)==================== Drivers (Whitelisted) ====================R2 AegisP; C:WindowsSystem32DRIVERSAegisP.sys [21035 2009-11-17] (Meetinghouse Data Communications)S3 CCDECODE; C:WindowsSystem32DRIVERSCCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R1 Cdr4_xp; C:WindowsSystem32DriversCdr4_xp.sys [9072 2009-04-28] (Sonic Solutions)R1 Cdralw2k; C:WindowsSystem32DriversCdralw2k.sys [9200 2009-04-28] (Sonic Solutions)R3 E1000; C:WindowsSystem32DRIVERSe1000325.sys [121856 2003-07-11] (Intel Corporation)R2 EAPPkt; C:WindowsSystem32DRIVERSEAPPkt.sys [38144 2007-10-09] (Realtek)S3 gfiark; C:WindowsSystem32driversgfiark.sys [41584 2013-04-11] (ThreatTrack Security)R0 gfibto; C:WindowsSystem32driversgfibto.sys [13560 2013-06-18] (GFI Software)R0 MpFilter; C:WindowsSystem32DRIVERSMpFilter.sys [195296 2013-01-20] (Microsoft Corporation)S3 NABTSFEC; C:WindowsSystem32DRIVERSNABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)S3 NdisIP; C:WindowsSystem32DRIVERSNdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 RTL8187B; C:WindowsSystem32DRIVERSwg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )S3 SLIP; C:WindowsSystem32DRIVERSSLIP.sys [11136 2008-04-13] (Microsoft Corporation)S3 streamip; C:WindowsSystem32DRIVERSStreamIP.sys [15232 2008-04-13] (Microsoft Corporation)R1 Vsdatant; C:WindowsSystem32vsdatant.sys [527976 2013-06-19] (Check Point Software Technologies LTD)S3 WSTCODEC; C:WindowsSystem32DRIVERSWSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)R2 ZDCNDIS5; C:WINDOWSsystem32ZDCNDIS5.sys [20736 2008-10-28] (ZDC., Inc. (ZDC))S3 ZG760_XP; C:WindowsSystem32DRIVERSWlanGZXP.sys [735232 2008-10-28] (Atheros Communications, Inc.)S3 catchme; ??C:DOCUME~1XPLOCALS~1Tempcatchme.sys [x]S1 KLIF; system32DRIVERSklif.sys [x]S3 RTL8192cu; system32DRIVERSrtwlanu.sys [x]========================== Drivers MD5 =======================C:WindowsSystem32DRIVERSACPI.sys 8FD99680A539792A30E97944FDAECF17C:WindowsSystem32DriversACPIEC.sys 9859C0F6936E723E4892D7141B1327D5C:WindowsSystem32driversaeaudio.sys 11C04B17ED2ABBB4833694BCD644AC90C:WindowsSystem32driversaec.sys 8BED39E3C35D6A489438B8141717A557C:WindowsSystem32DRIVERSAegisP.sys 30BB1BDE595CA65FD5549462080D94E5C:WindowsSystem32driversafd.sys 1E44BC1E83D8FD2305F8D452DB109CF9C:WindowsSystem32DRIVERSagp440.sys 08FD04AA961BDC77FB983F328334E3D7C:WindowsSystem32DRIVERSasyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BCC:WindowsSystem32DRIVERSatapi.sys 9F3A2F5AA6875C72BF062C712CFA2674C:WindowsSystem32DRIVERSatmarpc.sys 9916C1225104BA14794209CFA8012159C:WindowsSystem32DRIVERSaudstub.sys D9F724AA26C010A217C97606B160ED68C:WindowsSystem32DriversBeep.sys DA1F27D85E0D1525F6621372E7B685E9C:WindowsSystem32Driverscbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9C:WindowsSystem32DRIVERSCCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025CC:WindowsSystem32DriversCdaudio.sys C1B486A7658353D33A10CC15211A873BC:WindowsSystem32DriversCdfs.sys C885B02847F5D2FD45A24E219ED93B32C:WindowsSystem32DriversCdr4_xp.sys 9714B7C918C6543D69074EC101F86AC4C:WindowsSystem32DriversCdralw2k.sys 0D856D16C08440BFB566D6CDD9948D4EC:WindowsSystem32DRIVERScdrom.sys 1F4260CC5B42272D71F79E570A27A4FEC:WindowsSystem32Driverscercsr6.sys 84853B3FD012251690570E9E7E43343FC:WindowsSystem32DRIVERSdisk.sys 044452051F3E02E7963599FC8F4F3E25C:WindowsSystem32driversdmboot.sys D992FE1274BDE0F84AD826ACAE022A41C:WindowsSystem32driversdmio.sys 7C824CF7BBDE77D95C08005717A95F6FC:WindowsSystem32driversdmload.sys E9317282A63CA4D188C0DF5E09C6AC5FC:WindowsSystem32driversDMusic.sys 8A208DFCF89792A484E76C40E5F50B45C:WindowsSystem32driversdrmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8C:WindowsSystem32DRIVERSe1000325.sys A8B3EC8EE13CBE14F067C72110155A1BC:WindowsSystem32DRIVERSEAPPkt.sys C47E7C5E7410C7DE98F7219E3008C23DC:WindowsSystem32DriversFastfat.sys 38D332A6D56AF32635675F132548343EC:WindowsSystem32DRIVERSfdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81C:WindowsSystem32DriversFips.sys D45926117EB9FA946A6AF572FBE1CAA3C:WindowsSystem32DRIVERSflpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0C:WindowsSystem32driversfltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0C:WindowsSystem32DriversFs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779AC:WindowsSystem32DRIVERSftdisk.sys 6AC26732762483366C3969C9E4D2259DC:WindowsSystem32driversgfiark.sys 035EAF9A18B84F9560984BCF41F52E99C:WindowsSystem32driversgfibto.sys 483924F92E55A5F9423201EC635E2CEDC:WindowsSystem32DRIVERSmsgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2C:WindowsSystem32DRIVERShidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1C:WindowsSystem32DriversHTTP.sys F80A415EF82CD06FFAF0D971528EAD38C:WindowsSystem32DRIVERSi8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30C:WindowsSystem32DRIVERSimapi.sys 083A052659F5310DD8B6A6CB05EDCF8EC:WindowsSystem32DRIVERSintelide.sys B5466A9250342A7AA0CD1FBA13420678C:WindowsSystem32DRIVERSintelppm.sys 8C953733D8F36EB2133F5BB58808B66BC:WindowsSystem32driversip6fw.sys 3BB22519A194418D5FEC05D800A19AD0C:WindowsSystem32DRIVERSipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182C:WindowsSystem32DRIVERSipinip.sys B87AB476DCF76E72010632B5550955F5C:WindowsSystem32DRIVERSipnat.sys CC748EA12C6EFFDE940EE98098BF96BBC:WindowsSystem32DRIVERSipsec.sys 23C74D75E36E7158768DD63D92789A91C:WindowsSystem32DRIVERSirenum.sys C93C9FF7B04D772627A3646D89F7BF89C:WindowsSystem32DRIVERSisapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7C:WindowsSystem32DRIVERSkbdclass.sys 463C1EC80CD17420A542B7F36A36F128C:WindowsSystem32DRIVERSkbdhid.sys 9EF487A186DEA361AA06913A75B3FA99C:WindowsSystem32driverskmixer.sys 692BCF44383D056AED41B045A323D378C:WindowsSystem32DriversKSecDD.sys B467646C54CC746128904E1654C750C1C:WindowsSystem32Driversmnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6C:WindowsSystem32DriversModem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1C:WindowsSystem32DRIVERSmouclass.sys 35C9E97194C8CFB8430125F8DBC34D04C:WindowsSystem32DRIVERSmouhid.sys B1C303E17FB9D46E87A98E4BA6769685C:WindowsSystem32DriversMountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FDC:WindowsSystem32DRIVERSMpFilter.sys CF105EE42E3F71E648CEBB3F666E1CF0C:WindowsSystem32DRIVERSmrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BDC:WindowsSystem32DRIVERSmrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0C:WindowsSystem32DriversMsfs.sys C941EA2454BA8350021D774DAF0F1027C:WindowsSystem32driversMSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1C:WindowsSystem32driversMSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3EC:WindowsSystem32driversMSPQM.sys BAD59648BA099DA4A17680B39730CB3DC:WindowsSystem32DRIVERSmssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136C:WindowsSystem32driversMSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1DC:WindowsSystem32DriversMup.sys DE6A75F5C270E756C5508D94B6CF68F5C:WindowsSystem32DRIVERSNABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DBC:WindowsSystem32DriversNDIS.sys 1DF7F42665C94B825322FAE71721130DC:WindowsSystem32DRIVERSNdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97C:WindowsSystem32DRIVERSndistapi.sys 0109C4F3850DFBAB279542515386AE22C:WindowsSystem32DRIVERSndisuio.sys F927A4434C5028758A842943EF1A3849C:WindowsSystem32DRIVERSndiswan.sys EDC1531A49C80614B2CFDA43CA8659ABC:WindowsSystem32DriversNDProxy.sys 9282BD12DFB069D3889EB3FCC1000A9BC:WindowsSystem32DRIVERSnetbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0C:WindowsSystem32DRIVERSnetbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3DC:WindowsSystem32DriversNpfs.sys 3182D64AE053D6FB034F44B6DEF8034AC:WindowsSystem32DriversNtfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCAC:WindowsSystem32DriversNull.sys 73C1E1F395918BC2C6DD67AF7591A3ADC:WindowsSystem32DRIVERSnv4_mini.sys 2B298519EDBFCF451D43E0F1E8F1006DC:WindowsSystem32DRIVERSnwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57C:WindowsSystem32DRIVERSnwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9C:WindowsSystem32DRIVERSparport.sys 5575FAF8F97CE5E713D108C2A58D7C7CC:WindowsSystem32DriversPartMgr.sys BEB3BA25197665D82EC7065B724171C6C:WindowsSystem32DriversParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1C:WindowsSystem32DRIVERSpci.sys A219903CCF74233761D92BEF471A07B1C:WindowsSystem32DriversPCIIde.sys CCF5F451BB1A5A2A522A76E670000FF0C:WindowsSystem32DriversPcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1C:WindowsSystem32DRIVERSraspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99C:WindowsSystem32DRIVERSpsched.sys 09298EC810B07E5D582CB3A3F9255424C:WindowsSystem32DRIVERSptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADDC:WindowsSystem32DriversPxHelp20.sys 153D02480A0A2F45785522E814C634B6C:WindowsSystem32DRIVERSrasacd.sys FE0D99D6F31E4FAD8159F690D68DED9CC:WindowsSystem32DRIVERSrasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6C:WindowsSystem32DRIVERSraspppoe.sys 5BC962F2654137C9909C3D4603587DEEC:WindowsSystem32DRIVERSraspti.sys FDBB1D60066FCFBB7452FD8F9829B242C:WindowsSystem32DRIVERSrdbss.sys 7AD224AD1A1437FE28D89CF22B17780AC:WindowsSystem32DRIVERSRDPCDD.sys 4912D5B403614CE99C28420F75353332C:WindowsSystem32DRIVERSrdpdr.sys 15CABD0F7C00C47C70124907916AF3F1C:WindowsSystem32DriversRDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7C:WindowsSystem32DRIVERSredbook.sys F828DD7E1419B6653894A8F97A0094C5C:WindowsSystem32DRIVERSwg111v3.sys 60AECD4284317784111716BB88342F46C:WindowsSystem32DRIVERSsecdrv.sys ==> MD5 is legitC:WindowsSystem32DRIVERSserenum.sys 0F29512CCD6BEAD730039FB4BD2C85CEC:WindowsSystem32DRIVERSserial.sys CCA207A8896D4C6A0C9CE29A4AE411A7C:WindowsSystem32DriversSfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562C:WindowsSystem32DRIVERSSLIP.sys 866D538EBE33709A5C9F5C62B73B7D14C:WindowsSystem32driverssmwdm.sys 4AA922332433CDEB8B82C072C212E32EC:WindowsSystem32driverssplitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9FC:Windowssystem32DRIVERSsr.sys 76BB022C2FB6902FD5BDD4F78FC13A5DC:WindowsSystem32DRIVERSsrv.sys 47DDFC2F003F7F9F0592C6874962A2E7C:WindowsSystem32DRIVERSStreamIP.sys 77813007BA6265C4B6098187E6ED79D2C:WindowsSystem32DRIVERSswenum.sys 3941D127AEF12E93ADDF6FE6EE027E0FC:WindowsSystem32driversswmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01C:WindowsSystem32driverssysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290C:WindowsSystem32DRIVERStcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3DC:WindowsSystem32DriversTDPIPE.sys 6471A66807F5E104E4885F5B67349397C:WindowsSystem32DriversTDTCP.sys C56B6D0402371CF3700EB322EF3AAF61C:WindowsSystem32DRIVERStermdd.sys 88155247177638048422893737429D9EC:WindowsSystem32DriversUdfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9C:WindowsSystem32DRIVERSupdate.sys 402DDC88356B1BAC0EE3DD1580C76A31C:WindowsSystem32driversusbaudio.sys E919708DB44ED8543A7C017953148330C:WindowsSystem32DRIVERSusbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8C:WindowsSystem32DRIVERSusbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7C:WindowsSystem32DRIVERSusbhub.sys 1AB3CDDE553B6E064D2E754EFE20285CC:WindowsSystem32DRIVERSusbprint.sys A717C8721046828520C9EDF31288FC00C:WindowsSystem32DRIVERSUSBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9C:WindowsSystem32DRIVERSusbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6C:WindowsSystem32Driversusbvideo.sys 63BBFCA7F390F4C49ED4B96BFB1633E0C:WindowsSystem32driversvga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1C:WindowsSystem32DriversVolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025C:WindowsSystem32vsdatant.sys D8350E1DEF14602FAAFB849005287368C:WindowsSystem32DRIVERSwanarp.sys E20B95BAEDB550F32DD489265C1DA1F6C:WindowsSystem32driverswdmaud.sys 6768ACF64B18196494413695F0C3A00FC:WindowsSystem32driversws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8C:WindowsSystem32DRIVERSWSTCODEC.SYS C98B39829C2BBD34E454150633C62C78C:WindowsSystem32DRIVERSWudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311C:WindowsSystem32DRIVERSwudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985BC:WINDOWSsystem32ZDCNDIS5.sys 228EF1572CED753FE18409BB77123204C:WindowsSystem32DRIVERSWlanGZXP.sys E1A30E3E469179B108D6A228E5738689==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-08-15 19:53 - 2013-08-15 19:54 - 01069329 _____ (Farbar) C:Documents and SettingsXPDesktopFRST.exe2013-08-14 19:53 - 2013-08-14 19:54 - 00011681 _____ C:WINDOWSKB2862772-IE8.log2013-08-14 19:53 - 2013-08-14 19:53 - 00005108 _____ C:WINDOWSKB2863058.log2013-08-14 19:53 - 2013-08-14 19:53 - 00000000 __HDC C:WINDOWS$NtUninstallKB2863058$2013-08-14 19:53 - 2013-08-14 19:53 - 00000000 __HDC C:WINDOWS$NtUninstallKB2859537$2013-08-14 19:53 - 2013-08-14 19:53 - 00000000 __HDC C:WINDOWS$NtUninstallKB2850869$2013-08-14 19:53 - 2013-08-14 19:53 - 00000000 __HDC C:WINDOWS$NtUninstallKB2849470$2013-08-14 07:53 - 2013-08-14 19:53 - 00010759 _____ C:WINDOWSKB2859537.log2013-08-14 07:53 - 2013-08-14 19:53 - 00008932 _____ C:WINDOWSKB2850869.log2013-08-13 19:27 - 2013-08-13 19:27 - 00995469 _____ C:Documents and SettingsXPDesktopTweaking.com-RepairWindowsSafeMode.exe2013-08-13 19:27 - 2011-08-02 00:04 - 00000000 ____D C:Documents and SettingsXPDesktopTweaking.com - Repair Windows Safe Mode2013-08-12 14:21 - 2013-08-13 18:59 - 00377920 _____ (AVAST Software) C:Documents and SettingsXPDesktopaswclear.exe2013-08-12 14:02 - 2013-08-12 14:06 - 00020402 _____ C:Documents and SettingsXPkl_uninstall.txt2013-08-12 14:02 - 2013-08-12 14:02 - 00000000 ___HD C:kleaner.tmp2013-08-12 14:00 - 2013-08-12 14:06 - 09089854 _____ C:Documents and SettingsXPkavremvr 2013-08-12 14-00-03 (pid 2972).log2013-08-12 13:47 - 2013-08-15 10:27 - 00000384 ____H C:WINDOWSTasksMicrosoft Antimalware Scheduled Scan.job2013-08-12 10:44 - 2013-08-12 10:47 - 00000000 ____D C:4d85738e2f09d6936bac4257a1632013-08-12 10:44 - 2013-08-12 10:44 - 00000000 ____D C:Documents and SettingsXPApplication DataBabSolution2013-08-12 10:41 - 2013-08-12 10:47 - 00000000 _____ C:end2013-08-12 10:39 - 2013-08-12 10:39 - 00000000 ____D C:Documents and SettingsXPApplication DataBabylon2013-08-12 10:39 - 2013-08-12 10:39 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataBabylon2013-08-09 16:23 - 2013-08-09 16:23 - 07517786 _____ (Rick Roemer, (Roemer Software) ) C:Documents and SettingsXPDesktopEasyhiq.exe2013-08-01 20:44 - 2013-08-01 20:44 - 00009728 _____ C:Documents and SettingsXPMy Documentseasley churches.wps==================== One Month Modified Files and Folders =======2013-08-15 19:54 - 2013-08-15 19:54 - 00000000 ____D C:FRST2013-08-15 19:54 - 2013-08-15 19:53 - 01069329 _____ (Farbar) C:Documents and SettingsXPDesktopFRST.exe2013-08-15 19:54 - 2012-05-18 16:23 - 00000830 _____ C:WINDOWSTasksAdobe Flash Player Updater.job2013-08-15 19:42 - 2009-02-28 14:44 - 01662145 _____ C:WINDOWSWindowsUpdate.log2013-08-15 19:09 - 2010-01-29 15:52 - 00000886 _____ C:WINDOWSTasksGoogleUpdateTaskMachineUA.job2013-08-15 11:13 - 2011-07-12 17:13 - 00000000 ____D C:WINDOWSMicrosoft.NET2013-08-15 10:27 - 2013-08-12 13:47 - 00000384 ____H C:WINDOWSTasksMicrosoft Antimalware Scheduled Scan.job2013-08-15 10:19 - 2011-05-02 13:19 - 00608508 _____ C:WINDOWSsetupapi.log2013-08-15 10:18 - 2009-11-17 14:19 - 00000387 _____ C:WINDOWSRTacDbg.txt2013-08-15 10:18 - 2009-02-28 09:38 - 00000159 _____ C:WINDOWSwiadebug.log2013-08-15 10:18 - 2009-02-28 09:38 - 00000049 _____ C:WINDOWSwiaservc.log2013-08-15 10:18 - 2004-08-04 08:00 - 00002206 _____ C:WINDOWSsystem32wpa.dbl2013-08-15 10:17 - 2010-02-28 08:51 - 00000236 _____ C:WINDOWSTasksOGALogon.job2013-08-15 10:17 - 2010-01-29 15:52 - 00000882 _____ C:WINDOWSTasksGoogleUpdateTaskMachineCore.job2013-08-15 10:17 - 2009-02-28 14:49 - 00000006 ____H C:WINDOWSTasksSA.DAT2013-08-14 19:54 - 2013-08-14 19:53 - 00011681 _____ C:WINDOWSKB2862772-IE8.log2013-08-14 19:54 - 2011-06-16 15:02 - 00214891 _____ C:WINDOWSupdspapi.log2013-08-14 19:54 - 2011-06-12 15:58 - 00949765 _____ C:WINDOWSiis6.log2013-08-14 19:54 - 2011-06-12 15:58 - 00884771 _____ C:WINDOWSFaxSetup.log2013-08-14 19:54 - 2011-06-12 15:58 - 00425568 _____ C:WINDOWSocgen.log2013-08-14 19:54 - 2011-06-12 15:58 - 00405228 _____ C:WINDOWStsoc.log2013-08-14 19:54 - 2011-06-12 15:58 - 00290919 _____ C:WINDOWScomsetup.log2013-08-14 19:54 - 2011-06-12 15:58 - 00268132 _____ C:WINDOWSmsmqinst.log2013-08-14 19:54 - 2011-06-12 15:58 - 00176951 _____ C:WINDOWSntdtcsetup.log2013-08-14 19:54 - 2011-06-12 15:58 - 00155378 _____ C:WINDOWSnetfxocm.log2013-08-14 19:54 - 2011-06-12 15:58 - 00061069 _____ C:WINDOWSMedCtrOC.log2013-08-14 19:54 - 2011-06-12 15:58 - 00049033 _____ C:WINDOWSocmsn.log2013-08-14 19:54 - 2011-06-12 15:58 - 00044473 _____ C:WINDOWStabletoc.log2013-08-14 19:54 - 2011-06-12 15:58 - 00044357 _____ C:WINDOWSmsgsocm.log2013-08-14 19:54 - 2011-06-12 15:58 - 00001374 _____ C:WINDOWSimsins.log2013-08-14 19:54 - 2009-09-25 10:33 - 00000000 ____D C:WINDOWSie8updates2013-08-14 19:54 - 2009-02-28 14:49 - 00032478 _____ C:WINDOWSSchedLgU.Txt2013-08-14 19:53 - 2013-08-14 19:53 - 00005108 _____ C:WINDOWSKB2863058.log2013-08-14 19:53 - 2013-08-14 19:53 - 00000000 __HDC C:WINDOWS$NtUninstallKB2863058$2013-08-14 19:53 - 2013-08-14 19:53 - 00000000 __HDC C:WINDOWS$NtUninstallKB2859537$2013-08-14 19:53 - 2013-08-14 19:53 - 00000000 __HDC C:WINDOWS$NtUninstallKB2850869$2013-08-14 19:53 - 2013-08-14 19:53 - 00000000 __HDC C:WINDOWS$NtUninstallKB2849470$2013-08-14 19:53 - 2013-08-14 07:53 - 00010759 _____ C:WINDOWSKB2859537.log2013-08-14 19:53 - 2013-08-14 07:53 - 00008932 _____ C:WINDOWSKB2850869.log2013-08-14 19:53 - 2011-06-12 15:58 - 00001374 _____ C:WINDOWSimsins.BAK2013-08-14 19:53 - 2009-04-01 00:18 - 00260654 _____ C:WINDOWSsystem32TZLog.log2013-08-14 19:52 - 2009-02-28 09:35 - 00488716 _____ C:WINDOWSsystem32PerfStringBackup.INI2013-08-14 19:49 - 2009-02-28 14:50 - 00000278 ___SH C:Documents and SettingsXPntuser.ini2013-08-14 19:49 - 2009-02-28 14:50 - 00000000 ____D C:Documents and SettingsXP2013-08-13 19:44 - 2013-07-10 23:13 - 00181064 _____ (Sysinternals) C:WINDOWSPSEXESVC.EXE2013-08-13 19:42 - 2013-07-06 16:28 - 00000000 ____D C:Program FilesTrend Micro2013-08-13 19:42 - 2010-07-09 15:54 - 00000000 ____D C:HJT2013-08-13 19:27 - 2013-08-13 19:27 - 00995469 _____ C:Documents and SettingsXPDesktopTweaking.com-RepairWindowsSafeMode.exe2013-08-13 19:06 - 2009-02-28 14:46 - 00002577 _____ C:WINDOWSsystem32CONFIG.NT2013-08-13 18:59 - 2013-08-12 14:21 - 00377920 _____ (AVAST Software) C:Documents and SettingsXPDesktopaswclear.exe2013-08-13 12:42 - 2010-07-10 18:28 - 00000000 ____D C:WINDOWSERDNT2013-08-13 12:42 - 2009-02-28 14:43 - 00000000 ____D C:WINDOWSsystem32Restore2013-08-12 14:13 - 2013-07-10 14:07 - 04906800 _____ C:Documents and SettingsXPDesktopSupport_Tool_32bit.zip2013-08-12 14:06 - 2013-08-12 14:02 - 00020402 _____ C:Documents and SettingsXPkl_uninstall.txt2013-08-12 14:06 - 2013-08-12 14:00 - 09089854 _____ C:Documents and SettingsXPkavremvr 2013-08-12 14-00-03 (pid 2972).log2013-08-12 14:02 - 2013-08-12 14:02 - 00000000 ___HD C:kleaner.tmp2013-08-12 13:59 - 2013-07-10 13:52 - 02156079 _____ C:Documents and SettingsXPDesktopkavremover.zip2013-08-12 13:38 - 2011-03-17 22:36 - 00001954 _____ C:WINDOWSepplauncher.mif2013-08-12 13:34 - 2013-07-03 16:03 - 00000000 ____D C:Program FilesMozilla Firefox2013-08-12 10:47 - 2013-08-12 10:44 - 00000000 ____D C:4d85738e2f09d6936bac4257a1632013-08-12 10:47 - 2013-08-12 10:41 - 00000000 _____ C:end2013-08-12 10:44 - 2013-08-12 10:44 - 00000000 ____D C:Documents and SettingsXPApplication DataBabSolution2013-08-12 10:39 - 2013-08-12 10:39 - 00000000 ____D C:Documents and SettingsXPApplication DataBabylon2013-08-12 10:39 - 2013-08-12 10:39 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataBabylon2013-08-11 02:00 - 2013-07-13 10:11 - 00001689 ____H C:WINDOWSsystem32BTImages.dat2013-08-09 17:32 - 2011-04-25 11:49 - 00006265 _____ C:WINDOWSwmsetup.log2013-08-09 17:32 - 2010-09-30 10:56 - 00000673 _____ C:Documents and SettingsXPDesktopEasy Hi-Q Recorder.lnk2013-08-09 17:32 - 2009-12-24 11:45 - 00000000 ____D C:Program FilesEasy Hi-Q Recorder2013-08-09 17:21 - 2013-07-10 11:16 - 00000000 __HDC C:WINDOWS$NtUninstallKB2834886$2013-08-09 16:49 - 2009-03-31 23:44 - 00000000 ____D C:Program FilesSpywareBlaster2013-08-09 16:23 - 2013-08-09 16:23 - 07517786 _____ (Rick Roemer, (Roemer Software) ) C:Documents and SettingsXPDesktopEasyhiq.exe2013-08-04 13:36 - 2009-03-30 17:06 - 00000000 ____D C:Program FilesGoogle2013-08-02 07:29 - 2011-06-09 11:35 - 00032296 _____ C:Documents and SettingsXPApplication Datawklnhst.dat2013-08-01 20:44 - 2013-08-01 20:44 - 00009728 _____ C:Documents and SettingsXPMy Documentseasley churches.wps2013-07-25 22:47 - 2012-07-28 09:01 - 00759296 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachevgx.dll2013-07-25 22:47 - 2012-06-12 22:08 - 00522240 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachejsdbgui.dll2013-07-25 22:47 - 2012-04-20 15:29 - 00611840 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachemstime.dll2013-07-25 22:47 - 2012-04-20 15:29 - 00184320 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheiepeers.dll2013-07-25 22:47 - 2012-04-20 15:29 - 00105984 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheurl.dll2013-07-25 22:47 - 2012-04-20 15:29 - 00067072 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachemshtmled.dll2013-07-25 22:47 - 2010-06-11 14:24 - 00743424 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheiedvtool.dll2013-07-25 22:47 - 2009-09-25 10:28 - 02005504 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheiertutil.dll2013-07-25 22:47 - 2009-09-25 10:28 - 00630272 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachemsfeeds.dll2013-07-25 22:47 - 2009-09-25 10:28 - 00247808 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheieproxy.dll2013-07-25 22:47 - 2009-09-25 10:28 - 00055296 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachemsfeedsbs.dll2013-07-25 22:47 - 2009-09-25 10:28 - 00012800 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachexpshims.dll2013-07-25 22:47 - 2009-07-19 18:48 - 11113472 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheieframe.dll2013-07-25 22:47 - 2009-03-31 23:50 - 01215488 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheurlmon.dll2013-07-25 22:47 - 2009-03-31 23:50 - 00920064 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachewininet.dll2013-07-25 22:47 - 2009-03-31 23:07 - 06017536 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachemshtml.dll2013-07-25 22:47 - 2009-03-08 14:09 - 00387584 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheiedkcs32.dll2013-07-25 22:47 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:WINDOWSsystem32ieframe.dll2013-07-25 22:47 - 2009-03-08 04:34 - 01469440 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheinetcpl.cpl2013-07-25 22:47 - 2009-03-08 04:34 - 00206848 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheoccache.dll2013-07-25 22:47 - 2009-03-08 04:34 - 00043520 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachelicmgr10.dll2013-07-25 22:47 - 2009-03-08 04:33 - 00025600 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcachejsproxy.dll2013-07-25 22:47 - 2009-03-08 04:32 - 02005504 _____ (Microsoft Corporation) C:WINDOWSsystem32iertutil.dll2013-07-25 22:47 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:WINDOWSsystem32msfeeds.dll2013-07-25 22:47 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:WINDOWSsystem32msfeedsbs.dll2013-07-25 22:47 - 2004-08-04 08:00 - 06017536 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.dll2013-07-25 22:47 - 2004-08-04 08:00 - 01469440 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl2013-07-25 22:47 - 2004-08-04 08:00 - 01215488 _____ (Microsoft Corporation) C:WINDOWSsystem32urlmon.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00920064 _____ (Microsoft Corporation) C:WINDOWSsystem32wininet.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00611840 _____ (Microsoft Corporation) C:WINDOWSsystem32mstime.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00387584 _____ (Microsoft Corporation) C:WINDOWSsystem32iedkcs32.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00206848 _____ (Microsoft Corporation) C:WINDOWSsystem32occache.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00184320 _____ (Microsoft Corporation) C:WINDOWSsystem32iepeers.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00105984 _____ (Microsoft Corporation) C:WINDOWSsystem32url.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00067072 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtmled.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00043520 _____ (Microsoft Corporation) C:WINDOWSsystem32licmgr10.dll2013-07-25 22:47 - 2004-08-04 08:00 - 00025600 _____ (Microsoft Corporation) C:WINDOWSsystem32jsproxy.dll2013-07-25 21:23 - 2009-03-08 04:32 - 00174592 ____C (Microsoft Corporation) C:WINDOWSsystem32dllcacheie4uinit.exe2013-07-25 21:23 - 2004-08-04 08:00 - 00174592 _____ (Microsoft Corporation) C:WINDOWSsystem32ie4uinit.exe2013-07-25 11:52 - 2004-08-04 08:00 - 00385024 _____ (Microsoft Corporation) C:WINDOWSsystem32html.iec2013-07-16 20:46 - 2008-04-13 20:12 - 00046080 _____ (Microsoft Corporation) C:WINDOWSsystem32tzchange.exeZeroAccess:C:WindowsInstaller{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}C:WindowsInstaller{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}[email protected]:WindowsInstaller{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}L201d3ddeC:WindowsInstaller{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}L55490ac4ZeroAccess:C:Documents and SettingsXPLocal SettingsApplication Data{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}==================== Bamital & volsnap Check =================C:Windowsexplorer.exe => MD5 is legitC:WindowsSystem32winlogon.exe => MD5 is legitC:WindowsSystem32svchost.exe => MD5 is legitC:WindowsSystem32services.exe => MD5 is legitC:WindowsSystem32User32.dll => MD5 is legitC:WindowsSystem32userinit.exe => MD5 is legitC:WindowsSystem32Driversvolsnap.sys => MD5 is legit==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-08-2013Ran by XP at 2013-08-15 19:58:10Running from C:Documents and SettingsXPDesktopBoot Mode: Normal============================================================================== Installed Programs =======================Acrobat.com (Version: 2.0.0)Acrobat.com (Version: 2.0.0.0)Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)Adobe Flash Player 11 Plugin (Version: 11.7.700.224)Easy Hi-Q Recorder 2.5Google Earth Plug-in (Version: 7.1.1.1888)Google Update Helper (Version: 1.3.21.153)ImageMixer 3 SE Ver.4 Transfer Utility (Version: 3.03.005)ImageMixer 3 SE Ver.4 Video Tools (Version: 3.03.008)Intel® PRO Network Adapters and DriversInterVideo WinDVD 4Lexmark 640 SeriesLogitech Webcam Software (Version: 1.20)LWS Help_main (Version: 13.10.1224.0)LWS Webcam Software (Version: 13.00.1774.0)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)Microsoft Easy Assist v2 (Version: 8.1.6416.0)Microsoft Security Client (Version: 4.2.0223.1)Microsoft Security Essentials (Version: 4.2.223.1)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Works (Version: 9.7.0621)Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)Mozilla Maintenance Service (Version: 22.0)MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)Music Transfer Utility Ver.1 (Version: 1.00.005)NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10)OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)PDFCreator (Version: 1.2.0)SoundMAX (Version: 5.12.01.4060)SpywareBlaster 5.0 (Version: 5.0.0)The SWORD ProjectUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2467659) (Version: 1)Update for Windows XP (KB2541763) (Version: 1)Update for Windows XP (KB2607712) (Version: 1)Update for Windows XP (KB2616676) (Version: 1)Update for Windows XP (KB2641690) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB2863058) (Version: 1)Update for Windows XP (KB971029) (Version: 1)VC 9.0 Runtime (Version: 1.0.0)WebFldrs XP (Version: 9.50.7523)Windows Internet Explorer 8 (Version: 20090308.140743)Windows Media Format 11 runtimeWindows Media Player 11Windows Presentation Foundation (Version: 3.0.6920.0)Windows XP Service Pack 3 (Version: 20080414.031525)XML Paper Specification Shared Components Pack 1.0ZoneAlarm Antivirus (Version: 11.0.768.000)ZoneAlarm Firewall (Version: 11.0.768.000)ZoneAlarm Free Firewall (Version: 11.0.768.000)ZoneAlarm Security (Version: 11.0.768.000)ZoneAlarm Security Toolbar (Version: 1.8.21.15) ==================== Restore Points ============================================= Hosts content: ==========================2004-08-04 08:00 - 2013-07-07 14:55 - 00000027 ____A C:WINDOWSsystem32Driversetchosts127.0.0.1 localhostTask: C:WINDOWSTasksAdobe Flash Player Updater.job => C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exeTask: C:WINDOWSTasksGoogleUpdateTaskMachineCore.job => C:Program FilesGoogleUpdateGoogleUpdate.exeTask: C:WINDOWSTasksGoogleUpdateTaskMachineUA.job => C:Program FilesGoogleUpdateGoogleUpdate.exeTask: C:WINDOWSTasksMicrosoft Antimalware Scheduled Scan.job => c:Program FilesMicrosoft Security ClientMpCmdRun.exeTask: C:WINDOWSTasksOGALogon.job => C:WINDOWSsystem32OGAEXEC.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (08/13/2013 00:42:13 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (08/12/2013 01:46:38 PM) (Source: Application Error) (User: )Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x1000e290.Processing media-specific event for [explorer.exe!ws!]Error: (08/12/2013 01:38:07 PM) (Source: Microsoft Security Client Setup) (User: )Description: HRESULT:0x80070643Description:. 0x80070643. Fatal error during installation.Error: (08/12/2013 10:50:02 AM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.9700.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (08/10/2013 03:00:33 PM) (Source: Microsoft Security Client Setup) (User: )Description: HRESULT:0x80070643Description:. 0x80070643. Fatal error during installation.Error: (08/10/2013 02:46:51 PM) (Source: Microsoft Security Client Setup) (User: )Description: HRESULT:0x80070643Description:. 0x80070643. Fatal error during installation.Error: (08/09/2013 04:21:53 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.9700.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (07/11/2013 07:04:55 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (07/10/2013 11:32:01 PM) (Source: WinMgmt) (User: )Description: Failed to load MOF C:WINDOWSMICROSOFT.NETFRAMEWORKV2.0.50727CLR.MOF while recovering repository file.Error: (07/10/2013 11:32:00 PM) (Source: WinMgmt) (User: )Description: Failed to load MOF C:WINDOWSMICROSOFT.NETFRAMEWORKV3.0WINDOWS COMMUNICATION FOUNDATIONSERVICEMODEL.MOF while recovering repository file.System errors:=============Error: (08/13/2013 00:39:13 PM) (Source: Service Control Manager) (User: )Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error: (08/12/2013 02:02:11 PM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:%%5Error: (08/12/2013 01:41:03 PM) (Source: Service Control Manager) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WebCakeUpdater service, but this action failed with the following error:%%1058Error: (08/12/2013 01:40:58 PM) (Source: Service Control Manager) (User: )Description: The WebCakeUpdater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.Error: (08/10/2013 03:50:11 PM) (Source: Service Control Manager) (User: )Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error: (08/09/2013 05:22:48 PM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:PCIIdeError: (08/09/2013 05:21:35 PM) (Source: 0) (User: )Description: 0xC0000001HarddiskVolume1Microsoft Office Sessions:=========================Error: (08/13/2013 00:42:13 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNILError: (08/12/2013 01:46:38 PM) (Source: Application Error)(User: )Description: explorer.exe6.0.2900.5512unknown0.0.0.01000e290Error: (08/12/2013 01:38:07 PM) (Source: Microsoft Security Client Setup)(User: )Description: HRESULT:0x80070643Description:. 0x80070643. Fatal error during installation.Error: (08/12/2013 10:50:02 AM) (Source: MPSampleSubmission)(User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.9700.0mpengine0unspecifiedNILNILNILError: (08/10/2013 03:00:33 PM) (Source: Microsoft Security Client Setup)(User: )Description: HRESULT:0x80070643Description:. 0x80070643. Fatal error during installation.Error: (08/10/2013 02:46:51 PM) (Source: Microsoft Security Client Setup)(User: )Description: HRESULT:0x80070643Description:. 0x80070643. Fatal error during installation.Error: (08/09/2013 04:21:53 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.9700.0mpengine0unspecifiedNILNILNILError: (07/11/2013 07:04:55 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNILError: (07/10/2013 11:32:01 PM) (Source: WinMgmt)(User: )Description: C:WINDOWSMICROSOFT.NETFRAMEWORKV2.0.50727CLR.MOFError: (07/10/2013 11:32:00 PM) (Source: WinMgmt)(User: )Description: C:WINDOWSMICROSOFT.NETFRAMEWORKV3.0WINDOWS COMMUNICATION FOUNDATIONSERVICEMODEL.MOF==================== Memory info ===========================Percentage of memory in use: 36%Total physical RAM: 2559 MBAvailable physical RAM: 1622.78 MBTotal Pagefile: 3174.37 MBAvailable Pagefile: 2374.72 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1951.71 MB==================== Drives ================================Drive c: () (Fixed) (Total:37.26 GB) (Free:11.97 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: () (Fixed) (Total:12 GB) (Free:4.4 GB) FAT32Drive h: () (Removable) (Total:1.86 GB) (Free:1.64 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: B947B947)Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 12 GB) (Disk ID: 0E4687A2)Partition 1: (Active) - (Size=12 GB) - (Type=0C)========================================================Disk: 2 (Size: 2 GB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=2 GB) - (Type=06)==================== End Of Log ============================

Link to post
Share on other sites

UGGH!

I don't work on computers with a Rootkit :(

Your Husband's computer shows: ZeroAccess, which is a Rootkit:

 

ZeroAccess:C:WindowsInstaller{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}C:WindowsInstaller{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}[email protected]:WindowsInstaller{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}L201d3ddeC:WindowsInstaller{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}L55490ac4ZeroAccess:C:Documents and SettingsXPLocal SettingsApplication Data{b5c61ffd-23c9-9a15-9dba-afb03cadf00d}

 

What is a Rootkit? http://en.wikipedia.org/wiki/Rootkit

 

My best advice would to be to wipe the OS and do a clean Windows installation. I know you may not want to do this by yourself, so if you know someone who will do this for you, it would be to your advantage..... "if" you want to keep this XP working.

 

I'm sorry. I can't guarantee that this computer will ever be stable again.

Link to post
Share on other sites

wow..................... I'm not going to continue any further with this!! Husband is going to get a new computer for our 49th wedding anniversary next Friday whether he says we can afford it or not... LOL. !!!

 

 

1) Does this mean that someone has gained access to our bank, credit cards, etc. that we check online?

 

 

2) Should I run that Farbar scan on our other computers to see if they have a rootkit too?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...