Jump to content

Need help browser redriects/popups


Recommended Posts

Hello i need help i don't know what else to do. Im running windows xp home, here is what i have done so far. Scanned with Malwarebytes found nothing scanned with Avira found something ill post the log. I used defogger to disable cd emulator have not re-enabled yet and run DDS.

Avira scan#1...

Avira AntiVir Personal

Report file date: Sunday, December 12, 2010 00:21

Scanning for 3138734 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : OWNER-F0A10AD7A

Version information:

BUILD.DAT : 10.0.0.607 31826 Bytes 11/30/2010 19:17:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/1/2010 00:13:17

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 12/1/2010 00:13:24

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:13:29

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:13:30

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:13:32

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:13:34

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:13:35

VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:13:35

VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:13:35

VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:13:35

VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:13:35

VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:13:35

VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:13:36

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 00:13:36

VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 00:13:36

VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 00:13:36

VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 00:13:36

VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 00:13:36

VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 00:13:36

VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 00:13:36

VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 00:16:23

VBASE024.VDF : 7.10.14.175 126464 Bytes 12/3/2010 06:12:45

VBASE025.VDF : 7.10.14.203 120320 Bytes 12/7/2010 06:12:47

VBASE026.VDF : 7.10.14.230 137216 Bytes 12/9/2010 06:12:49

VBASE027.VDF : 7.10.14.231 2048 Bytes 12/9/2010 06:12:49

VBASE028.VDF : 7.10.14.232 2048 Bytes 12/9/2010 06:12:49

VBASE029.VDF : 7.10.14.233 2048 Bytes 12/9/2010 06:12:49

VBASE030.VDF : 7.10.14.234 2048 Bytes 12/9/2010 06:12:49

VBASE031.VDF : 7.10.14.255 78848 Bytes 12/10/2010 06:12:50

Engineversion : 8.2.4.122

AEVDF.DLL : 8.1.2.1 106868 Bytes 12/1/2010 00:13:13

AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/12/2010 06:13:08

AESCN.DLL : 8.1.7.2 127349 Bytes 12/1/2010 00:13:12

AESBX.DLL : 8.1.3.2 254324 Bytes 12/1/2010 00:13:12

AERDL.DLL : 8.1.9.2 635252 Bytes 12/1/2010 00:13:12

AEPACK.DLL : 8.2.4.1 512375 Bytes 12/12/2010 06:13:05

AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/1/2010 00:13:11

AEHEUR.DLL : 8.1.2.54 3113335 Bytes 12/12/2010 06:13:04

AEHELP.DLL : 8.1.16.0 246136 Bytes 12/12/2010 06:12:55

AEGEN.DLL : 8.1.5.0 397685 Bytes 12/12/2010 06:12:54

AEEMU.DLL : 8.1.3.0 393589 Bytes 12/1/2010 00:13:06

AECORE.DLL : 8.1.19.0 196984 Bytes 12/12/2010 06:12:53

AEBB.DLL : 8.1.1.0 53618 Bytes 12/1/2010 00:13:05

AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/1/2010 00:13:17

AVPREF.DLL : 10.0.0.0 44904 Bytes 12/1/2010 00:13:16

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 12/1/2010 00:13:17

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/1/2010 00:13:17

AVARKT.DLL : 10.0.22.6 231784 Bytes 12/1/2010 00:13:14

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/1/2010 00:13:15

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/1/2010 00:13:17

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/1/2010 00:13:38

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Sunday, December 12, 2010 00:21

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\display string

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'msdtc.exe' - '43' Module(s) have been scanned

Scan process 'dllhost.exe' - '62' Module(s) have been scanned

Scan process 'dllhost.exe' - '48' Module(s) have been scanned

Scan process 'vssvc.exe' - '51' Module(s) have been scanned

Scan process 'avscan.exe' - '73' Module(s) have been scanned

Scan process 'avcenter.exe' - '74' Module(s) have been scanned

Scan process 'ViewMgr.exe' - '39' Module(s) have been scanned

Scan process 'alg.exe' - '36' Module(s) have been scanned

Scan process 'avshadow.exe' - '27' Module(s) have been scanned

Scan process 'wuauclt.exe' - '45' Module(s) have been scanned

Scan process 'ViewpointService.exe' - '21' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'sprtsvc.exe' - '44' Module(s) have been scanned

Scan process 'slserv.exe' - '6' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '41' Module(s) have been scanned

Scan process 'jqs.exe' - '34' Module(s) have been scanned

Scan process 'avguard.exe' - '54' Module(s) have been scanned

Scan process 'rundll32.exe' - '42' Module(s) have been scanned

Scan process 'ctfmon.exe' - '31' Module(s) have been scanned

Scan process 'avgnt.exe' - '57' Module(s) have been scanned

Scan process 'sprtcmd.exe' - '56' Module(s) have been scanned

Scan process 'jusched.exe' - '23' Module(s) have been scanned

Scan process 'qttask.exe' - '29' Module(s) have been scanned

Scan process 'Explorer.EXE' - '110' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'sched.exe' - '49' Module(s) have been scanned

Scan process 'spoolsv.exe' - '54' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '35' Module(s) have been scanned

Scan process 'svchost.exe' - '170' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '54' Module(s) have been scanned

Scan process 'lsass.exe' - '61' Module(s) have been scanned

Scan process 'services.exe' - '42' Module(s) have been scanned

Scan process 'winlogon.exe' - '75' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '2293' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\System Volume Information\_restore{944FE31A-7D9B-4008-A53D-BF43ED5229E2}\RP630\A0206277.exe

[DETECTION] Is the TR/Drop.Softomat.AN Trojan

C:\System Volume Information\_restore{944FE31A-7D9B-4008-A53D-BF43ED5229E2}\RP630\A0206280.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{944FE31A-7D9B-4008-A53D-BF43ED5229E2}\RP630\A0206281.exe

[DETECTION] Is the TR/Drop.Softomat.AN Trojan

Beginning disinfection:

C:\System Volume Information\_restore{944FE31A-7D9B-4008-A53D-BF43ED5229E2}\RP630\A0206281.exe

[DETECTION] Is the TR/Drop.Softomat.AN Trojan

[NOTE] The file was moved to the quarantine directory under the name '4e37d536.qua'.

C:\System Volume Information\_restore{944FE31A-7D9B-4008-A53D-BF43ED5229E2}\RP630\A0206280.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '56a0fa91.qua'.

C:\System Volume Information\_restore{944FE31A-7D9B-4008-A53D-BF43ED5229E2}\RP630\A0206277.exe

[DETECTION] Is the TR/Drop.Softomat.AN Trojan

[NOTE] The file was moved to the quarantine directory under the name '04ffa079.qua'.

End of the scan: Sunday, December 12, 2010 00:53

Used time: 23:36 Minute(s)

The scan has been done completely.

5103 Scanned directories

110751 Files were scanned

3 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

3 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

110748 Files not concerned

592 Archives were scanned

0 Warnings

3 Notes

260553 Objects were scanned with rootkit scan

2 Hidden objects were found

Avira scan#2...

Avira AntiVir Personal

Report file date: Sunday, December 12, 2010 13:09

Scanning for 3140431 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : OWNER-F0A10AD7A

Version information:

BUILD.DAT : 10.0.0.607 31826 Bytes 11/30/2010 19:17:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/1/2010 00:13:17

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 12/1/2010 00:13:24

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:13:29

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:13:30

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:13:32

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:13:34

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:13:35

VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:13:35

VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:13:35

VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:13:35

VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:13:35

VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:13:35

VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:13:36

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 00:13:36

VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 00:13:36

VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 00:13:36

VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 00:13:36

VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 00:13:36

VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 00:13:36

VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 00:13:36

VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 00:16:23

VBASE024.VDF : 7.10.14.175 126464 Bytes 12/3/2010 06:12:45

VBASE025.VDF : 7.10.14.203 120320 Bytes 12/7/2010 06:12:47

VBASE026.VDF : 7.10.14.230 137216 Bytes 12/9/2010 06:12:49

VBASE027.VDF : 7.10.14.231 2048 Bytes 12/9/2010 06:12:49

VBASE028.VDF : 7.10.14.232 2048 Bytes 12/9/2010 06:12:49

VBASE029.VDF : 7.10.14.233 2048 Bytes 12/9/2010 06:12:49

VBASE030.VDF : 7.10.14.234 2048 Bytes 12/9/2010 06:12:49

VBASE031.VDF : 7.10.15.0 100352 Bytes 12/12/2010 19:05:44

Engineversion : 8.2.4.122

AEVDF.DLL : 8.1.2.1 106868 Bytes 12/1/2010 00:13:13

AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/12/2010 06:13:08

AESCN.DLL : 8.1.7.2 127349 Bytes 12/1/2010 00:13:12

AESBX.DLL : 8.1.3.2 254324 Bytes 12/1/2010 00:13:12

AERDL.DLL : 8.1.9.2 635252 Bytes 12/1/2010 00:13:12

AEPACK.DLL : 8.2.4.1 512375 Bytes 12/12/2010 06:13:05

AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/1/2010 00:13:11

AEHEUR.DLL : 8.1.2.54 3113335 Bytes 12/12/2010 06:13:04

AEHELP.DLL : 8.1.16.0 246136 Bytes 12/12/2010 06:12:55

AEGEN.DLL : 8.1.5.0 397685 Bytes 12/12/2010 06:12:54

AEEMU.DLL : 8.1.3.0 393589 Bytes 12/1/2010 00:13:06

AECORE.DLL : 8.1.19.0 196984 Bytes 12/12/2010 06:12:53

AEBB.DLL : 8.1.1.0 53618 Bytes 12/1/2010 00:13:05

AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/1/2010 00:13:17

AVPREF.DLL : 10.0.0.0 44904 Bytes 12/1/2010 00:13:16

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 12/1/2010 00:13:17

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/1/2010 00:13:17

AVARKT.DLL : 10.0.22.6 231784 Bytes 12/1/2010 00:13:14

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/1/2010 00:13:15

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/1/2010 00:13:17

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/1/2010 00:13:38

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Sunday, December 12, 2010 13:09

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\display string

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'msdtc.exe' - '43' Module(s) have been scanned

Scan process 'dllhost.exe' - '62' Module(s) have been scanned

Scan process 'dllhost.exe' - '48' Module(s) have been scanned

Scan process 'vssvc.exe' - '51' Module(s) have been scanned

Scan process 'avscan.exe' - '70' Module(s) have been scanned

Scan process 'avcenter.exe' - '110' Module(s) have been scanned

Scan process 'ViewMgr.exe' - '39' Module(s) have been scanned

Scan process 'alg.exe' - '36' Module(s) have been scanned

Scan process 'ViewpointService.exe' - '21' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'sprtsvc.exe' - '44' Module(s) have been scanned

Scan process 'slserv.exe' - '6' Module(s) have been scanned

Scan process 'avshadow.exe' - '27' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '41' Module(s) have been scanned

Scan process 'jqs.exe' - '34' Module(s) have been scanned

Scan process 'avguard.exe' - '54' Module(s) have been scanned

Scan process 'rundll32.exe' - '45' Module(s) have been scanned

Scan process 'ctfmon.exe' - '31' Module(s) have been scanned

Scan process 'avgnt.exe' - '56' Module(s) have been scanned

Scan process 'sprtcmd.exe' - '56' Module(s) have been scanned

Scan process 'jusched.exe' - '23' Module(s) have been scanned

Scan process 'qttask.exe' - '32' Module(s) have been scanned

Scan process 'Explorer.EXE' - '123' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'sched.exe' - '49' Module(s) have been scanned

Scan process 'spoolsv.exe' - '54' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '35' Module(s) have been scanned

Scan process 'svchost.exe' - '173' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '54' Module(s) have been scanned

Scan process 'lsass.exe' - '61' Module(s) have been scanned

Scan process 'services.exe' - '33' Module(s) have been scanned

Scan process 'winlogon.exe' - '75' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '2293' files ).

Starting the file scan:

Begin scan in 'C:\'

End of the scan: Sunday, December 12, 2010 13:32

Used time: 22:20 Minute(s)

The scan has been done completely.

5107 Scanned directories

110722 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

110722 Files not concerned

593 Archives were scanned

0 Warnings

0 Notes

286197 Objects were scanned with rootkit scan

2 Hidden objects were found

I'll post other logs in my next post i dont want to get this one to cluttered.

Thank you in advance for any help

Link to post
Share on other sites

Hello Karl! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

I'll post other logs in my next post i dont want to get this one to cluttered.

Okay, I'm waiting. :)

Link to post
Share on other sites

Here is the dds log...

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 12:21:42.85 on Mon 12/13/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.232 [GMT -6:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [<NO NAME>]

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259822226839

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2006-8-9 51840]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2006-8-9 45056]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-12 11608]

R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2006-8-9 84159]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-12 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-12 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-12 61960]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2006-8-9 5318]

S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\owner\application data\nvidia\hwaccess.sys --> c:\documents and settings\owner\application data\nvidia\HWAccess.sys [?]

=============== Created Last 30 ================

2010-12-12 06:21:51 -------- d-----w- c:\windows\system32\NtmsData

2010-12-12 06:20:45 -------- d-----w- c:\docume~1\owner\applic~1\Avira

2010-12-12 06:09:46 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-12 06:09:41 -------- d-----w- c:\program files\Avira

2010-12-12 06:09:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-12-09 00:12:56 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\pogo games

2010-12-08 23:51:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\WorldWinner

2010-12-07 15:32:24 -------- d-----w- c:\docume~1\owner\applic~1\NVIDIA

2010-12-07 15:28:54 -------- d-----w- c:\program files\SystemRequirementsLab

2010-12-07 08:01:44 -------- d-----w- c:\program files\PokerStars

2010-12-06 16:28:20 -------- d-----w- c:\program files\Comcast

2010-12-06 16:25:38 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\SupportSoft

2010-12-06 16:25:26 -------- d-----w- c:\program files\common files\SupportSoft

2010-12-06 16:25:26 -------- d-----w- c:\program files\ComcastUI

2010-12-05 02:34:31 2560 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\usmt\iconlib.dll

2010-12-03 03:58:02 -------- d-----w- c:\docume~1\owner\applic~1\Pogo Games

2010-12-03 03:57:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-12-03 03:57:07 -------- d-----w- c:\program files\Pogo Games

2010-12-03 00:00:18 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll

2010-12-03 00:00:11 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys

2010-12-03 00:00:11 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2010-12-03 00:00:10 54271 -c--a-w- c:\windows\system32\dllcache\bcm42xx5.sys

2010-12-03 00:00:10 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys

2010-12-03 00:00:09 66557 -c--a-w- c:\windows\system32\dllcache\bcm42u.sys

2010-12-02 23:58:22 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2010-12-02 23:57:55 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-12-01 23:52:36 1409 ----a-w- c:\windows\QTFont.for

2010-12-01 01:54:06 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-01 01:54:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-30 21:38:54 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-11-30 21:21:48 -------- dc-h--w- c:\windows\ie8

2010-11-30 21:06:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-11-30 21:06:24 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-11-30 21:06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-11-30 20:57:11 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-11-30 20:45:22 -------- d-----w- c:\program files\Speccy

==================== Find3M ====================

2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 12:21:56.03 ===============

Link to post
Share on other sites

Here is the DDS log.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 12:21:42.85 on Mon 12/13/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.232 [GMT -6:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [<NO NAME>]

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259822226839

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2006-8-9 51840]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2006-8-9 45056]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-12 11608]

R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2006-8-9 84159]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-12 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-12 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-12 61960]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2006-8-9 5318]

S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\owner\application data\nvidia\hwaccess.sys --> c:\documents and settings\owner\application data\nvidia\HWAccess.sys [?]

=============== Created Last 30 ================

2010-12-12 06:21:51 -------- d-----w- c:\windows\system32\NtmsData

2010-12-12 06:20:45 -------- d-----w- c:\docume~1\owner\applic~1\Avira

2010-12-12 06:09:46 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-12 06:09:41 -------- d-----w- c:\program files\Avira

2010-12-12 06:09:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-12-09 00:12:56 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\pogo games

2010-12-08 23:51:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\WorldWinner

2010-12-07 15:32:24 -------- d-----w- c:\docume~1\owner\applic~1\NVIDIA

2010-12-07 15:28:54 -------- d-----w- c:\program files\SystemRequirementsLab

2010-12-07 08:01:44 -------- d-----w- c:\program files\PokerStars

2010-12-06 16:28:20 -------- d-----w- c:\program files\Comcast

2010-12-06 16:25:38 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\SupportSoft

2010-12-06 16:25:26 -------- d-----w- c:\program files\common files\SupportSoft

2010-12-06 16:25:26 -------- d-----w- c:\program files\ComcastUI

2010-12-05 02:34:31 2560 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\usmt\iconlib.dll

2010-12-03 03:58:02 -------- d-----w- c:\docume~1\owner\applic~1\Pogo Games

2010-12-03 03:57:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-12-03 03:57:07 -------- d-----w- c:\program files\Pogo Games

2010-12-03 00:00:18 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll

2010-12-03 00:00:11 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys

2010-12-03 00:00:11 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2010-12-03 00:00:10 54271 -c--a-w- c:\windows\system32\dllcache\bcm42xx5.sys

2010-12-03 00:00:10 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys

2010-12-03 00:00:09 66557 -c--a-w- c:\windows\system32\dllcache\bcm42u.sys

2010-12-02 23:58:22 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2010-12-02 23:57:55 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-12-01 23:52:36 1409 ----a-w- c:\windows\QTFont.for

2010-12-01 01:54:06 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-01 01:54:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-30 21:38:54 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-11-30 21:21:48 -------- dc-h--w- c:\windows\ie8

2010-11-30 21:06:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-11-30 21:06:24 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-11-30 21:06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-11-30 20:57:11 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-11-30 20:45:22 -------- d-----w- c:\program files\Speccy

==================== Find3M ====================

2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 12:21:56.03 ===============

Link to post
Share on other sites

What about Attach.txt ?

Sorry forgot that here it is.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 8/9/2006 2:20:02 AM

System Uptime: 12/13/2010 12:17:39 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M1689D

Processor: AMD Sempron Processor 3000+ | Socket 7 | 1808/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 93 GiB total, 85.982 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMLITE-ON_CD-RW_SOHR-5239V________________2$0D____\5&355CFA15&0&0.1.0

Manufacturer: (Standard CD-ROM drives)

Name: LITE-ON CD-RW SOHR-5239V

PNP Device ID: IDE\CDROMLITE-ON_CD-RW_SOHR-5239V________________2$0D____\5&355CFA15&0&0.1.0

Service: cdrom

==== System Restore Points ===================

RP623: 11/30/2010 8:37:19 PM - Software Distribution Service 3.0

RP624: 12/1/2010 11:10:02 PM - Restore Operation

RP625: 12/2/2010 5:24:57 PM - Restore Operation

RP626: 12/3/2010 6:11:47 PM - System Checkpoint

RP627: 12/4/2010 7:26:40 PM - System Checkpoint

RP628: 12/6/2010 12:28:53 AM - System Checkpoint

RP629: 12/6/2010 10:25:24 AM - Installed Comcast Desktop Software (v1.2.0.9)

RP630: 12/8/2010 12:51:05 AM - System Checkpoint

RP631: 12/9/2010 12:57:58 AM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Avira AntiVir Personal - Free Antivirus

CCleaner

Comcast Desktop Software (v1.2.0.9)

Desktop Doctor

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Java Auto Updater

Java 6 Update 22

Lottso! Deluxe

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MSN

MSN Music Assistant

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

NetoDragon 56K Voice Modem

NVIDIA Drivers

PokerStars

QuickTime

Realtek AC'97 Audio

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Speccy

System Requirements Lab

ULi M5289 SATA Controller Driver

ULi PCI to AGP Controller Driver

ULi USB2.0 Controller Driver

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Manager (Remove Only)

Viewpoint Media Player

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

12/8/2010 12:01:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/8/2010 12:00:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/8/2010 11:57:01 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/8/2010 11:56:42 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

12/8/2010 11:52:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/8/2010 11:51:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

12/8/2010 11:51:57 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2010 11:51:57 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2010 11:51:57 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2010 11:51:57 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

12/7/2010 9:34:46 AM, error: Service Control Manager [7000] - The NVIDIAHWAccess service failed to start due to the following error: The system cannot find the file specified.

12/6/2010 10:20:08 AM, error: Dhcp [1002] - The IP address lease 68.63.5.24 for the Network Card with network address 001485C83DFF has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

12/12/2010 12:04:03 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .

12/12/2010 12:04:03 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .

12/12/2010 12:04:03 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================

Link to post
Share on other sites

And here is my defogger log i forgot about that also it's still disabled.

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 11:24 on 13/12/2010 (Owner)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Link to post
Share on other sites

Thanks!

Step 1

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Here is the combofix log you requested, It ran ok with no problems.

ComboFix 10-12-13.02 - Owner 12/13/2010 15:47:01.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.259 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\ErrorProtector Free

c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\Abbr

c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode

c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\HOURS

c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode

c:\documents and settings\Owner\Application Data\ErrorProtector Free

c:\documents and settings\Owner\Application Data\ErrorProtector Free\Logs\update.log

c:\documents and settings\Owner\err.log

c:\documents and settings\Owner\ResErrors.log

c:\program files\Common Files\update

c:\windows\system32\install.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_FOPN

((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))

.

2010-12-12 06:58 . 2010-12-12 06:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira

2010-12-12 06:21 . 2010-12-12 19:10 -------- d-----w- c:\windows\system32\NtmsData

2010-12-12 06:20 . 2010-12-12 06:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira

2010-12-12 06:09 . 2010-12-01 00:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-12 06:09 . 2010-12-01 00:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-12 06:09 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-12-12 06:09 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-12-12 06:09 . 2010-12-12 06:09 -------- d-----w- c:\program files\Avira

2010-12-12 06:09 . 2010-12-12 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-12-09 00:12 . 2010-12-09 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\pogo games

2010-12-08 23:51 . 2010-12-08 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WorldWinner

2010-12-07 15:32 . 2010-12-07 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\NVIDIA

2010-12-07 15:28 . 2010-12-07 15:28 -------- d-----w- c:\program files\SystemRequirementsLab

2010-12-07 08:01 . 2010-12-08 21:57 -------- d-----w- c:\program files\PokerStars

2010-12-06 16:28 . 2010-12-06 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft

2010-12-06 16:28 . 2010-12-06 16:28 -------- d-----w- c:\program files\Comcast

2010-12-06 16:25 . 2010-12-06 16:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft

2010-12-06 16:25 . 2010-12-06 16:28 -------- d-----w- c:\program files\Common Files\SupportSoft

2010-12-05 02:34 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Pogo Games

2010-12-03 03:57 . 2010-12-09 08:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-12-03 03:57 . 2010-12-03 03:57 -------- d-----w- c:\program files\Pogo Games

2010-12-03 00:00 . 2001-08-18 04:36 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll

2010-12-03 00:00 . 2008-04-13 19:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2010-12-03 00:00 . 2001-08-17 19:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys

2010-12-03 00:00 . 2001-08-17 18:11 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys

2010-12-03 00:00 . 2001-08-17 18:11 54271 -c--a-w- c:\windows\system32\dllcache\bcm42xx5.sys

2010-12-03 00:00 . 2001-08-17 18:11 66557 -c--a-w- c:\windows\system32\dllcache\bcm42u.sys

2010-12-02 23:58 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2010-12-02 23:57 . 2001-08-17 20:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-12-01 23:57 . 2010-12-05 17:20 -------- d-----w- c:\documents and settings\Administrator

2010-12-01 23:52 . 2010-12-01 23:52 1409 ----a-w- c:\windows\QTFont.for

2010-12-01 01:57 . 2010-12-01 01:57 -------- d-----w- c:\program files\Common Files\Java

2010-12-01 01:54 . 2010-12-01 01:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-01 01:54 . 2010-12-01 01:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-30 23:10 . 2010-11-30 23:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-11-30 21:38 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-11-30 21:21 . 2010-11-30 21:23 -------- dc-h--w- c:\windows\ie8

2010-11-30 21:06 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-11-30 21:06 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-11-30 21:06 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-11-30 20:57 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-11-30 20:45 . 2010-11-30 20:45 -------- d-----w- c:\program files\Speccy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 23:42 . 2009-12-06 00:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 23:42 . 2009-12-06 00:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-18 18:23 . 2004-08-04 00:56 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-17 00:48 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-17 00:48 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2004-08-04 00:56 974848 ----a-w- c:\windows\system32\mfc42.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [8/9/2006 1:48 AM 51840]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [8/9/2006 1:47 AM 45056]

R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [8/9/2006 1:48 AM 84159]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/12/2010 12:09 AM 135336]

R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [8/9/2006 1:48 AM 5318]

S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\Owner\Application Data\NVIDIA\HWAccess.sys --> c:\documents and settings\Owner\Application Data\NVIDIA\HWAccess.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{0309E156-FAD5-47AB-B2C2-84E097BED35A}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-13 15:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-179605362-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3864)

c:\windows\system32\WININET.dll

c:\windows\system32\nview.dll

c:\windows\system32\nvwddi.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\slserv.exe

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-12-13 15:57:05 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-13 21:56

Pre-Run: 92,214,894,592 bytes free

Post-Run: 92,150,321,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7166B543359E1C1C65994EA1E40CEA74

Link to post
Share on other sites

Here is the combofix log you requested, it ran fine with no problems.

ComboFix 10-12-13.02 - Owner 12/13/2010 15:47:01.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.259 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\ErrorProtector Free

c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\Abbr

c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode

c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\HOURS

c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode

c:\documents and settings\Owner\Application Data\ErrorProtector Free

c:\documents and settings\Owner\Application Data\ErrorProtector Free\Logs\update.log

c:\documents and settings\Owner\err.log

c:\documents and settings\Owner\ResErrors.log

c:\program files\Common Files\update

c:\windows\system32\install.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_FOPN

((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))

.

2010-12-12 06:58 . 2010-12-12 06:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira

2010-12-12 06:21 . 2010-12-12 19:10 -------- d-----w- c:\windows\system32\NtmsData

2010-12-12 06:20 . 2010-12-12 06:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira

2010-12-12 06:09 . 2010-12-01 00:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-12 06:09 . 2010-12-01 00:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-12 06:09 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-12-12 06:09 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-12-12 06:09 . 2010-12-12 06:09 -------- d-----w- c:\program files\Avira

2010-12-12 06:09 . 2010-12-12 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-12-09 00:12 . 2010-12-09 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\pogo games

2010-12-08 23:51 . 2010-12-08 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WorldWinner

2010-12-07 15:32 . 2010-12-07 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\NVIDIA

2010-12-07 15:28 . 2010-12-07 15:28 -------- d-----w- c:\program files\SystemRequirementsLab

2010-12-07 08:01 . 2010-12-08 21:57 -------- d-----w- c:\program files\PokerStars

2010-12-06 16:28 . 2010-12-06 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft

2010-12-06 16:28 . 2010-12-06 16:28 -------- d-----w- c:\program files\Comcast

2010-12-06 16:25 . 2010-12-06 16:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft

2010-12-06 16:25 . 2010-12-06 16:28 -------- d-----w- c:\program files\Common Files\SupportSoft

2010-12-05 02:34 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Pogo Games

2010-12-03 03:57 . 2010-12-09 08:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-12-03 03:57 . 2010-12-03 03:57 -------- d-----w- c:\program files\Pogo Games

2010-12-03 00:00 . 2001-08-18 04:36 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll

2010-12-03 00:00 . 2008-04-13 19:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2010-12-03 00:00 . 2001-08-17 19:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys

2010-12-03 00:00 . 2001-08-17 18:11 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys

2010-12-03 00:00 . 2001-08-17 18:11 54271 -c--a-w- c:\windows\system32\dllcache\bcm42xx5.sys

2010-12-03 00:00 . 2001-08-17 18:11 66557 -c--a-w- c:\windows\system32\dllcache\bcm42u.sys

2010-12-02 23:58 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2010-12-02 23:57 . 2001-08-17 20:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-12-01 23:57 . 2010-12-05 17:20 -------- d-----w- c:\documents and settings\Administrator

2010-12-01 23:52 . 2010-12-01 23:52 1409 ----a-w- c:\windows\QTFont.for

2010-12-01 01:57 . 2010-12-01 01:57 -------- d-----w- c:\program files\Common Files\Java

2010-12-01 01:54 . 2010-12-01 01:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-01 01:54 . 2010-12-01 01:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-30 23:10 . 2010-11-30 23:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-11-30 21:38 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-11-30 21:21 . 2010-11-30 21:23 -------- dc-h--w- c:\windows\ie8

2010-11-30 21:06 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-11-30 21:06 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-11-30 21:06 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-11-30 20:57 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-11-30 20:45 . 2010-11-30 20:45 -------- d-----w- c:\program files\Speccy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 23:42 . 2009-12-06 00:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 23:42 . 2009-12-06 00:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-18 18:23 . 2004-08-04 00:56 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-17 00:48 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-17 00:48 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2004-08-04 00:56 974848 ----a-w- c:\windows\system32\mfc42.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [8/9/2006 1:48 AM 51840]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [8/9/2006 1:47 AM 45056]

R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [8/9/2006 1:48 AM 84159]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/12/2010 12:09 AM 135336]

R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [8/9/2006 1:48 AM 5318]

S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\Owner\Application Data\NVIDIA\HWAccess.sys --> c:\documents and settings\Owner\Application Data\NVIDIA\HWAccess.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{0309E156-FAD5-47AB-B2C2-84E097BED35A}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-13 15:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-179605362-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3864)

c:\windows\system32\WININET.dll

c:\windows\system32\nview.dll

c:\windows\system32\nvwddi.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\slserv.exe

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-12-13 15:57:05 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-13 21:56

Pre-Run: 92,214,894,592 bytes free

Post-Run: 92,150,321,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7166B543359E1C1C65994EA1E40CEA74

Link to post
Share on other sites

Good!

Monitor your system and come back later to let me know about your system.

I will watch it to see if anything weird happens so far seems ok, I will run Malwarebytes and Avira tuesday after i get off work to see if that finds anything. I will let you know what happens, is it ok for me to re-enable the defogger? i still have it disabled.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.