Emzil Posted March 1, 2011 ID:394667 Share Posted March 1, 2011 Hi I seem to have a couple of trojan horse agents that avg says are inacessable.After scan avg reads:c:\windows\system32\wuauclt.exe(4020):\memory_001b0000Trojan horse agent_r.xjc:\windows\explorer.exe(1980):\memory_001a0000Trojan horse agent_r.xjI have done a full scan on MBAM it was:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5907Windows 5.1.2600 Service Pack 3Internet Explorer 6.0.2900.218001/03/2011 00:44:28mbam-log-2011-03-01 (00-44-28).txtScan type: Full scan (C:\|D:\|)Objects scanned: 247417Time elapsed: 1 hour(s), 17 minute(s), 2 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Avg new scan was the same with inacessable trojansIt is redirecting on search engines esp google and system is running slow, it did send my IE back to an old version for a while but after a reboot this seams to be ok again however search engines are still affected.This is my dds:DDS (Ver_10-12-12.02) - NTFSx86 Run by Emma at 1:49:07.00 on 01/03/2011Internet Explorer: 6.0.2900.2180============== Running Processes ===============\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Kontiki\KService.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TalkTalk\bin\sprtsvc.exeC:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exeC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG10\avgnsx.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Windows Media Player\WMPNetwk.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\TalkTalk\bin\sprtcmd.exeC:\Program Files\AVG\AVG10\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kontiki\KHost.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\WINDOWS\system32\wuauclt.exe\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe\??\C:\Program Files\AVG\AVG10\avgcsrvx.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Emma\Desktop\Defogger.exeC:\Documents and Settings\Emma\Desktop\dds.comC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k netsvcs============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.co.uk/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/iemDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://www.wanadoo.co.uk/cd_redirects/wanadoohomeuInternet Settings,ProxyOverride = localhostuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dllBHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllTB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dllTB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dllTB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No FileTB: {A057A204-BACC-4D26-9990-79A187E2698E} - No FileTB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" bootuRun: [kdx] "c:\program files\kontiki\KHost.exe" -alluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000 uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exemRun: [soundMan] SOUNDMAN.EXEmRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"mRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [MediaFace Integration] "c:\program files\fellowes\mediaface 4.0\SetHook.exe"mRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [PinnacleDriverCheck] "c:\windows\system32\PSDrvCheck.exe" -CheckRegmRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXEmRun: [LogitechVideoRepair] "c:\program files\logitech\video\ISStart.exe" mRun: [LogitechVideoTray] "c:\program files\logitech\video\LogiTray.exe"mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"mRun: [PCSuiteTrayApplication] "c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe" -startupmRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalkmRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exemRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentdRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe"dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialogIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: Free YouTube to Mp3 Converter - c:\documents and settings\emma\application data\dvdvideosoftiehelpers\youtubetomp3.htmIE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dllDPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cabDPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cabDPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cabHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dllHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: WRNotifier - WRLogonNTF.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL============= SERVICES / DRIVERS ===============R? AVG Security Toolbar Service;AVG Security Toolbar ServiceS? AVGIDSAgent;AVGIDSAgentS? AVGIDSDriver;AVGIDSDriverS? AVGIDSEH;AVGIDSEHS? AVGIDSFilter;AVGIDSFilterS? AVGIDSShim;AVGIDSShimS? Avgldx86;AVG AVI Loader DriverS? Avgmfx86;AVG Mini-Filter Resident Anti-Virus ShieldS? Avgrkx86;AVG Anti-Rootkit DriverS? Avgtdix;AVG TDI DriverS? avgwd;AVG WatchDogS? SASDIFSV;SASDIFSVS? SASKUTIL;SASKUTILS? sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk)S? tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk)=============== Created Last 30 ================2011-02-28 22:49:42 -------- d-----w- c:\docume~1\emma\applic~1\Malwarebytes2011-02-28 22:49:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-02-28 22:49:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2011-02-28 22:49:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-02-28 22:49:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-02-07 15:37:29 776240 ----a-w- c:\windows\system\Lead52.dll2011-02-07 15:37:28 57344 ----a-w- c:\windows\system\bpenhan.dll2011-02-07 15:29:59 77824 ----a-w- c:\windows\system32\Lffax10n.dll2011-02-07 15:29:59 600576 ----a-w- c:\windows\system32\Ltwrp10n.dll2011-02-07 15:29:59 35840 ----a-w- c:\windows\system32\Lflma10n.dll2011-02-07 15:29:59 34304 ----a-w- c:\windows\system32\Lfbmp10n.dll2011-02-07 15:29:59 33280 ----a-w- c:\windows\system32\Lfpcx10n.dll2011-02-07 15:29:59 297472 ----a-w- c:\windows\system32\Ltkrn10n.dll2011-02-07 15:29:59 28160 ----a-w- c:\windows\system32\Lfwmf10n.dll2011-02-07 15:29:59 266752 ----a-w- c:\windows\system32\Lfcmp10n.dll2011-02-07 15:29:59 228864 ----a-w- c:\windows\system32\Ltdis10n.dll2011-02-07 15:29:59 122368 ----a-w- c:\windows\system32\Lftif10n.dll2011-02-07 15:29:59 117760 ----a-w- c:\windows\system32\Ltimg10n.dll2011-02-07 15:29:59 103424 ----a-w- c:\windows\system32\Ltfil10n.dll2011-02-07 15:10:49 996872 ----a-w- c:\windows\system32\Cp3240mt.dll2011-02-07 15:10:49 81920 ----a-w- c:\windows\system\Capi2032.dll2011-02-07 15:10:49 29952 ----a-w- c:\windows\system32\Borlndmm.dll2011-02-07 15:10:49 212480 ----a-w- c:\windows\system\Pcdlib32.dll2011-02-07 15:10:49 1455736 ----a-w- c:\windows\system32\VCL35.BPL2011-02-07 15:10:48 913616 ----a-w- c:\windows\system32\A258_R35.bpl2011-02-07 15:10:48 906512 ----a-w- c:\windows\system32\A255_R35.bpl2011-02-07 15:10:48 245912 ----a-w- c:\windows\system32\vclx35.bpl2011-02-07 15:10:48 244024 ----a-w- c:\windows\system32\Msflxgrd.OCX==================== Find3M ====================2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 17:26:00 730112 ------w- c:\windows\system32\lsasrv.dll2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe2005-08-26 01:44:35 278528 ----a-w- c:\program files\common files\FDEUnInstaller.exe=================== ROOTKIT ====================Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 Disk: WDC_WD1600BB-00GUC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3device: opened successfullyuser: MBR read successfullyDisk trace:called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85F08439]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85f0e7b8]; MOV EAX, [0x85f0e834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x85F1F030]3 CLASSPNP[0xF7848FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000008c[0x85F26F18]5 ACPI[0xF773F620] -> nt!IofCallDriver[0x804E37D5] -> [0x85F35B58]\Driver\atapi[0x85E52030] -> IRP_MJ_CREATE -> 0x85F08439kernel: MBR read successfully_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }detected disk devices:\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600BB-00GUC0_____________________08.02D08#5&28f96b46&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not founddetected hooks:\Driver\atapi DriverStartIo -> 0x85F0827Fuser & kernel MBR OK Warning: possible TDL3 rootkit infection !============= FINISH: 1:52:50.32 ===============I tried to do GMER but everytime i try and run it it gets going then encounters a problem and has to close.I have attacted the zipped attach logI would be so gratefull if you can help Thank youAttach.zip Link to post Share on other sites More sharing options...
Maniac Posted March 1, 2011 ID:394820 Share Posted March 1, 2011 Hello Emzil! Welcome to Malwarebytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Follow my instructions step by step if there is a problem somewhere, stop and tell me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Keep me informed about any changes.Post all of your log files, don't attach them.Step 1I see the Ask Toolbar in your log.I strongly recommend you remove Ask Toolbar from your computer because:It promotes its toolbars on sites targeted at kids.It promotes its toolbars through ads that appear to be part of other companies' sites.It promotes its toolbars through other companies' spyware.It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.You can read more about Ask.com hereTo remove it:Click Start-->-Control Panel-->Programs and FeaturesClick on the program name AskBarDis to highlight itFrom the menu at the top, select Uninstall or Remove.Please reboot the computer.Step 2Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, choose it.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next reply.Note:It will also create a log in the C:\ directory.In your next reply, please post the following logs:TDSSKiller loga new fresh DDS log only Link to post Share on other sites More sharing options...
Emzil Posted March 1, 2011 Author ID:395046 Share Posted March 1, 2011 Hi Borislav, Thank you so much for the help. Im EmmaI have removed ask toolbar I never used it anyway.These are the logs you requested:TDSSKiller log:2011/03/01 22:13:01.0296 3136 TDSS rootkit removing tool 2.4.19.0 Feb 28 2011 17:08:372011/03/01 22:13:01.0671 3136 ================================================================================2011/03/01 22:13:01.0671 3136 SystemInfo:2011/03/01 22:13:01.0671 3136 2011/03/01 22:13:01.0703 3136 OS Version: 5.1.2600 ServicePack: 3.02011/03/01 22:13:01.0703 3136 Product type: Workstation2011/03/01 22:13:01.0703 3136 ComputerName: BEAST2011/03/01 22:13:01.0703 3136 UserName: Emma2011/03/01 22:13:01.0703 3136 Windows directory: C:\WINDOWS2011/03/01 22:13:01.0703 3136 System windows directory: C:\WINDOWS2011/03/01 22:13:01.0703 3136 Processor architecture: Intel x862011/03/01 22:13:01.0703 3136 Number of processors: 12011/03/01 22:13:01.0703 3136 Page size: 0x10002011/03/01 22:13:01.0703 3136 Boot type: Normal boot2011/03/01 22:13:01.0703 3136 ================================================================================2011/03/01 22:13:10.0500 3136 Initialize successDDS Log:DDS (Ver_10-12-12.02) - NTFSx86 Run by Emma at 22:14:28.78 on 01/03/2011Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.156 [GMT 0:00]AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Kontiki\KService.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\TalkTalk\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exeC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG10\avgnsx.exeC:\PROGRA~1\AVG\AVG10\avgrsx.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\AVG\AVG10\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kontiki\KHost.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exeC:\Documents and Settings\Emma\Desktop\TDSSKiller.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\Emma\Desktop\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.co.uk/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/iemDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://www.wanadoo.co.uk/cd_redirects/wanadoohomeuInternet Settings,ProxyOverride = localhostuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dllBHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllTB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dllTB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dllTB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No FileTB: {A057A204-BACC-4D26-9990-79A187E2698E} - No FileTB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" bootuRun: [kdx] "c:\program files\kontiki\KHost.exe" -alluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000 uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exemRun: [soundMan] SOUNDMAN.EXEmRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"mRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [MediaFace Integration] "c:\program files\fellowes\mediaface 4.0\SetHook.exe"mRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [PinnacleDriverCheck] "c:\windows\system32\PSDrvCheck.exe" -CheckRegmRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXEmRun: [LogitechVideoRepair] "c:\program files\logitech\video\ISStart.exe" mRun: [LogitechVideoTray] "c:\program files\logitech\video\LogiTray.exe"mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"mRun: [PCSuiteTrayApplication] "c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe" -startupmRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalkmRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exedRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe"dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialogStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: Free YouTube to Mp3 Converter - c:\documents and settings\emma\application data\dvdvideosoftiehelpers\youtubetomp3.htmIE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dllDPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cabDPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cabDPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cabHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dllHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: WRNotifier - WRLogonNTF.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL============= SERVICES / DRIVERS ===============R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-3 517448]=============== Created Last 30 ================2011-03-01 22:13:01 77912 ----a-w- c:\windows\system32\drivers\klmd.sys2011-02-28 22:49:42 -------- d-----w- c:\docume~1\emma\applic~1\Malwarebytes2011-02-28 22:49:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-02-28 22:49:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2011-02-28 22:49:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-02-28 22:49:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-02-07 15:37:29 776240 ----a-w- c:\windows\system\Lead52.dll2011-02-07 15:37:28 57344 ----a-w- c:\windows\system\bpenhan.dll2011-02-07 15:29:59 77824 ----a-w- c:\windows\system32\Lffax10n.dll2011-02-07 15:29:59 600576 ----a-w- c:\windows\system32\Ltwrp10n.dll2011-02-07 15:29:59 35840 ----a-w- c:\windows\system32\Lflma10n.dll2011-02-07 15:29:59 34304 ----a-w- c:\windows\system32\Lfbmp10n.dll2011-02-07 15:29:59 33280 ----a-w- c:\windows\system32\Lfpcx10n.dll2011-02-07 15:29:59 297472 ----a-w- c:\windows\system32\Ltkrn10n.dll2011-02-07 15:29:59 28160 ----a-w- c:\windows\system32\Lfwmf10n.dll2011-02-07 15:29:59 266752 ----a-w- c:\windows\system32\Lfcmp10n.dll2011-02-07 15:29:59 228864 ----a-w- c:\windows\system32\Ltdis10n.dll2011-02-07 15:29:59 122368 ----a-w- c:\windows\system32\Lftif10n.dll2011-02-07 15:29:59 117760 ----a-w- c:\windows\system32\Ltimg10n.dll2011-02-07 15:29:59 103424 ----a-w- c:\windows\system32\Ltfil10n.dll2011-02-07 15:10:49 996872 ----a-w- c:\windows\system32\Cp3240mt.dll2011-02-07 15:10:49 81920 ----a-w- c:\windows\system\Capi2032.dll2011-02-07 15:10:49 29952 ----a-w- c:\windows\system32\Borlndmm.dll2011-02-07 15:10:49 212480 ----a-w- c:\windows\system\Pcdlib32.dll2011-02-07 15:10:49 1455736 ----a-w- c:\windows\system32\VCL35.BPL2011-02-07 15:10:48 913616 ----a-w- c:\windows\system32\A258_R35.bpl2011-02-07 15:10:48 906512 ----a-w- c:\windows\system32\A255_R35.bpl2011-02-07 15:10:48 245912 ----a-w- c:\windows\system32\vclx35.bpl2011-02-07 15:10:48 244024 ----a-w- c:\windows\system32\Msflxgrd.OCX==================== Find3M ====================2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 17:26:00 730112 ------w- c:\windows\system32\lsasrv.dll2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe2005-08-26 01:44:35 278528 ----a-w- c:\program files\common files\FDEUnInstaller.exe=================== ROOTKIT ====================Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.device: opened successfullyuser: error reading MBR Disk trace:called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85C25008]<< _asm { PUSH EBP; CALL 0x6; }1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x85FB9030]kernel: MBR read successfully_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }user != kernel MBR !!! ============= FINISH: 22:16:35.84 ===============Thanks again Emma Link to post Share on other sites More sharing options...
Maniac Posted March 2, 2011 ID:395352 Share Posted March 2, 2011 I have removed ask toolbar I never used it anyway.There is a problem, Emma. You installed it inadvertently and reluctance and the result is that you do not use it, but Ask Toolbar uses you.Now:Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.In your next reply, please post the following logs:Malwarebytes' Anti-Malware loga new fresh DDS log only Link to post Share on other sites More sharing options...
Emzil Posted March 3, 2011 Author ID:395437 Share Posted March 3, 2011 Hi Borislav,Here are the logs you wanted:MBAM Log:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5939Windows 5.1.2600 Service Pack 3Internet Explorer 6.0.2900.218003/03/2011 01:24:55mbam-log-2011-03-03 (01-24-55).txtScan type: Quick scanObjects scanned: 174944Time elapsed: 43 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS Log:DDS (Ver_10-12-12.02) - NTFSx86 Run by Emma at 1:26:52.67 on 03/03/2011Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.180 [GMT 0:00]AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Kontiki\KService.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\TalkTalk\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG10\avgnsx.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\AVG\AVG10\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kontiki\KHost.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\AVG\AVG10\avgrsx.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\WINDOWS\system32\spider.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\Emma\Desktop\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.co.uk/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/iemDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://www.wanadoo.co.uk/cd_redirects/wanadoohomeuInternet Settings,ProxyOverride = localhostuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dllBHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllTB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dllTB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dllTB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No FileTB: {A057A204-BACC-4D26-9990-79A187E2698E} - No FileTB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" bootuRun: [kdx] "c:\program files\kontiki\KHost.exe" -alluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000 uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exemRun: [soundMan] SOUNDMAN.EXEmRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"mRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [MediaFace Integration] "c:\program files\fellowes\mediaface 4.0\SetHook.exe"mRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [PinnacleDriverCheck] "c:\windows\system32\PSDrvCheck.exe" -CheckRegmRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXEmRun: [LogitechVideoRepair] "c:\program files\logitech\video\ISStart.exe" mRun: [LogitechVideoTray] "c:\program files\logitech\video\LogiTray.exe"mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"mRun: [PCSuiteTrayApplication] "c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe" -startupmRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalkmRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exedRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe"dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialogStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: Free YouTube to Mp3 Converter - c:\documents and settings\emma\application data\dvdvideosoftiehelpers\youtubetomp3.htmIE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dllDPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cabDPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cabDPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cabHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dllHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: WRNotifier - WRLogonNTF.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL============= SERVICES / DRIVERS ===============R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]=============== Created Last 30 ================2011-02-28 22:49:42 -------- d-----w- c:\docume~1\emma\applic~1\Malwarebytes2011-02-28 22:49:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-02-28 22:49:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2011-02-28 22:49:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-02-28 22:49:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-02-07 15:37:29 776240 ----a-w- c:\windows\system\Lead52.dll2011-02-07 15:37:28 57344 ----a-w- c:\windows\system\bpenhan.dll2011-02-07 15:29:59 77824 ----a-w- c:\windows\system32\Lffax10n.dll2011-02-07 15:29:59 600576 ----a-w- c:\windows\system32\Ltwrp10n.dll2011-02-07 15:29:59 35840 ----a-w- c:\windows\system32\Lflma10n.dll2011-02-07 15:29:59 34304 ----a-w- c:\windows\system32\Lfbmp10n.dll2011-02-07 15:29:59 33280 ----a-w- c:\windows\system32\Lfpcx10n.dll2011-02-07 15:29:59 297472 ----a-w- c:\windows\system32\Ltkrn10n.dll2011-02-07 15:29:59 28160 ----a-w- c:\windows\system32\Lfwmf10n.dll2011-02-07 15:29:59 266752 ----a-w- c:\windows\system32\Lfcmp10n.dll2011-02-07 15:29:59 228864 ----a-w- c:\windows\system32\Ltdis10n.dll2011-02-07 15:29:59 122368 ----a-w- c:\windows\system32\Lftif10n.dll2011-02-07 15:29:59 117760 ----a-w- c:\windows\system32\Ltimg10n.dll2011-02-07 15:29:59 103424 ----a-w- c:\windows\system32\Ltfil10n.dll2011-02-07 15:10:49 996872 ----a-w- c:\windows\system32\Cp3240mt.dll2011-02-07 15:10:49 81920 ----a-w- c:\windows\system\Capi2032.dll2011-02-07 15:10:49 29952 ----a-w- c:\windows\system32\Borlndmm.dll2011-02-07 15:10:49 212480 ----a-w- c:\windows\system\Pcdlib32.dll2011-02-07 15:10:49 1455736 ----a-w- c:\windows\system32\VCL35.BPL2011-02-07 15:10:48 913616 ----a-w- c:\windows\system32\A258_R35.bpl2011-02-07 15:10:48 906512 ----a-w- c:\windows\system32\A255_R35.bpl2011-02-07 15:10:48 245912 ----a-w- c:\windows\system32\vclx35.bpl2011-02-07 15:10:48 244024 ----a-w- c:\windows\system32\Msflxgrd.OCX==================== Find3M ====================2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 17:26:00 730112 ------w- c:\windows\system32\lsasrv.dll2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe2005-08-26 01:44:35 278528 ----a-w- c:\program files\common files\FDEUnInstaller.exe============= FINISH: 1:28:55.87 ===============Thank you Emma :-) Link to post Share on other sites More sharing options...
Maniac Posted March 3, 2011 ID:395540 Share Posted March 3, 2011 Thanks! **Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** If you are using Firefox, make sure that your download settings are as follows: sAKgBd-Open Tools -> Options -> Main tab Set to Always ask me where to Save the files. [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other names, but only to the one indicated. [*]Close any open browsers. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ---------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\Combo-Fix.txt for further review. **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Link to post Share on other sites More sharing options...
Emzil Posted March 3, 2011 Author ID:395699 Share Posted March 3, 2011 Hi Borislav,I downloaded combofix and disabled my anti virus but when I attempted to run the program it came up with warning box - *Conbofix cannot run when AVG is installed. This is due to AVG's targeting of combofix's files/processes. It would be dangerous to continue. Please uninstall AVG or use another tool.*What shall I do? Remove AVG compleatly? I am using AVG Free edition 2011I will wait to see what you want me to doCheersEmma Link to post Share on other sites More sharing options...
Maniac Posted March 3, 2011 ID:395723 Share Posted March 3, 2011 Please temporarily uninstall AVG. Link to post Share on other sites More sharing options...
Emzil Posted March 4, 2011 Author ID:395808 Share Posted March 4, 2011 Uninstalled AVG and did combofixIt did a few updates one for itself and one for microsoft.As it was preparing report it came up with warning: Delivery manager service encountered a problem and had to closeI hit dont send as I had to chose one. nothing closed and nothing changed then the report came.Combofix report:ComboFix 11-03-03.02 - Emma 04/03/2011 0:25.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.219 [GMT 0:00]Running from: c:\documents and settings\Emma\Desktop\Combo-Fix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\documents and settings\All Users\Start Menu\Programs\Uninstall.lnkc:\documents and settings\Emma\Application Data\PriceGongc:\documents and settings\Emma\Application Data\PriceGong\Data\1.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\a.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\b.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\c.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\d.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\e.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\f.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\g.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\h.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\i.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\J.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\k.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\l.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\m.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\mru.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\n.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\o.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\p.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\q.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\r.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\s.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\t.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\u.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\v.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\w.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\x.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\y.xmlc:\documents and settings\Emma\Application Data\PriceGong\Data\z.xml----- BITS: Possible infected sites -----hxxp://assist.talktalk.net.((((((((((((((((((((((((( Files Created from 2011-02-04 to 2011-03-04 ))))))))))))))))))))))))))))))).2011-02-28 22:49 . 2011-02-28 22:49 -------- d-----w- c:\documents and settings\Emma\Application Data\Malwarebytes2011-02-28 22:49 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-02-28 22:49 . 2011-02-28 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-02-28 22:49 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-02-28 22:49 . 2011-02-28 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-02-28 18:50 . 2011-02-28 18:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2011-02-07 15:37 . 1995-05-23 00:00 776240 ----a-w- c:\windows\system\Lead52.dll2011-02-07 15:37 . 2001-06-18 10:53 57344 ----a-w- c:\windows\system\bpenhan.dll2011-02-07 15:29 . 1998-12-03 12:07 103424 ----a-w- c:\windows\system32\Ltfil10n.dll2011-02-07 15:29 . 1998-12-01 14:00 266752 ----a-w- c:\windows\system32\Lfcmp10n.dll2011-02-07 15:29 . 1998-12-01 14:00 122368 ----a-w- c:\windows\system32\Lftif10n.dll2011-02-07 15:29 . 1998-12-01 13:59 34304 ----a-w- c:\windows\system32\Lfbmp10n.dll2011-02-07 15:29 . 1998-12-01 13:58 297472 ----a-w- c:\windows\system32\Ltkrn10n.dll2011-02-07 15:29 . 1998-11-30 13:51 77824 ----a-w- c:\windows\system32\Lffax10n.dll2011-02-07 15:29 . 1998-11-22 20:46 600576 ----a-w- c:\windows\system32\Ltwrp10n.dll2011-02-07 15:29 . 1998-10-02 19:10 28160 ----a-w- c:\windows\system32\Lfwmf10n.dll2011-02-07 15:29 . 1998-10-02 19:09 228864 ----a-w- c:\windows\system32\Ltdis10n.dll2011-02-07 15:29 . 1998-09-22 16:54 33280 ----a-w- c:\windows\system32\Lfpcx10n.dll2011-02-07 15:29 . 1998-09-22 16:53 35840 ----a-w- c:\windows\system32\Lflma10n.dll2011-02-07 15:29 . 1998-09-22 16:48 117760 ----a-w- c:\windows\system32\Ltimg10n.dll2011-02-07 15:10 . 2000-07-11 13:59 81920 ----a-w- c:\windows\system\Capi2032.dll2011-02-07 15:10 . 1998-02-09 03:00 996872 ----a-w- c:\windows\system32\Cp3240mt.dll2011-02-07 15:10 . 1998-02-09 03:00 29952 ----a-w- c:\windows\system32\Borlndmm.dll2011-02-07 15:10 . 1998-02-09 03:00 1455736 ----a-w- c:\windows\system32\VCL35.BPL2011-02-07 15:10 . 1995-07-31 13:44 212480 ----a-w- c:\windows\system\Pcdlib32.dll2011-02-07 15:10 . 1999-09-01 02:58 913616 ----a-w- c:\windows\system32\A258_R35.bpl2011-02-07 15:10 . 1998-10-01 02:55 906512 ----a-w- c:\windows\system32\A255_R35.bpl2011-02-07 15:10 . 1998-06-24 00:00 244024 ----a-w- c:\windows\system32\Msflxgrd.OCX2011-02-07 15:10 . 1998-02-09 03:00 245912 ----a-w- c:\windows\system32\vclx35.bpl.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-01-21 14:44 . 2004-10-31 13:22 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09 . 2004-10-31 13:21 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:10 . 2004-10-31 13:22 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34 . 2004-10-31 13:21 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 17:26 . 2004-10-31 20:21 730112 ------w- c:\windows\system32\lsasrv.dll2010-12-09 15:15 . 2004-10-31 13:22 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30 . 2004-10-31 13:21 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:38 . 2004-10-31 13:22 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe2005-08-26 01:44 . 2005-08-26 01:44 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192][HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192][HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192][HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-22 2423752]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMan"="SOUNDMAN.EXE" [2003-10-08 57344]"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-29 32768]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-04-23 98304]"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-02-07 114741]"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http:" [X][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-6-19 67128]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-8-13 151552]Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-8-13 106496][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrintHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="c:\\Program Files\\TalkTalk\\bin\\sprtsvc.exe"="c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"="c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"="c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"="c:\\Program Files\\Kontiki\\KService.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uInternet Connection Wizard,ShellNext = hxxp://www.wanadoo.co.uk/cd_redirects/wanadoohomeuInternet Settings,ProxyOverride = localhostuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: Free YouTube to Mp3 Converter - c:\documents and settings\Emma\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htmIE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htmHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll.- - - - ORPHANS REMOVED - - - -Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exeSafeBoot-svcWRSSSDKMSConfigStartUp-lxbymon - (no file)**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-03-04 00:47Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(520)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.Completion time: 2011-03-04 00:53:58ComboFix-quarantined-files.txt 2011-03-04 00:53Pre-Run: 134,295,965,696 bytes freePost-Run: 136,005,722,112 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect- - End Of File - - 0A10BCA384D6F7A94C7420365F0874BFHope this helpsCheers Emma Link to post Share on other sites More sharing options...
Maniac Posted March 4, 2011 ID:395907 Share Posted March 4, 2011 How are things, Emma? Link to post Share on other sites More sharing options...
Emzil Posted March 4, 2011 Author ID:395946 Share Posted March 4, 2011 Hi Borislav,Not good! After I posted yesterday Pc started warning abouts threats. I had a box quickly appear a security monitor: warning about spyware infection, then warning balloons appeared stating spyware infection and anti virus needed, it then shut down and restarted by itself. Lots of pinging then my desktop wallpaper disappeared and another has appeared blue background with binary numbers all over it and a big "Warning infected protect yourself children etc" Another balloon apeared saying application cannot be executed the file tfswctrl.exe is infected. It also keeps trying to run and open System Tool which I have never heard of. I tried to download the Avira antivirus but that wont open from desktop. I have 2 red windows shields and 1 yellow.Any Ideas??? Link to post Share on other sites More sharing options...
Maniac Posted March 4, 2011 ID:395949 Share Posted March 4, 2011 I hope is a bad joke, if not your system is re-infected.Download MBRCheck to your desktopFor Windows XP: Double click on MBRCheck.exe to run it.For Windows Vista/7: Right click on MBRCheck.exe and select Run as AdministratorIt will show a black screen with some data on it Don't run any of the options!!!When it's done, Press Enter to close the programA file will called MBRCheck_ will appear on your desktop Please copy into to your next reply Link to post Share on other sites More sharing options...
Emzil Posted March 4, 2011 Author ID:395957 Share Posted March 4, 2011 I downloaded mbr to desktop but it wouldnt open/run then as I was replying to you the pc shut down and restarted again on its own. When It came back up I tried mbr again and it ran for a couple of seconds then went off and left a check log but the log wont open for me to paste/copy to you it just flashes but not long enough to see what it says. A new balloon has appeared saying something about spywaremonster.No Deff No Joke! Link to post Share on other sites More sharing options...
Emzil Posted March 4, 2011 Author ID:395963 Share Posted March 4, 2011 After doing that last reply pc shut down and restarted again own its own, when it came back up before my desktop was taken over I managed to open the mbr log.MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP Home EditionWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x0000000dKernel Drivers (total 179): 0x804D7000 That was it! Hope this helps Cheers Emma Link to post Share on other sites More sharing options...
Maniac Posted March 6, 2011 ID:396737 Share Posted March 6, 2011 Nope, it's not. Please try again in Safe Mode with Networking.http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true Link to post Share on other sites More sharing options...
Emzil Posted March 6, 2011 Author ID:396779 Share Posted March 6, 2011 Ok done, here is the log it's a bit bigger lol.MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP Home EditionWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x0000000dKernel Drivers (total 141): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xF7C88000 \WINDOWS\system32\KDCOM.DLL 0xF7B98000 \WINDOWS\system32\BOOTVID.dll 0xF7739000 ACPI.sys 0xF7C8A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7728000 pci.sys 0xF7788000 isapnp.sys 0xF7D50000 pciide.sys 0xF7A08000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7C8C000 aliide.sys 0xF7C8E000 cmdide.sys 0xF7C90000 toside.sys 0xF7C92000 viaide.sys 0xF7C94000 intelide.sys 0xF7798000 MountMgr.sys 0xF7709000 ftdisk.sys 0xF7A10000 PartMgr.sys 0xF7D51000 SISIDE.SYS 0xF77A8000 VolSnap.sys 0xF7B9C000 cpqarray.sys 0xF76F1000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF76D9000 atapi.sys 0xF7BA0000 aha154x.sys 0xF7A18000 sparrow.sys 0xF7BA4000 symc810.sys 0xF77B8000 aic78xx.sys 0xF7BA8000 dac960nt.sys 0xF77C8000 ql10wnt.sys 0xF7BAC000 amsint.sys 0xF7A20000 asc.sys 0xF7BB0000 asc3550.sys 0xF7A28000 mraid35x.sys 0xF7A30000 i2omp.sys 0xF7BB4000 ini910u.sys 0xF77D8000 ql1240.sys 0xF77E8000 aic78u2.sys 0xF7A38000 symc8xx.sys 0xF7A40000 sym_hi.sys 0xF7A48000 sym_u3.sys 0xF7A50000 ABP480N5.SYS 0xF7A58000 asc3350p.sys 0xF7C96000 cd20xrnt.sys 0xF77F8000 ultra.sys 0xF76C0000 adpu160m.sys 0xF7A60000 dpti2o.sys 0xF7808000 ql1080.sys 0xF7818000 ql1280.sys 0xF7828000 ql12160.sys 0xF7A68000 perc2.sys 0xF7C98000 perc2hib.sys 0xF7A70000 hpn.sys 0xF7BB8000 cbidf2k.sys 0xF7694000 dac2w2k.sys 0xF7838000 disk.sys 0xF7848000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7674000 fltmgr.sys 0xF7662000 sr.sys 0xF764E000 drvmcdb.sys 0xF7A78000 PxHelp20.sys 0xF7637000 KSecDD.sys 0xF7624000 WudfPf.sys 0xF7597000 Ntfs.sys 0xF756A000 NDIS.sys 0xF7858000 SISAGPX.sys 0xF7868000 viaagp.sys 0xF7BBC000 RecAgent.sys 0xF7550000 Mup.sys 0xF7878000 agp440.sys 0xF7888000 alim1541.sys 0xF7898000 amdagp.sys 0xF78A8000 agpCPQ.sys 0xF78D8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7C34000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS 0xF7B88000 \SystemRoot\system32\drivers\ASAPIW2k.sys 0xF7C40000 \SystemRoot\system32\drivers\pfc.sys 0xF7C9C000 \SystemRoot\system32\drivers\sscdbhk5.sys 0xF78E8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF78F8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7445000 \SystemRoot\system32\DRIVERS\ks.sys 0xF7AD0000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF73F9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7B00000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF7B10000 \SystemRoot\system32\DRIVERS\sisnic.sys 0xF7B20000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF7908000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF7B40000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7B50000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7918000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7C54000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF73E2000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7928000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7938000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7A98000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF73D1000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7948000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7AC0000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7AD8000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF7958000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7CA2000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF7373000 \SystemRoot\system32\DRIVERS\update.sys 0xF7C6C000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF735C000 \SystemRoot\system32\DRIVERS\MarvinBus.sys 0xF7968000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7978000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7CA8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7AB0000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF7508000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF7CAC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7E88000 \SystemRoot\System32\Drivers\Null.SYS 0xF7CB0000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7AE8000 \SystemRoot\system32\drivers\ssrtln.sys 0xF7AF8000 \SystemRoot\System32\drivers\vga.sys 0xF7230000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0xF7CB4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7B30000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7B48000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7C38000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF71D5000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF717C000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF7154000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF712E000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF710C000 \SystemRoot\System32\drivers\afd.sys 0xF7B58000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xF79A8000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF70E1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF7071000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF79C8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF7059000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7CCC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF7204000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7B60000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7E6C000 \SystemRoot\System32\drivers\dxgthk.sys 0xBFF50000 \SystemRoot\System32\framebuf.dll 0xBF012000 \SystemRoot\System32\ATMFD.DLL 0xF7039000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xF6B31000 \SystemRoot\system32\DRIVERS\srv.sys 0xF6955000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x7C900000 \WINDOWS\system32\ntdll.dllProcesses (total 14): 0 System Idle Process 4 System 384 C:\WINDOWS\system32\smss.exe 444 csrss.exe 468 C:\WINDOWS\system32\winlogon.exe 512 C:\WINDOWS\system32\services.exe 524 C:\WINDOWS\system32\lsass.exe 684 C:\WINDOWS\system32\svchost.exe 756 svchost.exe 852 C:\WINDOWS\system32\svchost.exe 888 svchost.exe 996 svchost.exe 1732 C:\WINDOWS\explorer.exe 176 C:\Documents and Settings\Emma\Desktop\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`9c64fe00 (NTFS)PhysicalDrive0 Model Number: WDCWD1600BB-00GUC0, Rev: 08.02D08 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 7CCA7828E2215F6AB7EE29911559F39B85073820Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit:Cheers Emma Link to post Share on other sites More sharing options...
Maniac Posted March 6, 2011 ID:396927 Share Posted March 6, 2011 Do you have Windows XP CD? Link to post Share on other sites More sharing options...
Emzil Posted March 6, 2011 Author ID:396981 Share Posted March 6, 2011 Iv had a look for them but all I can find is the cover with my key codes on but cant find the disks, only other disks I can find is works8, 1 for monitor and the rest are for printer etc. How can I get replacement disks? Link to post Share on other sites More sharing options...
Maniac Posted March 6, 2011 ID:397015 Share Posted March 6, 2011 Let's try something.Run MBRCheck.exeWait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:Please push the 'Y' key and then press EnterWhen program ask you Enter your choice: enter (2) and press the Enter keyNow the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"Enter 1 and press the Enter key.The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.The program will prompt for confirmation. Type 'YES' and hit Enter.Left click on the title bar (where program name and path is written).From menu chose Edit -> Select AllHit the Enter key on your keyboard to copy selected text.Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"Restart your PC.Post the text in "MBRCheck results.txt" here, please. Link to post Share on other sites More sharing options...
Emzil Posted March 7, 2011 Author ID:397314 Share Posted March 7, 2011 Hi Borislav,Here is the log you wanted, After I confirmed with yes and entered it came up with a line saying "error opening disk(2)" then it carryed on and said done.MBRCheck, version 1.2.3© 2010, ADCommand-line:Windows Version: Windows XP Home EditionWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x0000000d\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`9c64fe00 (NTFS) Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 7CCA7828E2215F6AB7EE29911559F39B85073820Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: yOptions: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit.Enter your choice: 2Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes: [ 0] Default (Windows XP) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] CancelPlease select the MBR code to write to this drive: 1This is the other log it producedMBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP Home EditionWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x0000000dKernel Drivers (total 141): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xF7C88000 \WINDOWS\system32\KDCOM.DLL 0xF7B98000 \WINDOWS\system32\BOOTVID.dll 0xF7739000 ACPI.sys 0xF7C8A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7728000 pci.sys 0xF7788000 isapnp.sys 0xF7D50000 pciide.sys 0xF7A08000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7C8C000 aliide.sys 0xF7C8E000 cmdide.sys 0xF7C90000 toside.sys 0xF7C92000 viaide.sys 0xF7C94000 intelide.sys 0xF7798000 MountMgr.sys 0xF7709000 ftdisk.sys 0xF7A10000 PartMgr.sys 0xF7D51000 SISIDE.SYS 0xF77A8000 VolSnap.sys 0xF7B9C000 cpqarray.sys 0xF76F1000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF76D9000 atapi.sys 0xF7BA0000 aha154x.sys 0xF7A18000 sparrow.sys 0xF7BA4000 symc810.sys 0xF77B8000 aic78xx.sys 0xF7BA8000 dac960nt.sys 0xF77C8000 ql10wnt.sys 0xF7BAC000 amsint.sys 0xF7A20000 asc.sys 0xF7BB0000 asc3550.sys 0xF7A28000 mraid35x.sys 0xF7A30000 i2omp.sys 0xF7BB4000 ini910u.sys 0xF77D8000 ql1240.sys 0xF77E8000 aic78u2.sys 0xF7A38000 symc8xx.sys 0xF7A40000 sym_hi.sys 0xF7A48000 sym_u3.sys 0xF7A50000 ABP480N5.SYS 0xF7A58000 asc3350p.sys 0xF7C96000 cd20xrnt.sys 0xF77F8000 ultra.sys 0xF76C0000 adpu160m.sys 0xF7A60000 dpti2o.sys 0xF7808000 ql1080.sys 0xF7818000 ql1280.sys 0xF7828000 ql12160.sys 0xF7A68000 perc2.sys 0xF7C98000 perc2hib.sys 0xF7A70000 hpn.sys 0xF7BB8000 cbidf2k.sys 0xF7694000 dac2w2k.sys 0xF7838000 disk.sys 0xF7848000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7674000 fltmgr.sys 0xF7662000 sr.sys 0xF764E000 drvmcdb.sys 0xF7A78000 PxHelp20.sys 0xF7637000 KSecDD.sys 0xF7624000 WudfPf.sys 0xF7597000 Ntfs.sys 0xF756A000 NDIS.sys 0xF7858000 SISAGPX.sys 0xF7868000 viaagp.sys 0xF7BBC000 RecAgent.sys 0xF7550000 Mup.sys 0xF7878000 agp440.sys 0xF7888000 alim1541.sys 0xF7898000 amdagp.sys 0xF78A8000 agpCPQ.sys 0xF78D8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7C34000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS 0xF7B88000 \SystemRoot\system32\drivers\ASAPIW2k.sys 0xF7C40000 \SystemRoot\system32\drivers\pfc.sys 0xF7C9C000 \SystemRoot\system32\drivers\sscdbhk5.sys 0xF78E8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF78F8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7445000 \SystemRoot\system32\DRIVERS\ks.sys 0xF7AD0000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF73F9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7B00000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF7B10000 \SystemRoot\system32\DRIVERS\sisnic.sys 0xF7B20000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF7908000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF7B40000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7B50000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7918000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7C54000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF73E2000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7928000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7938000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7A98000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF73D1000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7948000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7AC0000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7AD8000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF7958000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7CA2000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF7373000 \SystemRoot\system32\DRIVERS\update.sys 0xF7C6C000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF735C000 \SystemRoot\system32\DRIVERS\MarvinBus.sys 0xF7968000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7978000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7CA8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7AB0000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF7508000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF7CAE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7E69000 \SystemRoot\System32\Drivers\Null.SYS 0xF7CB2000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7AE8000 \SystemRoot\system32\drivers\ssrtln.sys 0xF7AF8000 \SystemRoot\System32\drivers\vga.sys 0xF7230000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0xF7CB6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7B30000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7B48000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7C38000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF71D5000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF717C000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF728C000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xF7154000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF712E000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF710C000 \SystemRoot\System32\drivers\afd.sys 0xF7998000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF70E1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF7071000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF79B8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF7059000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7CC4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF7204000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7B70000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7E39000 \SystemRoot\System32\drivers\dxgthk.sys 0xBFF50000 \SystemRoot\System32\framebuf.dll 0xBF012000 \SystemRoot\System32\ATMFD.DLL 0xF7049000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xF6A91000 \SystemRoot\system32\DRIVERS\srv.sys 0xF69F5000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x7C900000 \WINDOWS\system32\ntdll.dllProcesses (total 15): 0 System Idle Process 4 System 384 C:\WINDOWS\system32\smss.exe 444 csrss.exe 468 C:\WINDOWS\system32\winlogon.exe 512 C:\WINDOWS\system32\services.exe 524 C:\WINDOWS\system32\lsass.exe 680 C:\WINDOWS\system32\svchost.exe 756 svchost.exe 856 C:\WINDOWS\system32\svchost.exe 888 svchost.exe 1000 svchost.exe 1604 C:\WINDOWS\explorer.exe 404 C:\WINDOWS\system32\ctfmon.exe 1288 C:\Documents and Settings\Emma\Desktop\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`9c64fe00 (NTFS)PhysicalDrive0 Model Number: WDCWD1600BB-00GUC0, Rev: 08.02D08 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 7CCA7828E2215F6AB7EE29911559F39B85073820Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit.Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes: [ 0] Default (Windows XP) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] CancelThanks Emma Link to post Share on other sites More sharing options...
Maniac Posted March 7, 2011 ID:397337 Share Posted March 7, 2011 Emma, there is no other choice we need Windows XP CD. Contact the person or company that has Windows XP installed on your computer and ask for the CD. Link to post Share on other sites More sharing options...
Emzil Posted March 7, 2011 Author ID:397394 Share Posted March 7, 2011 Hi Borislav,Ok after a bit of looking into I discovered 2 things:1, The company has since gone bankruped.2, Pc has system recovery preinstalled which will reinstall windows xp back to factory settings. Would this be any good? otherwise I would have to go buy disks.Cheers Emma Link to post Share on other sites More sharing options...
Maniac Posted March 8, 2011 ID:397644 Share Posted March 8, 2011 Awful! We need Windows XP CD because of Windows Recovery Console. Sorry about that! Link to post Share on other sites More sharing options...
Maniac Posted March 8, 2011 ID:397656 Share Posted March 8, 2011 Let me know if there is no other choice and should buy it. Link to post Share on other sites More sharing options...
Emzil Posted March 8, 2011 Author ID:397763 Share Posted March 8, 2011 No I cant get a copy of my xp disk, my pc is an iqon and has pc angel version 3.0 on it. It gives 3 options under system recovery:1 - Non destructive system recovery (The system recovery program, in this normal default mode of operation, recovers factory-shipped applications, drivers and the operating system without affecting any data files that you may have created since purchasing this pc).2 - System recovery No format (This option will install a new operating system while preserving all your data. However, any windows applications + settings will need to be reinstalled. All current files are moved to "my old disk structure" directory.3 - System recovery quick format (**Warning** This option will format the user partition on the hard disk and recover all factory-shipped files into the user partition. All your personal data files created and applications installed after the pc was purchased will be erased. If possible please quit and back up your data files before trying this destructive recovery option.Any idea's as I cant really afford to buy disksCheers Emma Link to post Share on other sites More sharing options...
Recommended Posts