TechSpot

Can't doubleclick, can't System Restore, no Control Panel, can't open some prgms.

Solved
By jfringer
Mar 2, 2013
  1. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Hopefully we'll fix your issue.
    For now go ahead with my previous reply.

    I use Avast myself.
     
  2. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    All processes killed
    ========== OTL ==========
    Error: No service named vToolbarUpdater14.2.0 was found to stop!
    Service\Driver key vToolbarUpdater14.2.0 not found.
    File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe not found.
    Error: No service named RoxLiveShare9 was found to stop!
    Service\Driver key RoxLiveShare9 not found.
    Error: No service named avgwd was found to stop!
    Service\Driver key avgwd not found.
    File C:\Program Files\AVG\AVG2013\avgwdsvc.exe not found.
    Error: No service named AVGIDSAgent was found to stop!
    Service\Driver key AVGIDSAgent not found.
    File C:\Program Files\AVG\AVG2013\avgidsagent.exe not found.
    Error: No service named AdvancedSystemCareService6 was found to stop!
    Service\Driver key AdvancedSystemCareService6 not found.
    File C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe not found.
    Error: No service named WDICA was found to stop!
    Service\Driver key WDICA not found.
    Error: No service named wanatw was found to stop!
    Service\Driver key wanatw not found.
    Error: No service named Point32 was found to stop!
    Service\Driver key Point32 not found.
    File system32\DRIVERS\point32.sys not found.
    Error: No service named PDRFRAME was found to stop!
    Service\Driver key PDRFRAME not found.
    Error: No service named PDRELI was found to stop!
    Service\Driver key PDRELI not found.
    Error: No service named PDFRAME was found to stop!
    Service\Driver key PDFRAME not found.
    Error: No service named PDCOMP was found to stop!
    Service\Driver key PDCOMP not found.
    Error: No service named PCIDump was found to stop!
    Service\Driver key PCIDump not found.
    Error: No service named MRENDIS5 was found to stop!
    Service\Driver key MRENDIS5 not found.
    Error: No service named MREMPR5 was found to stop!
    Service\Driver key MREMPR5 not found.
    Error: No service named lbrtfdc was found to stop!
    Service\Driver key lbrtfdc not found.
    Error: No service named Lbd was found to stop!
    Service\Driver key Lbd not found.
    File system32\DRIVERS\Lbd.sys not found.
    Error: No service named Changer was found to stop!
    Service\Driver key Changer not found.
    Error: No service named catchme was found to stop!
    Service\Driver key catchme not found.
    File C:\DOCUME~1\JOHNFR~1\LOCALS~1\Temp\catchme.sys not found.
    Error: No service named bvrp_pci was found to stop!
    Service\Driver key bvrp_pci not found.
    Error: No service named Ad-Watch Connect Filter was found to stop!
    Service\Driver key Ad-Watch Connect Filter not found.
    Error: No service named avgtp was found to stop!
    Service\Driver key avgtp not found.
    File C:\WINDOWS\system32\drivers\avgtpx86.sys not found.
    Error: No service named Avgmfx86 was found to stop!
    Service\Driver key Avgmfx86 not found.
    File C:\WINDOWS\system32\drivers\avgmfx86.sys not found.
    Error: No service named AVGIDSDriver was found to stop!
    Service\Driver key AVGIDSDriver not found.
    File C:\WINDOWS\system32\drivers\avgidsdriverx.sys not found.
    Error: No service named AVGIDSHX was found to stop!
    Service\Driver key AVGIDSHX not found.
    File C:\WINDOWS\system32\drivers\avgidshx.sys not found.
    Error: No service named Avgldx86 was found to stop!
    Service\Driver key Avgldx86 not found.
    File C:\WINDOWS\system32\drivers\avgldx86.sys not found.
    Error: No service named Avgtdix was found to stop!
    Service\Driver key Avgtdix not found.
    File C:\WINDOWS\system32\drivers\avgtdix.sys not found.
    Error: Unable to stop service Avglogx!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avglogx deleted successfully.
    C:\WINDOWS\system32\drivers\avglogx.sys moved successfully.
    Service AVGIDSShim stopped successfully!
    Service AVGIDSShim deleted successfully!
    C:\WINDOWS\system32\drivers\avgidsshimx.sys moved successfully.
    Error: Unable to stop service Avgrkx86!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgrkx86 deleted successfully.
    C:\WINDOWS\system32\drivers\avgrkx86.sys moved successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgRemover deleted successfully.
    C:\Documents and Settings\John Fringer\Local Settings\Temporary Internet Files\Content.IE5\0K0TTPUQ\avg_remover_stf_x86_2013_2706[1].exe moved successfully.
    Registry key HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cnet.com\download\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imdb.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
    Registry key HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nrc.gov\access1\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1841321574-3558567648-798452987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pnl.gov\earrth\ deleted successfully.
    Starting removal of ActiveX control {01113300-3E00-11D2-8470-0060089874ED}
    C:\WINDOWS\Downloaded Program Files\tgctlcm.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01113300-3E00-11D2-8470-0060089874ED}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01113300-3E00-11D2-8470-0060089874ED}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01113300-3E00-11D2-8470-0060089874ED}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01113300-3E00-11D2-8470-0060089874ED}\ not found.
    Starting removal of ActiveX control {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
    C:\WINDOWS\Downloaded Program Files\OGAControl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\ not found.
    Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Starting removal of ActiveX control vzTCPConfig
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mhtml\ deleted successfully.
    File Protocol\Handler\mhtml - No CLSID value found not found.
    C:\Documents and Settings\John Fringer\Local Settings\Application Data\Avg2013\log folder moved successfully.
    C:\Documents and Settings\John Fringer\Local Settings\Application Data\Avg2013 folder moved successfully.
    File C:\WINDOWS\System32\drivers\avgtpx86.sys not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: John Fringer
    ->Temp folder emptied: 374621 bytes
    ->Temporary Internet Files folder emptied: 42139453 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 12090124 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 3044 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix 2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix.D3BJHC91
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: TEMP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16495 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 555186 bytes

    Total Files Cleaned = 53.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: John Fringer
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: NRC Citrix

    User: NRC Citrix 2

    User: NRC Citrix.D3BJHC91
    ->Java cache emptied: 0 bytes

    User: Owner
    ->Java cache emptied: 0 bytes

    User: TEMP

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: John Fringer
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix 2
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix.D3BJHC91
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: TEMP

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 03042013_223154
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  3. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    Results of screen317's Security Check version 0.99.60
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2013
    avast! Antivirus
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Secunia PSI (2.0.0.3001)
    Malwarebytes Anti-Malware version 1.65.1.1000
    CCleaner
    Temp File Cleaner
    Wise Disk Cleaner 5.93
    Java 7 Update 15
    Adobe Flash Player 11.6.602.171
    Adobe Reader 8 Adobe Reader out of Date!
    Adobe Reader 10.1.6 Adobe Reader out of Date!
    Mozilla Firefox 18.0.2 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    IObit IObit Malware Fighter IMFsrv.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 4%
    ````````````````````End of Log``````````````````````
     
  4. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    Farbar Service Scanner Version: 03-03-2013
    Ran by John Fringer (administrator) on 04-03-2013 at 22:46:42
    Running from "C:\Documents and Settings\John Fringer\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is set to Disabled. The default start type is Auto.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll
    [2005-08-16 05:40] - [2008-04-13 19:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe
    [2005-08-16 05:18] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

    Extra List:
    =======
    aswTdi(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0C000000040000000100000002000000030000000C00000009000000080000000A0000000B000000050000000600000007000000
    IpSec Tag value is correct.
    **** End of log ****
     
  5. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    ESETScan.txt:
    C:\Documents and Settings\John Fringer\DoctorWeb\Quarantine\hosts Win32/Qhost trojan
    C:\Documents and Settings\John Fringer\DoctorWeb\Quarantine\hosts__0 Win32/Qhost trojan
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP489\A0112852.exe Win32/Adware.1ClickDownload.E application
     
  6. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    No next steps? Is my problem not fixable?
    Thanks,
    John
     
  7. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =====================

    Now....

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

    When done let me know how the issues are.
     
  8. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    It's been a long day; I'll do this tomorrow morning (assuming we get a snow day here on the E. coast). BTW: I couldn't uninstall AVG with your remover; I had to do a search for all AVG files and delete them. I'll make a (nice) donation when this is finished.
    Thanks,
    John
     
  9. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Take your time :)
     
  10. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    When I tried to install Adobe Reader, I got this "Adobe Reader Installation Error": "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance." I get that same message when I try to uninstall Adobe Reader (or any other program). What should I do? "Revo Uninstaller" doesn't seem to work well, either; just like it didn't work for removing AVG.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Skip that step for now.
     
     
  12. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    I couldn't install Java, either. When installing Windows Repair, I got an Error: "Could not create uninstall shortcut.", and the install aborted.
     
  13. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    Tried it again and it still wouldn't work.
     
  14. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    Do you think it's possible to fix this--in time for my birthday (Mar. 9)?
     
  15. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Go ahead with Windows Repair.
     
  16. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    You don't understand; I can't install Windows Repair. I get this Error: "Could not create uninstall shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com\Windows Repair (All in One).lnk", and the install aborted. Please help.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Try portable version from the very same link.
    It doesn't require installation.
     
  18. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    I don't have a Windows XP CD Professional CD-ROM, so I could not complete Step 3. I have a Dell, and Dell doesn't ship those with their computers.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Did the tool actually ask you for Windows CD?
     
  20. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    Yes. It states in instructions: "For Windows XP & 2003 you will need your Windows CD."
     
  21. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    Do I need to wait for the CD? I just ordered it from Dell. (They said it'll be here by Friday, but I'm awfully anxious to get this problem fixed.)
     
  22. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    I want you to run that step and see if you'll be asked for Windows CD at some point.
     
  23. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    Yes, I was definitely asked for the CD.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    You'll have to get it then.
    Some system files must be corrupted.
    You can either wait for your CD or ask around. Some friend may have it.
     
  25. jfringer

    jfringer TS Rookie Topic Starter Posts: 59

    No, I guess I'll have to wait. --My PC's asked for before, so at least now I'll have it.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.