TechSpot

Got a bug I can't seem to shake

Solved
By POWENS
Sep 22, 2013
  1. Hi everyone, My name is Patrick and I am an ***** that clicked on and downloaded win7zip by mistake then tried to install it, that is when the problems started.
    Problems : start menu folders are empty or no longer work, programs won't install properly and virus protection won't update.
    I have ran adwcleaner :
    # AdwCleaner v3.004 - Report created 22/09/2013 at 01:22:39
    # Updated 15/09/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Owner - DEATHBLOW
    # Running from : C:\Documents and Settings\Owner.DeathBlow\My Documents\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Program Files\Viewpoint

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v23.0.1 (en-US)

    *************************

    AdwCleaner[R0].txt - [1812 octets] - [22/09/2013 01:21:22]
    AdwCleaner[S0].txt - [1771 octets] - [22/09/2013 01:22:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1831 octets] ##########

    and combofix
    ComboFix 13-09-19.01 - Owner 09/22/2013 1:35.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1246 [GMT -5:00]
    Running from: c:\documents and settings\Owner.DeathBlow\My Documents\Downloads\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Owner.DeathBlow\WINDOWS
    c:\windows\bcm36.tmp
    c:\windows\system32\config\systemprofile\WINDOWS
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-22 to 2013-09-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-22 06:21 . 2013-09-22 06:22 -------- d-----w- C:\AdwCleaner
    2013-09-12 17:12 . 2013-09-12 17:12 -------- d-----w- c:\documents and settings\Owner.DeathBlow\Local Settings\Application Data\PCHealth
    2013-09-07 06:46 . 2013-08-07 09:22 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-09-07 06:46 . 2013-09-07 06:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
    2013-09-07 06:24 . 2013-09-07 06:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2013
    2013-09-07 06:24 . 2013-09-07 06:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg2013
    2013-09-07 06:20 . 2013-09-07 06:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2013-09-07 05:45 . 2013-09-07 05:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2013-08-24 21:22 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-19 22:27 . 2013-02-18 17:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-19 22:27 . 2013-02-18 17:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-19 05:15 . 2013-08-19 04:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-08-09 01:56 . 2009-09-01 16:13 386560 ----a-w- c:\windows\system32\themeui.dll
    2013-08-08 06:05 . 2009-09-01 16:14 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-08-08 06:05 . 2009-09-01 16:10 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-08-08 06:05 . 2009-09-01 16:08 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-08-08 06:05 . 2009-09-01 16:06 18944 ----a-w- c:\windows\system32\corpol.dll
    2013-08-08 01:27 . 2009-09-01 16:14 1877760 ----a-w- c:\windows\system32\win32k.sys
    2013-08-08 00:02 . 2009-09-01 16:08 385024 ------w- c:\windows\system32\html.iec
    2013-08-05 13:30 . 2009-09-01 16:12 1289728 ----a-w- c:\windows\system32\ole32.dll
    2013-07-31 22:20 . 2005-01-09 23:49 827392 ----a-w- c:\windows\system32\wmvdmod.dll
    2013-07-20 06:51 . 2012-09-21 09:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 06:50 . 2012-10-22 19:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 06:50 . 2012-10-15 09:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 06:50 . 2012-10-02 09:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-10 10:37 . 2009-09-01 16:13 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-10 06:32 . 2012-09-14 09:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-07-04 03:03 . 2009-09-01 16:12 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08 . 2013-01-18 21:50 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-07-01 06:45 . 2012-11-16 05:33 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2013-06-24 17:46 . 2013-06-24 17:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-24 17:46 . 2013-06-24 17:47 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-24 17:46 . 2013-02-18 05:38 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-06-24 17:46 . 2013-02-18 05:38 789416 ----a-w- c:\windows\system32\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
    "RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-01-18 98304]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2013-08-16 1549120]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 4:48 AM 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 246072]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 4:05 AM 39224]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8/22/2013 12:38 AM 14776]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 2:02 PM 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 4:45 AM 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 4:30 AM 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 4:46 AM 182072]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [8/20/2013 12:19 AM 574272]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
    R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [8/20/2013 12:33 AM 335168]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12/7/2012 6:27 PM 167424]
    R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [2/17/2013 11:26 PM 65596]
    R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [8/20/2013 12:45 AM 31520]
    R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [8/20/2013 12:45 AM 17360]
    R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2/17/2013 11:26 PM 198144]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
    S3 Ant App service;File1 Application service;c:\program files\Ant.com\File1 Package Manager\AppService.exe [2/5/2013 12:16 PM 504816]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [6/23/2013 12:44 PM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [12/7/2012 6:27 PM 21248]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/18/2013 11:30 PM 40776]
    S3 o1394bul;o1394bul;\??\c:\docume~1\OWNER~1.DEA\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\OWNER~1.DEA\LOCALS~1\Temp\o1394bul.sys [?]
    S3 rm;rm;\??\c:\windows\system32\drivers\rm.sys --> c:\windows\system32\drivers\rm.sys [?]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [8/20/2013 12:45 AM 247968]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-18 22:27]
    .
    2013-09-22 c:\windows\Tasks\ASC6_PerformanceMonitor.job
    - c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-08-20 22:44]
    .
    2013-08-19 c:\windows\Tasks\MyTurboPC.com Registration3.job
    - c:\program files\Common Files\MyTurboPC.com\UUS3\UUS3.dll [2013-01-15 22:28]
    .
    2013-09-17 c:\windows\Tasks\MyTurboPC.com Update3.job
    - c:\program files\Common Files\MyTurboPC.com\UUS3\Update3.exe [2013-01-15 22:28]
    .
    2013-09-21 c:\windows\Tasks\MyTurboPC.job
    - c:\program files\MyTurboPC.com\MyTurboPC\mtpc.exe [2013-01-15 22:28]
    .
    2013-09-22 c:\windows\Tasks\SmartDefragUpdate.job
    - c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-08-20 23:49]
    .
    2013-09-17 c:\windows\Tasks\SmartDefrag_Schedule.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-08-20 15:31]
    .
    2013-09-22 c:\windows\Tasks\SmartDefrag_Startup.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-08-20 15:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=vFvhbEuqIPw9cKD3yDOlEzSdx1E
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 67.142.160.8 67.142.160.9
    FF - ProfilePath - c:\documents and settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - ExtSQL: 2013-08-18 02:24; anttoolbar@ant.com; c:\documents and settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\anttoolbar@ant.com
    FF - ExtSQL: 2013-09-18 07:25; ascsurfingprotection@iobit.com; c:\documents and settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\ascsurfingprotection@iobit.com
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-09-22 01:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(788)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2013-09-22 01:43:08
    ComboFix-quarantined-files.txt 2013-09-22 06:43
    .
    Pre-Run: 162,866,606,080 bytes free
    Post-Run: 162,833,641,472 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 6C1AD9374123CAFCFC3D7D18FA383EB3
    B20939CD98B7710036274839082AE757
    and virus protection still will not update
    I have 4 folders on my C drive that I have no idea what they are
    56cdd8302796665bab7cdcb93e6efd
    eb0ba60ccbb2264b5ec6eefb
    e49a4022028dd4d3037c796460
    a017ef1b2412ea6270
    I would be thankful for any help
     
  2. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Hope this works but here is a couple of screen shots to show the errors I have been getting Screenshot.jpg Screenshot02.jpg
     
  3. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Any ideas on what virus, trojan, worm, that I might have please help.
     
  4. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    I tried to install malwarebytes and it didn't install properly and wouldn't run.
    do I just need to trash the computer and get a new one.
     
  5. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Never run Combofix on your own!

    [​IMG] You're running two AV programs, AVG and McAfee.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities
    If McAfee use this tool: http://www.majorgeeks.com/files/details/mcafee_consumer_product_removal_tool.html
     
  6. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Thank you for your help
    Malwarebytes would not install
    here is screen shots of what happened
    Malinstal01.jpg Malinstal02.jpg Malinstal02.jpg
     
  7. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Here is the DDS log

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
    Run by Owner at 18:39:59 on 2013-09-22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1325 [GMT -5:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
    C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\readericon45G.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=vFvhbEuqIPw9cKD3yDOlEzSdx1E
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - c:\program files\ant.com\ie add-on\Download.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
    BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\bae.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Reminder] c:\windows\creator\Remind_XP.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
    dRun: [Power2GoExpress] NA
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361155837230
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361159053980
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner.deathblow\application data\mozilla\firefox\profiles\qfreinz8.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\npMSDM.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\NPSWF32.dll
    FF - ExtSQL: 2013-08-18 02:24; anttoolbar@ant.com; c:\documents and settings\owner.deathblow\application data\mozilla\firefox\profiles\qfreinz8.default\extensions\anttoolbar@ant.com
    FF - ExtSQL: 2013-09-22 08:49; ascsurfingprotection@iobit.com; c:\documents and settings\owner.deathblow\application data\mozilla\firefox\profiles\qfreinz8.default\extensions\ascsurfingprotection@iobit.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 246072]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 96568]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-8-22 14776]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-8-20 574272]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2013-8-20 335168]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]
    R2 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gscv2\WLService.exe [2013-2-17 65596]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
    S3 Ant App service;File1 Application service;c:\program files\ant.com\file1 package manager\AppService.exe [2013-2-5 504816]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2013-6-23 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 21248]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-18 40776]
    S3 o1394bul;o1394bul;\??\c:\docume~1\owner~1.dea\locals~1\temp\o1394bul.sys --> c:\docume~1\owner~1.dea\locals~1\temp\o1394bul.sys [?]
    S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2013-8-20 31520]
    S3 rm;rm;\??\c:\windows\system32\drivers\rm.sys --> c:\windows\system32\drivers\rm.sys [?]
    S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2013-8-20 17360]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-1 14336]
    S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2013-2-17 198144]
    S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2013-8-20 247968]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
    ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-09-22 19:07:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-09-22 19:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-09-22 06:33:55 -------- d-sha-r- C:\cmdcons
    2013-09-22 06:31:03 98816 ----a-w- c:\windows\sed.exe
    2013-09-22 06:31:03 256000 ----a-w- c:\windows\PEV.exe
    2013-09-22 06:31:03 208896 ----a-w- c:\windows\MBR.exe
    2013-09-22 06:21:17 -------- d-----w- C:\AdwCleaner
    2013-09-12 17:12:41 -------- d-----w- c:\documents and settings\owner.deathblow\local settings\application data\PCHealth
    2013-09-07 06:46:51 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-08-24 21:22:21 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    .
    ==================== Find3M ====================
    .
    2013-09-22 19:08:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-09-19 22:27:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-19 22:27:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
    2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-08-08 06:05:59 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
    2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
    2013-08-08 00:02:34 385024 ------w- c:\windows\system32\html.iec
    2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
    2013-07-31 22:20:04 827392 ----a-w- c:\windows\system32\wmvdmod.dll
    2013-07-20 06:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 06:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 06:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 06:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-10 06:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    ============= FINISH: 18:40:34.78 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    [​IMG] I still need Attach.txt log from DDS.

    [​IMG] Uninstall Advanced SystemCare 6.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

     
  9. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Here is the attach file
     

    Attached Files:

  10. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Here is the problem I have uninstalling ASC 6
    uninstall problem.jpg
     
  11. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Please observe forum rules.
    All logs have to be pasted not attached.

    As for Advanced System Care try Revo Uninstaller...

    Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

    Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
    • Please download and install Revo Uninstaller Free
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on the program you want to remove
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • When the built-in uninstaller is finished click on Next
    • Once the program has searched for leftovers click Next.
    • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
    • When prompted click on Yes and then on Next.
    • Put a check on any folders that are found and select Delete
    • When prompted select Yes then Next
    • Once done click Finish.
     
     
  12. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/17/2013 9:14:53 PM
    System Uptime: 9/22/2013 6:37:36 PM (0 hours ago)
    .
    Motherboard: Micro Star International | | MS-7248R
    Processor: Intel(R) Pentium(R) D CPU 2.66GHz | Socket 775 | 2666/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 228 GiB total, 150.467 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 1.179 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_248C1462&REV_10\4&1037ED3C&0&10A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_248C1462&REV_10\4&1037ED3C&0&10A4
    Service: RTL8023xp
    .
    ==== System Restore Points ===================
    .
    RP146: 6/24/2013 12:45:57 PM - Removed Java 7 Update 21
    RP147: 6/24/2013 12:46:37 PM - Installed Java 7 Update 25
    RP148: 6/25/2013 5:29:47 PM - System Checkpoint
    RP149: 6/26/2013 6:17:15 PM - System Checkpoint
    RP150: 6/27/2013 7:17:14 PM - System Checkpoint
    RP151: 6/28/2013 8:17:14 PM - System Checkpoint
    RP152: 6/29/2013 9:32:02 PM - System Checkpoint
    RP153: 6/30/2013 9:37:12 PM - System Checkpoint
    RP154: 7/1/2013 9:43:08 PM - System Checkpoint
    RP155: 7/3/2013 1:15:30 AM - System Checkpoint
    RP156: 7/4/2013 2:59:22 AM - System Checkpoint
    RP157: 7/5/2013 4:26:32 AM - System Checkpoint
    RP158: 7/6/2013 5:40:15 AM - System Checkpoint
    RP159: 7/7/2013 9:04:32 AM - System Checkpoint
    RP160: 7/8/2013 9:47:44 AM - System Checkpoint
    RP161: 7/9/2013 12:21:53 PM - System Checkpoint
    RP162: 7/10/2013 1:30:44 AM - Software Distribution Service 3.0
    RP163: 7/11/2013 3:19:15 AM - System Checkpoint
    RP164: 7/12/2013 3:43:54 AM - System Checkpoint
    RP165: 7/13/2013 4:34:03 AM - System Checkpoint
    RP166: 7/14/2013 5:33:04 AM - System Checkpoint
    RP167: 7/15/2013 7:47:56 AM - System Checkpoint
    RP168: 7/16/2013 7:59:54 AM - System Checkpoint
    RP169: 7/17/2013 8:39:06 AM - System Checkpoint
    RP170: 7/18/2013 8:55:41 AM - System Checkpoint
    RP171: 7/19/2013 11:40:44 AM - System Checkpoint
    RP172: 7/20/2013 1:04:51 AM - Software Distribution Service 3.0
    RP173: 7/21/2013 1:45:22 PM - System Checkpoint
    RP174: 7/22/2013 2:55:36 PM - System Checkpoint
    RP175: 7/23/2013 10:35:29 PM - System Checkpoint
    RP176: 7/24/2013 11:16:27 PM - System Checkpoint
    RP177: 7/26/2013 12:55:06 AM - System Checkpoint
    RP178: 7/26/2013 3:21:48 AM - Installed AVG 2013
    RP179: 7/26/2013 3:26:01 AM - Removed AVG 2013
    RP180: 7/27/2013 3:46:11 AM - System Checkpoint
    RP181: 7/28/2013 4:46:12 AM - System Checkpoint
    RP182: 7/29/2013 5:46:10 AM - System Checkpoint
    RP183: 7/30/2013 6:44:01 AM - System Checkpoint
    RP184: 7/31/2013 7:44:01 AM - System Checkpoint
    RP185: 8/2/2013 3:15:06 AM - System Checkpoint
    RP186: 8/3/2013 4:20:04 AM - System Checkpoint
    RP187: 8/4/2013 5:06:58 AM - System Checkpoint
    RP188: 8/5/2013 6:06:56 AM - System Checkpoint
    RP189: 8/6/2013 8:54:58 AM - System Checkpoint
    RP190: 8/7/2013 12:39:21 PM - System Checkpoint
    RP191: 8/8/2013 12:57:10 PM - System Checkpoint
    RP192: 8/9/2013 1:37:29 PM - System Checkpoint
    RP193: 8/10/2013 2:36:22 PM - System Checkpoint
    RP194: 8/11/2013 1:42:38 AM - Software Distribution Service 3.0
    RP195: 8/12/2013 2:17:24 AM - System Checkpoint
    RP196: 8/13/2013 3:58:14 AM - System Checkpoint
    RP197: 8/14/2013 12:07:00 AM - Software Distribution Service 3.0
    RP198: 8/15/2013 2:26:29 AM - System Checkpoint
    RP199: 8/16/2013 5:30:39 AM - System Checkpoint
    RP200: 8/17/2013 9:01:18 AM - System Checkpoint
    RP201: 8/17/2013 10:30:27 PM - Restore Operation
    RP202: 8/17/2013 11:23:56 PM - Installed Windows XP KB2618444.
    RP203: 8/18/2013 2:05:06 AM - Restore Operation
    RP204: 8/18/2013 2:06:14 AM - Software Distribution Service 3.0
    RP205: 8/18/2013 3:59:58 AM - Software Distribution Service 3.0
    RP206: 8/19/2013 3:00:17 AM - Software Distribution Service 3.0
    RP207: 8/20/2013 4:49:49 AM - System Checkpoint
    RP208: 8/21/2013 1:24:40 AM - Software Distribution Service 3.0
    RP209: 8/21/2013 1:59:22 AM - Installed Windows Internet Explorer 8.
    RP210: 8/22/2013 12:34:15 AM - Software Distribution Service 3.0
    RP211: 8/23/2013 2:08:33 AM - System Checkpoint
    RP212: 8/24/2013 3:30:17 AM - System Checkpoint
    RP213: 8/25/2013 5:25:19 AM - System Checkpoint
    RP214: 8/26/2013 5:52:53 AM - System Checkpoint
    RP215: 8/26/2013 10:49:01 PM - Installed Windows XP KB2632503.
    RP216: 8/28/2013 1:26:25 AM - Software Distribution Service 3.0
    RP217: 8/29/2013 1:52:51 AM - System Checkpoint
    RP218: 8/30/2013 8:51:48 AM - System Checkpoint
    RP219: 8/31/2013 10:17:20 AM - System Checkpoint
    RP220: 9/1/2013 12:10:19 PM - System Checkpoint
    RP221: 9/2/2013 12:52:49 PM - System Checkpoint
    RP222: 9/3/2013 1:52:48 PM - System Checkpoint
    RP223: 9/4/2013 3:15:34 PM - System Checkpoint
    RP224: 9/5/2013 6:15:33 PM - System Checkpoint
    RP225: 9/6/2013 6:27:33 PM - System Checkpoint
    RP226: 9/8/2013 12:27:22 AM - System Checkpoint
    RP227: 9/9/2013 4:57:53 AM - System Checkpoint
    RP228: 9/10/2013 5:27:53 AM - System Checkpoint
    RP229: 9/11/2013 11:38:43 AM - System Checkpoint
    RP230: 9/12/2013 1:08:23 AM - Software Distribution Service 3.0
    RP231: 9/13/2013 11:25:00 AM - System Checkpoint
    RP232: 9/14/2013 1:46:15 PM - System Checkpoint
    RP233: 9/15/2013 5:23:18 PM - System Checkpoint
    RP234: 9/16/2013 6:12:03 PM - System Checkpoint
    RP235: 9/17/2013 6:27:52 PM - System Checkpoint
    RP236: 9/18/2013 7:59:53 PM - System Checkpoint
    RP237: 9/19/2013 8:01:28 PM - System Checkpoint
    RP238: 9/20/2013 9:08:14 PM - System Checkpoint
    RP239: 9/21/2013 9:09:03 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Add or Remove Adobe Creative Suite 3 Design Premium
    Adobe Acrobat 8 Professional
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Design Premium
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Player 9 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 7.0
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advanced SystemCare 6
    AHV content for Acrobat and Flash
    Ant.com IE add-on
    ATI - Software Uninstall Utility
    ATI Display Driver
    ATI Parental Control & Encoder
    AVG 2013
    Browser Address Error Redirector
    Compact Wireless-G USB Network Adapter with SpeedBooster
    Digital Media Reader
    DivX Setup
    DVD Solution
    File1 Package Manager
    gtw_logo
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    IObit Malware Fighter
    IPTInstaller
    Java 7 Update 25
    Java Auto Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.0 Security Update (KB2742607)
    Microsoft .NET Framework 1.0 Security Update (KB2833951)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Download Manager
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Money 2006
    Microsoft Office Standard Edition 2003
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Mozilla Firefox 23.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyTurboPC
    Napster Burn Engine
    PDF Settings
    Power2Go 4.0
    PowerDVD
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Recovery Software Suite Gateway
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB2870699)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834905-v2)
    Security Update for Windows Media Player (KB2834905)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2792100)
    Security Update for Windows XP (KB2797052)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862772)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Smart Defrag 2
    Soft Data Fax Modem with SmartCP
    Sonic Encoders
    Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    Star Wars®: Knights of the Old Republic (TM)
    Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2808679)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC80CRTRedist - 8.0.50727.6195
    WebFldrs XP
    Windows Backup Utility
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format Runtime
    Windows Search 4.0
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/22/2013 1:45:32 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).
    9/18/2013 10:14:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSShim Avgldx86 Fips intelppm
    9/18/2013 10:14:18 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/18/2013 10:13:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/17/2013 10:32:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Broadcom Wireless LAN Tray Service service to connect.
    9/17/2013 10:32:07 AM, error: Service Control Manager [7000] - The Broadcom Wireless LAN Tray Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  13. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Revo Uninstaller worked and I was able to get rid of ASC 6
    but I don't understand how I was able to install Revo Uninstaller without any problems
     
  14. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    [​IMG]
    Let's see, if we can recover your missing features.

    • Please download Unhide onto a USB device then transfer it to your desktop
    • Double click the [​IMG] icon
    • Once the program has completed a Windows alert will be displayed stating your files have been restored
    • Please reboot your computer
    • If the issues is not resolved please run the program a second time
    • Please copy and paste the contents of the Unhide.txt document which will be created on your desktop

    Let me know if it helped.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  15. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Unhide didn't really do anything I still can't start programs from the start menu
     
  16. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Here is the unhide log

    Unhide by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Unhide.exe can be found at this link:
    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 09/23/2013 11:42:59 PM
    Windows Version: Windows XP

    Please be patient while your files are made visible again.

    Processing the C:\ drive
    Finished processing the C:\ drive. 181459 files processed.

    Processing the D:\ drive
    Finished processing the D:\ drive. 17289 files processed.

    Processing the F:\ drive
    Finished processing the F:\ drive. 0 files processed.

    Processing the G:\ drive
    Finished processing the G:\ drive. 0 files processed.

    Processing the H:\ drive
    Finished processing the H:\ drive. 0 files processed.

    Processing the I:\ drive
    Finished processing the I:\ drive. 0 files processed.

    The C:\DOCUME~1\OWNER~1.DEA\LOCALS~1\Temp\smtmp\ folder does not exist!!
    Unhide cannot restore your missing shortcuts!!
    Please see this topic in order to learn how to restore default
    Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

    Searching for Windows Registry changes made by FakeHDD rogues.
    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    No registry changes detected.

    Program finished at: 09/23/2013 11:48:22 PM
    Execution time: 0 hours(s), 5 minute(s), and 23 seconds(s)
     
  17. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 09/24/2013 00:00:43
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3250824A +++++
    --- User ---
    [MBR] be51bc9fd165bfa2d8e1f6e724eb337d
    [BSP] dfad42d9922357038cb44612ca38bbe6 : Legit.B MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9221310 | Size: 233970 Mo
    1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4502 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_09242013_000043.txt >>
    RKreport[0]_S_09232013_235802.txt
     
  18. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    On another note I now have a my computer icon on my desk top that I never had there before
     
  19. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    System restore won't start
    I couldn't find the more information page on the link you gave
     
  20. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Found the restore
     
  21. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Mbar log

    Malwarebytes Anti-Rootkit BETA 1.07.0.1005
    www.malwarebytes.org

    Database version: v2013.09.24.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: DEATHBLOW [administrator]

    9/24/2013 12:29:30 AM
    mbar-log-2013-09-24 (00-29-30).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 225713
    Time elapsed: 12 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  22. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    System log
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.666000 GHz
    Memory total: 2011672576, free: 1442312192

    Downloaded database version: v2013.09.24.02
    Downloaded database version: v2013.09.23.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    09/24/2013 00:29:19
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    aliide.sys
    cmdide.sys
    toside.sys
    viaide.sys
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    cpqarray.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    IASTOR.SYS
    atapi.sys
    aha154x.sys
    sparrow.sys
    symc810.sys
    aic78xx.sys
    dac960nt.sys
    ql10wnt.sys
    amsint.sys
    asc.sys
    asc3550.sys
    mraid35x.sys
    i2omp.sys
    ini910u.sys
    ql1240.sys
    aic78u2.sys
    symc8xx.sys
    sym_hi.sys
    sym_u3.sys
    ABP480N5.SYS
    asc3350p.sys
    cd20xrnt.sys
    ultra.sys
    adpu160m.sys
    dpti2o.sys
    ql1080.sys
    ql1280.sys
    ql12160.sys
    perc2.sys
    perc2hib.sys
    hpn.sys
    cbidf2k.sys
    dac2w2k.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    viaagp.sys
    SmartDefragDriver.sys
    sisagp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    Mup.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    agp440.sys
    alim1541.sys
    amdagp.sys
    agpCPQ.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\Cdralw2k.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\i2omgmt.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\WUSB54GSCV2.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\System32\Drivers\ASCTRM.SYS
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \??\C:\WINDOWS\system32\GTNDIS5.SYS
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR6
    Upper Device Object: 0xffffffff8a183ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000009c\
    Lower Device Object: 0xffffffff8a12d438
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR5
    Upper Device Object: 0xffffffff8a129ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000009b\
    Lower Device Object: 0xffffffff8a12cd08
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR4
    Upper Device Object: 0xffffffff8a4dd980
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000009a\
    Lower Device Object: 0xffffffff8a01cca0
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xffffffff8a74eab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000099\
    Lower Device Object: 0xffffffff8a144ea0
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8a8337c8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-16\
    Lower Device Object: 0xffffffff8a82e940
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8a8337c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a82ad10, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a8337c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a8539b0, DeviceName: \Device\0000008f\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8a82e940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-16\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 14CB14CB

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 9221310 Numsec = 479170755
    Partition is not bootable

    Partition 1 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 9221247

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 250059350016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff8a74eab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a41cd18, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a74eab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a144ea0, DeviceName: \Device\00000099\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff8a4dd980, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a4f49a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a4dd980, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a01cca0, DeviceName: \Device\0000009a\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xffffffff8a129ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a4cce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a129ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a12cd08, DeviceName: \Device\0000009b\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xffffffff8a183ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a4d9558, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a183ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a12d438, DeviceName: \Device\0000009c\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_9221310_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
     
  23. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    Virus protection still wont update
     
  24. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Give me more details what exactly happens.

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  25. POWENS

    POWENS TS Rookie Topic Starter Posts: 43

    When I go to the start menu and choose all programs it doesn't matter which program I try to open nothing happens.
    In order to open the programs I have to go to the program folder on the C drive to open it.
    I will post the logs when I get off work
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.