Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issues After Virus Removal


  • Please log in to reply
16 replies to this topic

#1 aw9018

aw9018

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 17 January 2012 - 02:00 PM

After removing a fake antivirus virus using rkill and mbam, windows security alerts indicated automatic updates was turned off. In system properties it is checked to be on. I cannot turn it on in the security center, but I was able to stop the alert by changing the alert settings. When I try to go to the widows update site through the update link in the start- all programs list and manually get updates, the site says "The website has encountered a problem and cannot display the page you are trying to view..." I have tried to do a system restore to about 3 different restore points and all failed to restore. I also noticed that "administrative tools" is empty. I'm guessing the virus altered the registry and I'm definitely not qualified to mess with that without specific instructions. I backed up all data I don't want to lose in this machine. I can do a reinstall of the OS, which will obviously solve all problems but there is a lot of software I use which I'd rather not have to reinstall, not to mention about 7 years of MS updates, so does any of the knowledgeable people on this site have any ideas?

Edited by hamluis, 17 January 2012 - 02:51 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 PM

Posted 17 January 2012 - 10:00 PM

Hello ans welcome. Lets do this and see how it is.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

Now
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 aw9018

aw9018
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 18 January 2012 - 12:32 AM

OK, it took a couple of hours,mainly for the ESET scan. here are the Mini tool box results:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Alan Wasser (administrator) on 17-01-2012 at 22:19:45
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


192.168.1.109 HP000D9D1B940B

127.0.0.1 localhost

========================= IP Configuration: ================================

Wireless PCI Adapter = Wireless Network Connection (Connected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : alanpc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Wireless PCI Adapter

Physical Address. . . . . . . . . : 00-D0-41-B4-79-15

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.148

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 167.206.254.2

167.206.254.1

192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Tuesday, January 17, 2012 11:10:55 AM

Lease Expires . . . . . . . . . . : Wednesday, January 18, 2012 11:10:55 AM



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC #2

Physical Address. . . . . . . . . : 00-14-D1-16-0F-10

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.106

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 167.206.254.2

167.206.254.1

192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Tuesday, January 17, 2012 11:10:52 AM

Lease Expires . . . . . . . . . . : Wednesday, January 18, 2012 11:10:52 AM

Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: google.com
Addresses: 74.125.115.99, 74.125.115.105, 74.125.115.103, 74.125.115.106
74.125.115.147, 74.125.115.104



Pinging google.com [74.125.115.104] with 32 bytes of data:



Reply from 74.125.115.104: bytes=32 time=29ms TTL=51

Reply from 74.125.115.104: bytes=32 time=28ms TTL=51



Ping statistics for 74.125.115.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 29ms, Average = 28ms

Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=69ms TTL=52

Reply from 98.139.180.149: bytes=32 time=89ms TTL=52



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 69ms, Maximum = 89ms, Average = 79ms

Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 d0 41 b4 79 15 ...... Wireless PCI Adapter - Packet Scheduler Miniport
0x3 ...00 14 d1 16 0f 10 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.148 25
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.106 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.106 192.168.1.106 20
192.168.1.0 255.255.255.0 192.168.1.106 192.168.1.106 20
192.168.1.0 255.255.255.0 192.168.1.148 192.168.1.148 25
192.168.1.106 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.148 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.106 192.168.1.106 20
192.168.1.255 255.255.255.255 192.168.1.148 192.168.1.148 25
224.0.0.0 240.0.0.0 192.168.1.106 192.168.1.106 20
224.0.0.0 240.0.0.0 192.168.1.148 192.168.1.148 25
255.255.255.255 255.255.255.255 192.168.1.106 192.168.1.106 1
255.255.255.255 255.255.255.255 192.168.1.148 192.168.1.148 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2012 10:19:37 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/16/2012 03:05:59 PM) (Source: Application Hang) (User: )
Description: Hanging application registrybooster.exe, version 6.0.10.7, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/03/2012 09:55:30 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 sharepod.exe, P2 3.9.7.0, P3 4cf1055e, P4 system.windows.forms, P5 2.0.0.0, P6 4d8c1dde, P7 1521, P8 17, P9 clr20r30, P10 clr20r31.

Error: (12/07/2011 00:02:37 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x0008c900.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/07/2011 00:02:37 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 0.0.0.0, faulting module explorer.exe, version 0.0.0.0, fault address 0x0008c900.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/03/2011 10:42:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 sharepod.exe, P2 3.9.7.0, P3 4cf1055e, P4 sharepod_merged, P5 3.9.7.0, P6 4cf1055e, P7 286, P8 40, P9 clr20r30, P10 clr20r31.

Error: (11/03/2011 08:48:06 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 sharepod.exe, P2 3.9.7.0, P3 4cf1055e, P4 system.windows.forms, P5 2.0.0.0, P6 4d8c1dde, P7 1521, P8 17, P9 clr20r30, P10 clr20r31.

Error: (11/03/2011 08:43:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iTunes.exe, version 10.5.0.142, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2011 08:43:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iTunes.exe, version 10.5.0.142, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/01/2011 04:28:03 PM) (Source: MsiInstaller) (User: Alan Wasser)Alan Wasser
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.


System errors:
=============
Error: (01/16/2012 10:02:46 PM) (Source: Service Control Manager) (User: )
Description: The SASENUM service failed to start due to the following error:
%%2

Error: (01/16/2012 10:02:42 PM) (Source: Service Control Manager) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%2

Error: (01/16/2012 10:02:42 PM) (Source: Service Control Manager) (User: )
Description: The SASDIFSV service failed to start due to the following error:
%%2

Error: (01/16/2012 10:02:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2012 10:02:02 PM) (Source: 0) (User: )
Description:

Error: (01/16/2012 10:02:02 PM) (Source: 0) (User: )
Description:

Error: (01/16/2012 10:02:02 PM) (Source: 0) (User: )
Description:

Error: (01/16/2012 10:02:02 PM) (Source: 0) (User: )
Description:

Error: (01/16/2012 10:02:02 PM) (Source: 0) (User: )
Description:

Error: (01/16/2012 10:01:39 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.108 for the Network Card with network address 00D041B47915 has been
denied by the DHCP server 192.168.33.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (01/16/2012 10:19:37 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (01/16/2012 03:05:59 PM) (Source: Application Hang)(User: )
Description: registrybooster.exe6.0.10.7hungapp0.0.0.000000000

Error: (01/03/2012 09:55:30 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3sharepod.exe3.9.7.04cf1055esystem.windows.forms2.0.0.04d8c1dde152117system.invalidoperationexceptionNIL

Error: (12/07/2011 00:02:37 PM) (Source: Application Error)(User: )
Description: iexplore.exe0.0.0.0iexplore.exe0.0.0.00008c900

Error: (12/07/2011 00:02:37 PM) (Source: Application Error)(User: )
Description: explorer.exe0.0.0.0explorer.exe0.0.0.00008c900

Error: (12/03/2011 10:42:35 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3sharepod.exe3.9.7.04cf1055esharepod_merged3.9.7.04cf1055e28640system.nullreferenceexceptionNIL

Error: (11/03/2011 08:48:06 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3sharepod.exe3.9.7.04cf1055esystem.windows.forms2.0.0.04d8c1dde152117system.invalidoperationexceptionNIL

Error: (11/03/2011 08:43:19 PM) (Source: Application Hang)(User: )
Description: iTunes.exe10.5.0.142hungapp0.0.0.000000000

Error: (11/03/2011 08:43:19 PM) (Source: Application Hang)(User: )
Description: iTunes.exe10.5.0.142hungapp0.0.0.000000000

Error: (11/01/2011 04:28:03 PM) (Source: MsiInstaller)(User: Alan Wasser)Alan Wasser
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

2600 (Version: 47.0.1.000)
2600_Help (Version: 47.0.1.000)
2600Trb (Version: 47.0.1.000)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Reader 9.2 (Version: 9.2.0)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.704)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 45.4.157.000)
calibre (Version: 0.8.33)
CDBurnerXP (Version: 4.2.4.1351)
Cisco Connect (Version: 1.4.11200.0)
CopyTrans Suite Remove Only (Version: 2.15)
CutePDF Writer 2.7
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Fax (Version: 47.0.1.000)
ffdshow v1.1.4158 [2011-12-17] (Version: 1.1.4158.0)
FoneSync
FormatFactory 2.60 (Version: 2.60)
Free DVD Video Converter version 1.5.15.718
Free YouTube to MP3 Converter version 3.10.11.923
GB Manager (Version: 1.20.0000)
GIMP 2.6.7
GoToMeeting 4.1.0.366
HP Image Zone 4.7 (Version: 4.7)
HP Image Zone Express (Version: 1.1.000.035)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
InterVideo WinDVD
IrfanView (remove only)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
LiveUpdate BVRP Software (Version: 1.00.005)
Lyra Jukebox Applications
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MediaMonkey 3.2 (Version: 3.2)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight (Version: 4.0.50917.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Word 2000 SR-1 (Version: 9.00.3821)
Microsoft Works 2001 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
mobile PhoneTools (Version: 3.11h 08/27/2004)
MotoHelper 2.0.51 Driver 5.2.0 (Version: 2.0.51)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Network Recording Player (Version: 2.23.2500)
nLite 1.4.9.1 (Version: 1.4.9.1)
PC Connectivity Solution (Version: 9.44.0.3)
ProductContext (Version: 47.0.1.000)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.66.73.0)
Readme (Version: 47.0.1.000)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista (Version: 5.40.24)
SpywareBlaster 4.4 (Version: 4.4.0)
SpywareGuard v2.2 (Version: 2.2)
SUPERAntiSpyware Free Edition (Version: 4.26.0.1000)
TrayApp (Version: 45.4.157.000)
TVersity Codec Pack 1.7 (Version: 1.7)
TVersity Media Server 1.9.7 (Version: 1.9.7)
Uninstall 1.0.0.1
Unload (Version: 4.5.0)
URL Snooper v2.28.01
VoiceOver Kit (Version: 1.40.128.0)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Xtend (Version: 2.0)
Xtend (Version: v2.0)

========================= Devices: ================================

Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Motorola USB Modem
Description: Motorola USB Modem
Class Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Motorola
Service: Modem
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 766.8 MB
Available physical RAM: 470.61 MB
Total Pagefile: 1877.52 MB
Available Pagefile: 1290.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.79 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:119.6 GB) NTFS

========================= Users: ========================================

User accounts for \\ALANPC

Administrator Alan Wasser Guest
HelpAssistant Jessie SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Here are the TDSSKiller results:
22:27:14.0046 3424 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
22:27:14.0312 3424 ============================================================
22:27:14.0312 3424 Current date / time: 2012/01/17 22:27:14.0312
22:27:14.0312 3424 SystemInfo:
22:27:14.0328 3424
22:27:14.0328 3424 OS Version: 5.1.2600 ServicePack: 3.0
22:27:14.0328 3424 Product type: Workstation
22:27:14.0328 3424 ComputerName: ALANPC
22:27:14.0328 3424 UserName: Alan Wasser
22:27:14.0328 3424 Windows directory: C:\WINDOWS
22:27:14.0328 3424 System windows directory: C:\WINDOWS
22:27:14.0328 3424 Processor architecture: Intel x86
22:27:14.0328 3424 Number of processors: 1
22:27:14.0328 3424 Page size: 0x1000
22:27:14.0328 3424 Boot type: Normal boot
22:27:14.0328 3424 ============================================================
22:27:17.0468 3424 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:27:17.0515 3424 Initialize success
22:27:20.0390 3308 ============================================================
22:27:20.0390 3308 Scan started
22:27:20.0390 3308 Mode: Manual;
22:27:20.0390 3308 ============================================================
22:27:21.0515 3308 Abiosdsk - ok
22:27:21.0546 3308 abp480n5 - ok
22:27:21.0625 3308 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:27:21.0656 3308 ACPI - ok
22:27:21.0718 3308 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:27:21.0734 3308 ACPIEC - ok
22:27:21.0781 3308 adpu160m - ok
22:27:21.0859 3308 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:27:21.0890 3308 aec - ok
22:27:21.0968 3308 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:27:22.0000 3308 AFD - ok
22:27:22.0062 3308 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:27:22.0062 3308 agp440 - ok
22:27:22.0109 3308 Aha154x - ok
22:27:22.0140 3308 aic78u2 - ok
22:27:22.0234 3308 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:27:22.0234 3308 aic78xx - ok
22:27:22.0281 3308 AliIde - ok
22:27:22.0312 3308 amsint - ok
22:27:22.0359 3308 asc - ok
22:27:22.0390 3308 asc3350p - ok
22:27:22.0421 3308 asc3550 - ok
22:27:22.0500 3308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:27:22.0500 3308 AsyncMac - ok
22:27:22.0562 3308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:27:22.0562 3308 atapi - ok
22:27:22.0593 3308 Atdisk - ok
22:27:22.0640 3308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:27:22.0656 3308 Atmarpc - ok
22:27:22.0750 3308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:27:22.0750 3308 audstub - ok
22:27:22.0875 3308 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:27:22.0890 3308 avgio - ok
22:27:22.0968 3308 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:27:22.0984 3308 avgntflt - ok
22:27:23.0031 3308 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:27:23.0046 3308 avipbb - ok
22:27:23.0140 3308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:27:23.0140 3308 Beep - ok
22:27:23.0250 3308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:27:23.0265 3308 cbidf2k - ok
22:27:23.0312 3308 cd20xrnt - ok
22:27:23.0375 3308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:27:23.0390 3308 Cdaudio - ok
22:27:23.0468 3308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:27:23.0484 3308 Cdfs - ok
22:27:23.0546 3308 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:27:23.0562 3308 Cdrom - ok
22:27:23.0578 3308 Changer - ok
22:27:23.0625 3308 CmdIde - ok
22:27:23.0687 3308 Cpqarray - ok
22:27:23.0718 3308 dac2w2k - ok
22:27:23.0734 3308 dac960nt - ok
22:27:23.0812 3308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:27:23.0828 3308 Disk - ok
22:27:23.0921 3308 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:27:24.0000 3308 dmboot - ok
22:27:24.0093 3308 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:27:24.0125 3308 dmio - ok
22:27:24.0218 3308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:27:24.0234 3308 dmload - ok
22:27:24.0343 3308 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:27:24.0359 3308 DMusic - ok
22:27:24.0390 3308 dpti2o - ok
22:27:24.0453 3308 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:27:24.0453 3308 drmkaud - ok
22:27:24.0531 3308 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
22:27:24.0546 3308 es1371 - ok
22:27:24.0640 3308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:27:24.0671 3308 Fastfat - ok
22:27:24.0718 3308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:27:24.0718 3308 Fdc - ok
22:27:24.0765 3308 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:27:24.0781 3308 Fips - ok
22:27:24.0859 3308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:27:24.0859 3308 Flpydisk - ok
22:27:24.0906 3308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:27:24.0937 3308 FltMgr - ok
22:27:25.0015 3308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:27:25.0015 3308 Fs_Rec - ok
22:27:25.0093 3308 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:27:25.0109 3308 Ftdisk - ok
22:27:25.0203 3308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:27:25.0203 3308 GEARAspiWDM - ok
22:27:25.0312 3308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:27:25.0328 3308 Gpc - ok
22:27:25.0421 3308 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
22:27:25.0500 3308 HCF_MSFT - ok
22:27:25.0593 3308 hpn - ok
22:27:25.0671 3308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:27:25.0718 3308 HTTP - ok
22:27:25.0750 3308 i2omgmt - ok
22:27:25.0781 3308 i2omp - ok
22:27:25.0875 3308 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:27:25.0875 3308 i8042prt - ok
22:27:25.0937 3308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:27:25.0953 3308 Imapi - ok
22:27:26.0015 3308 ini910u - ok
22:27:26.0093 3308 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:27:26.0109 3308 IntelIde - ok
22:27:26.0156 3308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:27:26.0171 3308 Ip6Fw - ok
22:27:26.0250 3308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:27:26.0265 3308 IpFilterDriver - ok
22:27:26.0328 3308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:27:26.0343 3308 IpInIp - ok
22:27:26.0406 3308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:27:26.0437 3308 IpNat - ok
22:27:26.0515 3308 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:27:26.0531 3308 IPSec - ok
22:27:26.0578 3308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:27:26.0593 3308 IRENUM - ok
22:27:26.0656 3308 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:27:26.0671 3308 isapnp - ok
22:27:26.0718 3308 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:27:26.0718 3308 Kbdclass - ok
22:27:26.0796 3308 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:27:26.0828 3308 kmixer - ok
22:27:26.0906 3308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:27:26.0921 3308 KSecDD - ok
22:27:26.0968 3308 lbrtfdc - ok
22:27:27.0062 3308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:27:27.0078 3308 mnmdd - ok
22:27:27.0156 3308 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:27:27.0171 3308 Modem - ok
22:27:27.0281 3308 motmodem (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motmodem.sys
22:27:27.0296 3308 motmodem - ok
22:27:27.0390 3308 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:27:27.0390 3308 Mouclass - ok
22:27:27.0421 3308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:27:27.0437 3308 MountMgr - ok
22:27:27.0468 3308 mraid35x - ok
22:27:27.0546 3308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:27:27.0562 3308 MRxDAV - ok
22:27:27.0656 3308 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:27:27.0718 3308 MRxSmb - ok
22:27:27.0843 3308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:27:27.0859 3308 Msfs - ok
22:27:27.0937 3308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:27:27.0937 3308 MSKSSRV - ok
22:27:28.0015 3308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:27:28.0015 3308 MSPCLOCK - ok
22:27:28.0125 3308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:27:28.0140 3308 MSPQM - ok
22:27:28.0250 3308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:27:28.0312 3308 mssmbios - ok
22:27:28.0562 3308 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:27:28.0578 3308 Mup - ok
22:27:28.0656 3308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:27:28.0687 3308 NDIS - ok
22:27:28.0765 3308 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:27:28.0781 3308 NdisTapi - ok
22:27:28.0843 3308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:27:28.0859 3308 Ndisuio - ok
22:27:28.0890 3308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:27:28.0921 3308 NdisWan - ok
22:27:29.0000 3308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:27:29.0000 3308 NDProxy - ok
22:27:29.0078 3308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:27:29.0093 3308 NetBIOS - ok
22:27:29.0140 3308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:27:29.0156 3308 NetBT - ok
22:27:29.0312 3308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:27:29.0328 3308 Npfs - ok
22:27:29.0406 3308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:27:29.0468 3308 Ntfs - ok
22:27:29.0593 3308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:27:29.0593 3308 Null - ok
22:27:29.0718 3308 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:27:29.0859 3308 nv - ok
22:27:29.0953 3308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:27:29.0968 3308 NwlnkFlt - ok
22:27:30.0031 3308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:27:30.0031 3308 NwlnkFwd - ok
22:27:30.0125 3308 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
22:27:30.0125 3308 P3 - ok
22:27:30.0218 3308 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:27:30.0234 3308 Parport - ok
22:27:30.0265 3308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:27:30.0281 3308 PartMgr - ok
22:27:30.0359 3308 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:27:30.0359 3308 ParVdm - ok
22:27:30.0421 3308 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:27:30.0437 3308 pccsmcfd - ok
22:27:30.0515 3308 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:27:30.0531 3308 PCI - ok
22:27:30.0578 3308 PCIDump - ok
22:27:30.0656 3308 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
22:27:30.0656 3308 PCIIde - ok
22:27:30.0750 3308 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:27:30.0781 3308 Pcmcia - ok
22:27:30.0828 3308 PDCOMP - ok
22:27:30.0843 3308 PDFRAME - ok
22:27:30.0875 3308 PDRELI - ok
22:27:30.0906 3308 PDRFRAME - ok
22:27:30.0937 3308 perc2 - ok
22:27:30.0953 3308 perc2hib - ok
22:27:31.0078 3308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:27:31.0078 3308 PptpMiniport - ok
22:27:31.0125 3308 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:27:31.0140 3308 Processor - ok
22:27:31.0187 3308 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:27:31.0203 3308 PSched - ok
22:27:31.0250 3308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:27:31.0265 3308 Ptilink - ok
22:27:31.0328 3308 ql1080 - ok
22:27:31.0359 3308 Ql10wnt - ok
22:27:31.0390 3308 ql12160 - ok
22:27:31.0406 3308 ql1240 - ok
22:27:31.0453 3308 ql1280 - ok
22:27:31.0515 3308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:27:31.0531 3308 RasAcd - ok
22:27:31.0609 3308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:27:31.0609 3308 Rasl2tp - ok
22:27:31.0656 3308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:27:31.0671 3308 RasPppoe - ok
22:27:31.0750 3308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:27:31.0765 3308 Raspti - ok
22:27:31.0843 3308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:27:31.0875 3308 Rdbss - ok
22:27:31.0937 3308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:27:31.0953 3308 RDPCDD - ok
22:27:32.0046 3308 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:27:32.0078 3308 RDPWD - ok
22:27:32.0171 3308 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:27:32.0187 3308 redbook - ok
22:27:32.0343 3308 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:27:32.0359 3308 ROOTMODEM - ok
22:27:32.0500 3308 RT61 (4a46d8f482afdb37b7c8dc1a1ce515f7) C:\WINDOWS\system32\DRIVERS\RT61.sys
22:27:32.0609 3308 RT61 - ok
22:27:32.0703 3308 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:27:32.0703 3308 rtl8139 - ok
22:27:32.0796 3308 SASDIFSV - ok
22:27:32.0812 3308 SASENUM - ok
22:27:32.0828 3308 SASKUTIL - ok
22:27:32.0937 3308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:27:32.0953 3308 Secdrv - ok
22:27:33.0015 3308 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:27:33.0015 3308 serenum - ok
22:27:33.0093 3308 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:27:33.0109 3308 Serial - ok
22:27:33.0171 3308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:27:33.0171 3308 Sfloppy - ok
22:27:33.0250 3308 silabenm - ok
22:27:33.0296 3308 silabser - ok
22:27:33.0343 3308 Simbad - ok
22:27:33.0421 3308 slabbus (00746035c28e913fb14bc0c94205c863) C:\WINDOWS\system32\DRIVERS\slabbus.sys
22:27:33.0437 3308 slabbus - ok
22:27:33.0546 3308 slabser (c471a21df9a26deb2ff5e8eccb4db622) C:\WINDOWS\system32\DRIVERS\slabser.sys
22:27:33.0562 3308 slabser - ok
22:27:33.0609 3308 Sparrow - ok
22:27:33.0687 3308 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:27:33.0687 3308 splitter - ok
22:27:33.0781 3308 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:27:33.0796 3308 sr - ok
22:27:33.0875 3308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:27:33.0921 3308 Srv - ok
22:27:34.0031 3308 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:27:34.0046 3308 ssmdrv - ok
22:27:34.0125 3308 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:27:34.0125 3308 StillCam - ok
22:27:34.0234 3308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:27:34.0234 3308 swenum - ok
22:27:34.0359 3308 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:27:34.0359 3308 swmidi - ok
22:27:34.0421 3308 symc810 - ok
22:27:34.0453 3308 symc8xx - ok
22:27:34.0484 3308 sym_hi - ok
22:27:34.0500 3308 sym_u3 - ok
22:27:34.0562 3308 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:27:34.0578 3308 sysaudio - ok
22:27:34.0671 3308 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
22:27:34.0671 3308 tbhsd - ok
22:27:34.0765 3308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:27:34.0812 3308 Tcpip - ok
22:27:34.0906 3308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:27:34.0921 3308 TDPIPE - ok
22:27:35.0000 3308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:27:35.0015 3308 TDTCP - ok
22:27:35.0062 3308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:27:35.0078 3308 TermDD - ok
22:27:35.0125 3308 TosIde - ok
22:27:35.0218 3308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:27:35.0234 3308 Udfs - ok
22:27:35.0265 3308 ultra - ok
22:27:35.0359 3308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:27:35.0406 3308 Update - ok
22:27:35.0515 3308 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:27:35.0531 3308 USBAAPL - ok
22:27:35.0609 3308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:27:35.0609 3308 usbehci - ok
22:27:35.0687 3308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:27:35.0703 3308 usbhub - ok
22:27:35.0750 3308 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:27:35.0750 3308 usbscan - ok
22:27:35.0828 3308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:27:35.0843 3308 USBSTOR - ok
22:27:35.0859 3308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:27:35.0875 3308 usbuhci - ok
22:27:35.0921 3308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:27:35.0921 3308 VgaSave - ok
22:27:35.0953 3308 ViaIde - ok
22:27:36.0031 3308 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:27:36.0046 3308 VolSnap - ok
22:27:36.0109 3308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:27:36.0109 3308 Wanarp - ok
22:27:36.0187 3308 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:27:36.0281 3308 Wdf01000 - ok
22:27:36.0359 3308 WDICA - ok
22:27:36.0437 3308 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:27:36.0453 3308 wdmaud - ok
22:27:36.0609 3308 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:27:36.0828 3308 \Device\Harddisk0\DR0 - ok
22:27:36.0843 3308 Boot (0x1200) (f067c3a7bef5867a6568a814a4190e9e) \Device\Harddisk0\DR0\Partition0
22:27:36.0843 3308 \Device\Harddisk0\DR0\Partition0 - ok
22:27:36.0859 3308 ============================================================
22:27:36.0859 3308 Scan finished
22:27:36.0859 3308 ============================================================
22:27:36.0875 2220 Detected object count: 0
22:27:36.0875 2220 Actual detected object count: 0
22:33:48.0156 3120 Deinitialize success

And here is the ESET Report:

C:\Documents and Settings\Alan Wasser\Application Data\Sun\Java\Deployment\cache\6.0\0\5c620640-47b458d1 multiple threats deleted - quarantined
C:\Documents and Settings\Alan Wasser\Application Data\Sun\Java\Deployment\cache\6.0\14\3bd20f8e-6539d30e a variant of Java/Exploit.CVE-2011-3544.Q trojan deleted - quarantined
C:\Documents and Settings\Alan Wasser\Application Data\Sun\Java\Deployment\cache\6.0\21\5ce7ed95-3d7d70eb Java/Exploit.CVE-2011-3544.X trojan deleted - quarantined
C:\Documents and Settings\Alan Wasser\Application Data\Sun\Java\Deployment\cache\6.0\22\530c4f16-2197bef0 multiple threats deleted - quarantined
C:\Documents and Settings\Alan Wasser\Application Data\Sun\Java\Deployment\cache\6.0\35\6a6a5ba3-212d29ea Java/Exploit.CVE-2011-3544.D trojan deleted - quarantined
C:\Documents and Settings\Alan Wasser\Application Data\Sun\Java\Deployment\cache\6.0\61\44f7dc7d-3242f389 a variant of Java/Exploit.CVE-2011-3544.Q trojan deleted - quarantined
C:\Documents and Settings\Alan Wasser\Application Data\Sun\Java\Deployment\cache\6.0\9\13df549-7d5ef88e a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined
C:\RECYCLER\S-1-5-21-1417001333-1606980848-1060284298-1004\Dc1.exe Win32/RegistryBooster application deleted - quarantined

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 PM

Posted 18 January 2012 - 04:28 PM

Ok, this looks good now. One thing I see.
Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

>>>>>>>>>>>>>>>>>
A few things to ckean up.
As you have SUPERAntispyware installed. You can update ,run that and remove anything it finds (probably some spy cookies left).
We need to temove and then Update these to Java 7 and Reader X...
Java™ 6 Update 20 (Version: 6.0.200)
Adobe Reader 9.2 (Version: 9.2.0)

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional




Now, If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 aw9018

aw9018
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 19 January 2012 - 11:34 AM

I have now used the Microsoft Fix it application to reset the hosts file, updated and ran superantispyware, which did find and remove spy cookies, and removed and replaced with the latest versions both Java and Adobe Reader. I have not created a new restore point yet because I am still unable to turn on automatic updates for windows or update windows manually form the windows site. Along with the list of spyware being removed the Superantispyware scan report said:
"Disabled Security Center Option [1 item]
Registry Keys
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY"

I have a screen shot of the report but I don't know how to post it in the reply.This an exact quote, though.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 PM

Posted 19 January 2012 - 12:58 PM

We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 aw9018

aw9018
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 19 January 2012 - 01:42 PM

I ran dial-a-fix and windows automatic updates is back on. Then when I started to follow your instructions for setting a restore point I found that system tools is empty, which reminded me that one of the original problems was that administrative tools was empty and it still is.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 PM

Posted 19 January 2012 - 03:18 PM

This happens due to one of these reasons:

•The Administrative Tools shell folder path is incorrectly set.
•The Administrative Tools shortcuts are deleted accidentally.


Go here L@@K There are 2 solutions.

This step involves making changes in the registry. Always back up your registry before making any changes.

Go to Start » Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File » Exit.

Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

Edited by boopme, 19 January 2012 - 03:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 aw9018

aw9018
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 19 January 2012 - 05:04 PM

Making progress slowly but surely and I really appreciate your help. I performed your last instructions and Administrative Tools is no longer empty but I don't think everything is back. For instance, Computer Management is not there.I don't know what else should be there, but all there is is Component Services, Performance Monitor, Services and Event Viewer. Also System Tools is still empty.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 PM

Posted 19 January 2012 - 08:59 PM

I think if we run SFC we can get the rest.

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 aw9018

aw9018
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 20 January 2012 - 09:17 AM

I followed your instructions, a box labeled windows file protection appeared, with a progress bar that moved slowly. It asked for the windows xp installation CD to be inserted, which I did. It has finished and closed but the system tools is still empty and administrative tools is still missing computer management.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 PM

Posted 20 January 2012 - 10:50 PM

please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 aw9018

aw9018
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 21 January 2012 - 12:46 PM

After running unhide.exe twice, System Tools is still empty and Computer Management is still not appearing in Administrative Tools. I did notice that I can get to Computer Management by typing compmmgmt.msc in the run box, though.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 PM

Posted 21 January 2012 - 08:58 PM

OK ,I know a Repair not full install should fix these,but try asking in XP. I think there is another fix like that other one,but I don't know it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 aw9018

aw9018
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 21 January 2012 - 10:33 PM

Do you mean start a new topic in the XP forum about the final remaining problems?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users