teamodave

Ok, Iv'e got IE running with no add ons.

Here's the log: aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software Run date: 2011-05-12 10:49:07 ----------------------------- 10:49:07.281 OS Version: Windows 5.1.2600 Service Pack 2 10:49:07.281 Number of processors: 1 586 0x209 10:49:07.281 ComputerName: HOMECOMPUTER UserName: Dad 10:49:09.093 Initialize success 10:49:23.843 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 10:49:23.859 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3 10:49:23.875 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c 10:49:23.890 Disk 1 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3 10:49:27.937 Disk 2 MBR read successfully 10:49:27.953 Disk 2 MBR scan 10:49:27.984 Disk 2 Windows XP default MBR code 10:49:28.000 Disk 2 MBR hidden 10:49:30.031 Disk 2 scanning sectors +976768065 10:49:30.046 Disk 2 scanning F:\WINDOWS\system32\drivers 10:49:39.875 Service scanning 10:49:48.062 Disk 2 trace - called modules: 10:49:48.093 ntoskrnl.exe CLASSPNP.SYS disk.sys USBSTOR.SYS hal.dll usbhub.sys USBPORT.SYS usbehci.sys 10:49:48.109 1 nt!IofCallDriver -> \Device\Harddisk2\DR4[0x89965250] 10:49:53.843 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000056[0x89991290] 10:49:54.187 5 USBSTOR.SYS[bace5706] -> nt!IofCallDriver -> \Device\USBPDO-5[0x89985de8] 10:49:54.484 7 usbhub.sys[f76f7504] -> nt!IofCallDriver -> \Device\USBPDO-4[0x89a85030] 10:49:54.812 Scan finished successfully 10:50:14.312 Disk 2 MBR has been saved successfully to "F:\Documents and Settings\Dad\Desktop\MBR.dat" 10:50:14.328 The log file has been saved successfully to "F:\Documents and Settings\Dad\Desktop\aswMBRlog.txt"

I have downloaded and unzipped the files but for some reason, it will not run when I double click.

Same result with new user profile.

Here's the log for the first: . DDS (Ver_11-03-05.01) - NTFSx86 Run by Dad at 14:23:56.79 on Mon 05/09/2011 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1379 [GMT -8:00] . AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . F:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe F:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Avira\AntiVir Desktop\sched.exe F:\Program Files\Avira\AntiVir Desktop\avguard.exe F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\WINDOWS\System32\svchost.exe -k HTTPFilter F:\Program Files\Avira\AntiVir Desktop\avshadow.exe F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\WINDOWS\System32\nvsvc32.exe F:\Program Files\Visioneer\OneTouch 4.0\OtService.exe F:\WINDOWS\System32\svchost.exe -k imgsvc F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\wscntfy.exe F:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe F:\WINDOWS\system32\wuauclt.exe F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Program Files\Mozilla Firefox\plugin-container.exe F:\Documents and Settings\Dad\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - f:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - f:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - f:\program files\yahoo!\search protection\ysp.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - f:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - f:\program files\yahoo!\companion\installs\cpn0\yt.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background uRun: [spybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe mRun: [sSBkgdUpdate] "f:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "f:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "f:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "f:\program files\scansoft\paperport\ereg\ereg.exe" -r "f:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini mRun: [Nikon Transfer Monitor] f:\program files\common files\nikon\monitor\NkMonitor.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - f:\program files\yahoo!\search protection\ysp.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll Trusted Zone: intuit.com\ttlc DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - f:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - f:\docume~1\dad\applic~1\mozilla\firefox\profiles\np865n7u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM2&o=41647940&locale=en_US&apn_uid=16D8E3C9-0885-49DF-A58E-D001DEED756F&apn_ptnrs=7K&apn_sauid=209A1458-A064-4A02-9D33-A2CB8C8DDDA5&apn_dtid=YYYYYYS9US&q= FF - prefs.js: network.proxy.type - 1 FF - component: f:\documents and settings\dad\application data\mozilla\firefox\profiles\np865n7u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll FF - plugin: f:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: f:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;f:\program files\avira\antivir desktop\avgio.sys [2011-5-4 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\avira\antivir desktop\sched.exe [2011-5-4 136360] R2 AntiVirService;Avira AntiVir Guard;f:\program files\avira\antivir desktop\avguard.exe [2011-5-4 269480] R2 avgntflt;avgntflt;f:\windows\system32\drivers\avgntflt.sys [2011-5-4 61960] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 pmxscan;Visioneer USB Service;f:\windows\system32\drivers\usbscan.sys [2011-3-18 15104] . =============== Created Last 30 ================ . 2011-05-09 04:43:48 502253 ----a-w- f:\windows\unhide.exe 2011-05-08 01:00:07 -------- d-----w- f:\program files\XML Notepad 2007 2011-05-06 20:17:06 -------- d-----w- f:\windows\pss 2011-05-04 16:30:22 -------- d-----w- f:\windows\system32\NtmsData 2011-05-04 16:28:14 -------- d-----w- f:\docume~1\dad\applic~1\Avira 2011-05-04 16:24:47 61960 ----a-w- f:\windows\system32\drivers\avgntflt.sys 2011-05-04 16:24:46 -------- d-----w- f:\program files\Avira 2011-05-04 16:24:46 -------- d-----w- f:\docume~1\alluse~1\applic~1\Avira 2011-05-04 15:40:05 -------- d-----w- F:\Malwarebytes' Anti-Malware 2011-05-04 15:35:58 -------- d-----w- F:\Internet Explorer 2011-05-04 09:00:21 509392 ----a-w- f:\windows\system32\PerfStringBackup.TMP 2011-05-03 16:57:29 142296 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll 2011-05-03 16:57:28 89048 ----a-w- f:\program files\mozilla firefox\libEGL.dll 2011-05-03 16:57:28 781272 ----a-w- f:\program files\mozilla firefox\mozsqlite3.dll 2011-05-03 16:57:28 465880 ----a-w- f:\program files\mozilla firefox\libGLESv2.dll 2011-05-03 16:57:28 1974616 ----a-w- f:\program files\mozilla firefox\D3DCompiler_42.dll 2011-05-03 16:57:28 1892184 ----a-w- f:\program files\mozilla firefox\d3dx9_42.dll 2011-05-03 16:57:28 1874904 ----a-w- f:\program files\mozilla firefox\mozjs.dll 2011-05-03 16:57:28 15832 ----a-w- f:\program files\mozilla firefox\mozalloc.dll 2011-05-01 00:49:52 -------- d-----w- f:\program files\Linksys EasyLink Advisor 2011-04-30 16:32:54 -------- d-----w- f:\program files\Native Instruments 2011-04-30 16:31:18 36864 ----a-w- f:\windows\system32\Mros432.dll 2011-04-30 16:31:16 36864 ----a-w- f:\windows\system32\audioencoderenum.dll 2011-04-15 19:27:31 -------- d-----w- f:\docume~1\dad\locals~1\applic~1\Intuit 2011-04-15 19:26:48 -------- d-----w- f:\docume~1\dad\applic~1\Intuit 2011-04-15 19:20:49 -------- d-----w- f:\docume~1\dad\locals~1\applic~1\IsolatedStorage 2011-04-15 19:20:42 -------- d-----w- f:\program files\common files\Intuit 2011-04-15 19:01:42 -------- d-----w- f:\windows\system32\XPSViewer 2011-04-15 19:01:10 89088 ----a-w- f:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-04-15 19:00:49 89088 -c----w- f:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-04-15 19:00:49 597504 -c----w- f:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-04-15 19:00:49 597504 ------w- f:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-04-15 19:00:49 575488 -c----w- f:\windows\system32\dllcache\xpsshhdr.dll 2011-04-15 19:00:49 575488 ------w- f:\windows\system32\xpsshhdr.dll 2011-04-15 19:00:49 1676288 -c----w- f:\windows\system32\dllcache\xpssvcs.dll 2011-04-15 19:00:49 1676288 ------w- f:\windows\system32\xpssvcs.dll 2011-04-15 19:00:49 117760 ------w- f:\windows\system32\prntvpt.dll 2011-04-15 18:58:33 -------- d-----w- f:\program files\MSXML 6.0 2011-04-15 18:49:35 -------- d-----w- f:\docume~1\alluse~1\applic~1\Intuit 2011-04-13 06:40:22 -------- d-----w- f:\program files\Ask.com . ==================== Find3M ==================== . 2011-04-02 20:12:51 73728 ----a-w- f:\windows\system32\javacpl.cpl 2011-04-02 20:12:51 472808 ----a-w- f:\windows\system32\deployJava1.dll 2011-03-19 23:03:48 106496 ----a-w- f:\windows\system32\ATL71.DLL 2011-02-19 00:36:58 4184352 ----a-w- f:\windows\system32\usbaaplrc.dll . ============= FINISH: 14:24:52.70 =============== Then here's the second one: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 3/18/2011 11:45:02 AM System Uptime: 5/9/2011 7:10:57 AM (7 hours ago) . Motherboard: Dell Computer Corp. | | 0M2035 Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor | 2593/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 466 GiB total, 155.094 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is FIXED (NTFS) - 74 GiB total, 59.07 GiB free. Z: is FIXED (NTFS) - 466 GiB total, 351.725 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 3/18/2011 11:55:40 AM - System Checkpoint RP2: 3/18/2011 1:27:00 PM - Installed Java 2 Runtime Environment, SE v1.4.2 RP3: 3/18/2011 1:04:33 PM - Removed Java 2 Runtime Environment, SE v1.4.2 RP4: 3/18/2011 1:05:45 PM - Installed Java 2 Runtime Environment, SE v1.4.2 RP5: 3/18/2011 7:25:31 PM - Update to an unsigned driver RP6: 3/18/2011 8:41:00 PM - Software Distribution Service 3.0 RP7: 3/18/2011 8:41:05 PM - Installed Windows XP KB842773. RP8: 3/18/2011 8:41:41 PM - Installed Windows Installer KB893803v2. RP9: 3/18/2011 8:41:54 PM - Installed Windows XP KB892130. RP10: 3/18/2011 8:41:58 PM - Installed Windows XP KB898461. RP11: 3/18/2011 8:56:29 PM - Installed ScanSoft PaperPort 11 RP12: 3/18/2011 8:58:00 PM - Installed OneTouch 4.0 RP13: 3/18/2011 9:24:42 PM - Software Distribution Service 3.0 RP14: 3/18/2011 9:27:22 PM - Installed Windows XP Service Pack 2. RP15: 3/18/2011 9:45:34 PM - Software Distribution Service 3.0 RP16: 3/18/2011 9:47:12 PM - Installed Windows XP KB915865. RP17: 3/18/2011 9:47:33 PM - Installed Windows NLSDownlevelMapping. RP18: 3/18/2011 9:47:48 PM - Installed Windows IDNMitigationAPIs. RP19: 3/18/2011 9:48:55 PM - Installed Windows Internet Explorer 7. RP20: 3/18/2011 9:49:19 PM - Software Distribution Service 3.0 RP21: 3/18/2011 9:56:15 PM - Installed Windows Media Player 11 RP22: 3/18/2011 9:56:33 PM - Installed Windows XP Wudf01000. RP23: 3/18/2011 9:57:40 PM - Installed Windows XP MSCompPackV1. RP24: 3/18/2011 9:57:50 PM - Installed Windows XP KB926239. RP25: 3/19/2011 2:21:59 PM - Installed iTunes RP26: 3/19/2011 2:50:34 PM - Installed DirectX RP27: 3/19/2011 2:51:21 PM - Installed Nero 7 Essentials RP28: 3/19/2011 3:01:52 PM - Installed Panorama Maker RP29: 3/19/2011 3:02:55 PM - Installed Microsoft Visual C++ 2005 Redistributable RP30: 3/19/2011 3:05:29 PM - Installed Nikon Transfer RP31: 3/19/2011 3:08:31 PM - Installed Nikon Message Center RP32: 3/20/2011 11:25:22 AM - Installed Adobe Reader X (10.0.1). RP33: 3/21/2011 12:15:45 PM - System Checkpoint RP34: 3/22/2011 1:25:54 PM - System Checkpoint RP35: 3/23/2011 1:34:39 PM - System Checkpoint RP36: 3/24/2011 2:18:38 PM - System Checkpoint RP37: 3/25/2011 3:04:53 PM - System Checkpoint RP38: 3/26/2011 3:19:35 PM - System Checkpoint RP39: 3/27/2011 7:43:51 PM - System Checkpoint RP40: 3/28/2011 8:18:30 PM - System Checkpoint RP41: 3/29/2011 11:15:43 PM - System Checkpoint RP42: 3/31/2011 12:27:31 AM - System Checkpoint RP43: 4/1/2011 1:18:30 AM - System Checkpoint RP44: 4/1/2011 8:00:15 PM - Installed Wizard101 RP45: 4/2/2011 12:11:53 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 RP46: 4/2/2011 12:12:46 PM - Installed Java 6 Update 22 RP47: 4/2/2011 12:13:16 PM - Installed OpenOffice.org 3.3 RP48: 4/3/2011 12:18:25 PM - System Checkpoint RP49: 4/4/2011 2:09:19 PM - System Checkpoint RP50: 4/5/2011 2:17:19 PM - System Checkpoint RP51: 4/6/2011 4:05:53 PM - System Checkpoint RP52: 4/7/2011 7:36:46 PM - System Checkpoint RP53: 4/8/2011 8:24:05 PM - System Checkpoint RP54: 4/9/2011 9:20:42 PM - System Checkpoint RP55: 4/10/2011 9:52:33 PM - System Checkpoint RP56: 4/11/2011 10:54:31 PM - System Checkpoint RP57: 4/13/2011 2:55:21 AM - System Checkpoint RP58: 4/14/2011 3:48:36 AM - System Checkpoint RP59: 4/15/2011 4:47:31 AM - System Checkpoint RP60: 4/15/2011 10:58:46 AM - Installed Windows XP WIC. RP61: 4/15/2011 11:00:59 AM - Installed Windows KB954550-v5. RP62: 4/15/2011 11:01:07 AM - Printer Driver Microsoft XPS Document Writer Installed RP63: 4/15/2011 11:18:16 AM - Printer Driver Microsoft XPS Document Writer Installed RP64: 4/15/2011 11:21:07 AM - Installed TurboTax 2010 wrapper RP65: 4/16/2011 11:24:27 AM - System Checkpoint RP66: 4/17/2011 12:20:14 PM - System Checkpoint RP67: 4/18/2011 8:48:29 AM - Installed TurboTax 2010 wcaiper RP68: 4/19/2011 9:20:15 AM - System Checkpoint RP69: 4/20/2011 10:20:15 AM - System Checkpoint RP70: 4/21/2011 11:20:20 AM - System Checkpoint RP71: 4/22/2011 12:32:17 PM - System Checkpoint RP72: 4/23/2011 1:20:17 PM - System Checkpoint RP73: 4/24/2011 2:20:17 PM - System Checkpoint RP74: 4/25/2011 3:20:17 PM - System Checkpoint RP75: 4/26/2011 5:03:38 PM - System Checkpoint RP76: 4/27/2011 5:20:19 PM - System Checkpoint RP77: 4/28/2011 5:20:25 PM - System Checkpoint RP78: 4/29/2011 5:21:29 PM - System Checkpoint RP79: 4/30/2011 6:23:10 PM - System Checkpoint RP80: 5/1/2011 7:38:04 PM - System Checkpoint RP81: 5/2/2011 8:01:25 PM - System Checkpoint RP82: 5/3/2011 8:06:25 PM - System Checkpoint RP83: 5/4/2011 12:59:01 AM - Software Distribution Service 3.0 RP84: 5/5/2011 1:25:08 AM - System Checkpoint RP85: 5/6/2011 2:24:02 AM - System Checkpoint RP86: 5/7/2011 2:45:39 AM - System Checkpoint RP87: 5/7/2011 5:00:04 PM - Installed XML Notepad 2007 RP88: 5/8/2011 5:10:51 PM - System Checkpoint . ==== Installed Programs ====================== . . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.0.1) Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Panorama Maker 4 Ask Toolbar Avira AntiVir Personal - Free Antivirus BCM V.92 56K Modem Bonjour C-Media PCI Audio CCleaner Dell ResourceCD Drivers Install For Linksys Easylink Advisor File Uploader Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB954550-v5) Intel® PRO Network Adapters and Drivers iTunes Java 2 Runtime Environment, SE v1.4.2 Java Auto Updater Java 6 Update 22 Linksys EasyLink Advisor 1.6 (0032) Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 4.0.1 (x86 en-US) MSXML 6.0 Parser (KB933579) Native Instruments Traktor DJ Audigy Edition Nero 7 Essentials neroxml Nikon Message Center Nikon Transfer NVIDIA Drivers OneTouch 4.0 OpenOffice.org 3.3 PowerDVD QuickTime ScanSoft PaperPort 11 Security Update for Windows Internet Explorer 7 (KB982381) SmartMusic 2011a SoulSeek Client 156c SoundMAX Spybot - Search & Destroy Steinberg Cubasis VST 4 TurboTax 2010 TurboTax 2010 wcaiper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper Update for Windows XP (KB898461) Update for Windows XP (KB904942) Visioneer 7600 USB Scanner Driver WaveLab Lite WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 2 Wizard101 XML Notepad 2007 Yahoo! Install Manager Yahoo! Search Protection Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 5/8/2011 9:33:17 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. 5/8/2011 9:32:55 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. 5/8/2011 11:08:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 5/8/2011 11:08:09 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================

Ok, deleted old unhide.exe and downloaded and ran the new one. Same results. Had a helluva time even navigating to the download page. Nothing but redirects with IE. I can navigate with Firefox no problem.

Still just a blinking cursor. Also getting lots of strange Windows Internet Explorer popups saying Are you sure you want to navigate away from this page? PRESS ENTER TO CLOSE THIS ALERT. Also was getting some redirects while trying to get back to the MBAM forum.

Ok, I've downloaded ComboFix and it's running but it's only got a blinking cursor going in it's window. Is this correct?

Yes, I fixed/removed those items and the computer seems to be running fine now. Though I am still mystified about the empty program folders in the Start/Programs menu.

Yes. Here is the log from it: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6520 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 5/6/2011 4:29:38 PM mbam-log-2011-05-06 (16-29-29).txt Scan type: Full scan (C:\|F:\|Z:\|) Objects scanned: 572546 Time elapsed: 4 hour(s), 4 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: f:\documents and settings\Dad\start menu\Programs\windows recovery (Trojan.FakeAV) -> No action taken. Files Infected: f:\documents and settings\Dad\Desktop\windows recovery.lnk (Trojan.FakeAV) -> No action taken. f:\documents and settings\Dad\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> No action taken. f:\documents and settings\Dad\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> No action taken.

Ok, very cool, got desktop back with icons. Drag and drop works and right clicking on desktop works. There still seems to be missing programs in the Start?Programs menu. For example, Start/Programs/Accessories/System Tools on has Internet Explorer. No System Restore or anything else. Also, getting a lot of Script Errors for some reason. Everything else seems fine. Thanks, Dave

Ok, finally manged to run unhide.exe. It did bring back my programs to the Start/Programs menu, but when i hover the mouse over them, they say (empty) and have no efeect when clicked on. Also, the desktop is still hijacked as there are no icons on it and right clicking on it has no effect. Also, I can't drag and drop icons to the desktop. Again, any help would be greatly appreciated. Thanks in advance, Dave

Yesterday morning our Dell Dimension 8300, P4 running XP had no icons on the desktop. The wallpaper was still there. Clicking Start/Programs showed no programs on the computer. Search thru My Comp/Program Files showed the same, no programs. I was able to running Avira and it found some issues but after restart, same problem. I have tried to run MBAM and keep getting popups that say: Setup Access Denied and then: Error An error occurred. Report error code to MBAM support team. Error Code: 730 (0, 0) I tried renaming the MBAM download and I tried it from the randon file name download with the same results. The odd thing is, when I was downloading and it asked where I wanted to Save the file, when I clicked Browse, all my programs were there in the Program Files folder. Anybody have any clues as to what may be causing this? Any help will be greatly appreciated. Thanks in advance, Dave

I fixed the problem by backing up the hard drive to an external drive, then formatting and doing a fresh install of Win XP. There may be an easier solution than what I did, but I was tired of dealing with this and had to get this thing back up and running. Thanks for your help nonetheless, it was very much appreciated. Dave

It says: The system cannot find the file or directory specified. To make sure I got this right, is there supposed to be a spce after the word EXPAND? And is the UNDERSCORE correct? And is there a space between the back-to-back " "?