Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Windows XP - can't access c: drive, various other start menu/taskbar issues  (Read 25806 times)

0 Members and 1 Guest are viewing this topic.

Anya

    Topic Starter


    Rookie

    • Experience: Familiar
    • OS: Windows XP
    Hi,

    I bought a Fujitsu Lifebook T-4220 off Craigslist about a month ago.  It came with XP Pro installed.  A couple of weeks later, I had a problem with a virus and after scanning and cleaning with Microsoft Security Scanner, I couldn't get Windows Firewall to let me back onto the internet, so I installed Comodo Firewall.

    So, last night I was trying to open up some PDF files (files I've opened before), but Comodo Firewall kept popping up asking for permissions.  I was telling it to allow everything, and then everything went wrong.  I could no longer open any files, couldn't start task manager, and couldn't access my c: drive (said I didn't have the right permissions).  When I restarted, most of the task bar icons were missing (internet connection, Dropbox, Comodo, sound, etc), but task manager says all the processes are running.  When I click on the Start Menu, it pops up but I can't click on anything in the menu.  I've run scans from AVG, Avast, Microsoft security scanner, Malwarebytes, and several other programs, and only Malwarebytes came up with anything at all (several PUP objects related to Softonics).  No changes to my task bar, start menu or ability to access c: drive out of safe mode.  I don't know anymore if this is even a virus.  I've looked online for remedies to my symptoms, but hardly any match exactly what I'm experiencing and apparently 400 thousand different things could be causing any of them.

    Help very much appreciated!!

    Here are the logs:

    # AdwCleaner v3.014 - Report created 01/12/2013 at 13:07:05
    # Updated 01/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Administrator - LIFEBOOK
    # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\Software\InstallIQ

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v25.0.1 (en-US)

    [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nzaowmbt.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [898 octets] - [01/12/2013 13:07:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [957 octets] ##########

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.01.03

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Administrator :: LIFEBOOK [administrator]

    12/1/2013 11:18:15 AM
    mbam-log-2013-12-01 (11-18-15).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 256469
    Time elapsed: 29 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
    HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 7
    C:\Documents and Settings\Administrator\Local Settings\Temp\0_Offer_1.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IG5NKWY5\SearchProtectPerionInstaller2[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\My Documents\Downloads\GOMPLAYERENSETUP.EXE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{996E336A-58F5-476F-9F9E-844E1723D7CB}\RP43\A0015664.exe (PUP.Optional.ExpressFiles.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{996E336A-58F5-476F-9F9E-844E1723D7CB}\RP54\A0018919.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{996E336A-58F5-476F-9F9E-844E1723D7CB}\RP54\A0018922.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

    (end)

     Results of screen317's Security Check version 0.99.77 
     Windows XP Service Pack 3 x86   
     Internet Explorer 8 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Security Center service is not running! This report may not be accurate!
     Windows Firewall Disabled! 
    Please wait while WMIC is being installed.displayName
    AVG AntiVirus Fre Edition 2014
    avast ! Antivirus  Antivirus up to date! 
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Trojan Remover 6.8.8   
     Malwarebytes Anti-Malware version 1.75.0.1300 
     CCleaner     
     Adobe Flash Player    11.9.900.152 
     Adobe Reader XI 
     Mozilla Firefox (25.0.1)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````[/u]
    « Last Edit: December 01, 2013, 06:58:23 PM by SuperDave »

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    The CF log shows that you have two AV programs on your computer. (AVG AntiVirus Free Edition 2014 and avast ! Antivirus  Please make sure that only one AV is active at any time on your computer otherwise, they will cause conflicts.
    Please run the defrag  tool on your harddrive soon. (SSD means Solid State Drive.) If you need help with that, please let me know.


    • Please download Unhide by Grinler from here and save it to your desktop.
    • Double click unhide.exe to run the tool.
    • It will take some time to go through all your files, so please be patient.
    • If this tool doesn´t fix the problem, please let me know.
    *******************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    Windows 8 and Windows 10 dual boot with two SSD's

    Anya

      Topic Starter


      Rookie

      • Experience: Familiar
      • OS: Windows XP
      Hi, Dave,

      Thanks so much for volunteering your services.  I disabled all my antivirus software and I've defragged my hard drive.  I'd already run Unhide before I posted to the forum, but it didn't fix the problem.  I ran JRT, but my computer is still having the same problems.  Here's the log:

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Thisisu
      Version: 6.0.8 (11.05.2013:1)
      OS: Microsoft Windows XP x86
      Ran by Administrator on Mon 12/02/2013 at 20:38:49.35
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Registry Values

      Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
      Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



      ~~~ Registry Keys

      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



      ~~~ Files



      ~~~ Folders





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Mon 12/02/2013 at 20:41:30.56
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Thank you for your reply!

      Anya

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
      Save Rkill to your desktop.

      There are 7 different versions. If one of them won't run then download and try to run the other one.
       
      Vista and Win7 users need to right click Rkill and choose Run as Administrator
       

      You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

      * Rkill.exe
      * Rkill.com
      * Rkill.scr
      * WiNlOgOn.exe
      * uSeRiNiT.exe
      * iExplore.exe
      * eXplorer.exe
      Once you've gotten one of them to run then try to immediately run the following.
      Windows 8 and Windows 10 dual boot with two SSD's

      Anya

        Topic Starter


        Rookie

        • Experience: Familiar
        • OS: Windows XP
        Okay, forgive me, but I'm not sure what you mean by 'immediately run the following.'  Should I run the next program on the list (WiNlOgOn.exe)?

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Okay, forgive me, but I'm not sure what you mean by 'immediately run the following.'  Should I run the next program on the list (WiNlOgOn.exe)?
        Sorry, this is a canned speech and I should have removed the last line. Does anything work after you run RKill?
        Windows 8 and Windows 10 dual boot with two SSD's

        Anya

          Topic Starter


          Rookie

          • Experience: Familiar
          • OS: Windows XP
          Hi, Dave,

          No, everything is still the same - only 4 task bar icons (which I can't click on), no access to c: drive, and still no usable start menu.  Here's the log from RKill:

          Rkill 2.6.3 by Lawrence Abrams (Grinler)
          http://www.bleepingcomputer.com/
          Copyright 2008-2013 BleepingComputer.com
          More Information about Rkill can be found at this link:
           http://www.bleepingcomputer.com/forums/topic308364.html

          Program started at: 12/04/2013 09:52:31 PM in x86 mode. (Safe Mode)
          Windows Version: Microsoft Windows XP Service Pack 3

          Checking for Windows services to stop:

           * No malware services found to stop.

          Checking for processes to terminate:

           * No malware processes found to kill.

          Checking Registry for malware related settings:

           * No issues found in the Registry.

          Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

          Performing miscellaneous checks:

           * Windows Firewall Disabled

             [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
             "EnableFirewall" = dword:00000000

           * ALERT: ZEROACCESS rootkit symptoms found!

               * C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\ [ZA Dir]
               * C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\ [ZA Dir]
               * C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
               * C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
               * C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\ [ZA Dir]
               * C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\L\ [ZA Dir]
               * C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\U\ [ZA Dir]
               * C:\Program Files\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\ [ZA Dir]
               * C:\Program Files\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \ [ZA Dir]
               * C:\Program Files\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ [ZA Dir]
               * C:\Program Files\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛\ [ZA Dir]
               * C:\Program Files\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\ [ZA Dir]

          Checking Windows Service Integrity:

           * COM+ Event System (EventSystem) is not Running.
             Startup Type set to: Manual

           * wscsvc (wscsvc) is not Running.
             Startup Type set to: Automatic

           * Automatic Updates (wuauserv) is not Running.
             Startup Type set to: Automatic

           * RemoteAccess [Missing Parameters Key]

          Searching for Missing Digital Signatures:

           * No issues found.

          Checking HOSTS File:

           * HOSTS file entries found:

            127.0.0.1       localhost

          Program finished at: 12/04/2013 09:53:20 PM
          Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)

          Thanks for your patience!

          Anya

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Malwarebytes' Anti-Rootkit

          Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
          • Be sure to print out and follow the instructions provided on that same page for performing a scan.
          • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
          • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
          • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
          • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
          • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
          • Copy and paste the contents of these two log files in your next reply.
          Windows 8 and Windows 10 dual boot with two SSD's

          Anya

            Topic Starter


            Rookie

            • Experience: Familiar
            • OS: Windows XP
            Hi, Dave,

            Here are the logs from the Malwarebytes scan:

            Malwarebytes Anti-Rootkit BETA 1.07.0.1008
            www.malwarebytes.org

            Database version: v2013.12.12.07

            Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
            Internet Explorer 8.0.6001.18702
            Administrator :: LIFEBOOK [administrator]

            12/12/2013 2:47:44 PM
            mbar-log-2013-12-12 (14-47-44).txt

            Scan type: Quick scan
            Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
            Scan options disabled:
            Objects scanned: 201733
            Time elapsed: 10 minute(s), 6 second(s)

            Memory Processes Detected: 0
            (No malicious items detected)

            Memory Modules Detected: 0
            (No malicious items detected)

            Registry Keys Detected: 0
            (No malicious items detected)

            Registry Values Detected: 0
            (No malicious items detected)

            Registry Data Items Detected: 0
            (No malicious items detected)

            Folders Detected: 14
            C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.
            C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot.
            C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛ (Trojan.0Access) -> Delete on reboot.
            C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c} (Trojan.0Access) -> Delete on reboot.
            C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\L (Trojan.0Access) -> Delete on reboot.
            C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\U (Trojan.0Access) -> Delete on reboot.
            C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c} (Trojan.0Access) -> Delete on reboot.
            c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\    (Trojan.0Access) -> Delete on reboot.
            c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \    (Trojan.0Access) -> Delete on reboot.
            c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛ (Trojan.0Access) -> Delete on reboot.
            c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c} (Trojan.0Access) -> Delete on reboot.
            c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\l (Trojan.0Access) -> Delete on reboot.
            c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\u (Trojan.0Access) -> Delete on reboot.
            C:\Program Files\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c} (Trojan.0Access) -> Delete on reboot.

            Files Detected: 0
            (No malicious items detected)

            Physical Sectors Detected: 0
            (No malicious items detected)

            (end)

            ---------------------------------------
            Malwarebytes Anti-Rootkit BETA 1.07.0.1008

            (c) Malwarebytes Corporation 2011-2012

            OS version: 5.1.2600 Windows XP Service Pack 3 x86

            System is currently in a safe mode

            Account is Administrative

            Internet Explorer version: 8.0.6001.18702

            File system is: NTFS
            Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
            CPU speed: 2.194000 GHz
            Memory total: 3479412736, free: 3152474112

            Downloaded database version: v2013.12.12.07
            Downloaded database version: v2013.10.11.02
            Initializing...
            ======================
            ------------ Kernel report ------------
                 12/12/2013 14:47:37
            ------------ Loaded modules -----------
            \WINDOWS\system32\ntoskrnl.exe
            \WINDOWS\system32\hal.dll
            \WINDOWS\system32\KDCOM.DLL
            \WINDOWS\system32\BOOTVID.dll
            ACPI.sys
            \WINDOWS\system32\DRIVERS\WMILIB.SYS
            pci.sys
            isapnp.sys
            compbatt.sys
            \WINDOWS\system32\DRIVERS\BATTC.SYS
            pciide.sys
            \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
            pcmcia.sys
            MountMgr.sys
            ftdisk.sys
            dmload.sys
            dmio.sys
            PartMgr.sys
            ACPIEC.sys
            \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
            VolSnap.sys
            iaStor.sys
            atapi.sys
            o2sd.sys
            \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
            o2media.sys
            disk.sys
            \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
            fltmgr.sys
            sr.sys
            KSecDD.sys
            Ntfs.sys
            inspect.sys
            \WINDOWS\System32\DRIVERS\NDIS.SYS
            \WINDOWS\System32\DRIVERS\TDI.SYS
            FBIOSDRV.SYS
            FJGPNV.SYS
            Mup.sys
            FJGSDisk.sys
            \SystemRoot\system32\DRIVERS\usbuhci.sys
            \SystemRoot\system32\DRIVERS\USBPORT.SYS
            \SystemRoot\system32\DRIVERS\usbehci.sys
            \SystemRoot\system32\DRIVERS\HDAudBus.sys
            \SystemRoot\system32\DRIVERS\yk51x86.sys
            \SystemRoot\system32\DRIVERS\NETw4x32.sys
            \SystemRoot\system32\DRIVERS\IFXTPM.SYS
            \SystemRoot\system32\DRIVERS\FjBtnDrv.sys
            \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
            \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
            \SystemRoot\system32\DRIVERS\serial.sys
            \SystemRoot\system32\DRIVERS\hidpen.sys
            \SystemRoot\system32\DRIVERS\FUJ02B1.sys
            \SystemRoot\system32\DRIVERS\i8042prt.sys
            \SystemRoot\system32\DRIVERS\kbdclass.sys
            \SystemRoot\system32\DRIVERS\SynTP.sys
            \SystemRoot\system32\DRIVERS\USBD.SYS
            \SystemRoot\system32\DRIVERS\mouclass.sys
            \SystemRoot\system32\DRIVERS\imapi.sys
            \SystemRoot\system32\DRIVERS\cdrom.sys
            \SystemRoot\system32\DRIVERS\redbook.sys
            \SystemRoot\system32\DRIVERS\ks.sys
            \SystemRoot\system32\DRIVERS\FUJ02E3.sys
            \SystemRoot\system32\DRIVERS\rasirda.sys
            \SystemRoot\system32\DRIVERS\rasl2tp.sys
            \SystemRoot\system32\DRIVERS\ndistapi.sys
            \SystemRoot\system32\DRIVERS\ndiswan.sys
            \SystemRoot\system32\DRIVERS\raspppoe.sys
            \SystemRoot\system32\DRIVERS\raspptp.sys
            \SystemRoot\system32\DRIVERS\psched.sys
            \SystemRoot\system32\DRIVERS\msgpc.sys
            \SystemRoot\system32\DRIVERS\ptilink.sys
            \SystemRoot\system32\DRIVERS\raspti.sys
            \SystemRoot\system32\DRIVERS\rdpdr.sys
            \SystemRoot\system32\DRIVERS\termdd.sys
            \SystemRoot\system32\DRIVERS\swenum.sys
            \SystemRoot\system32\DRIVERS\update.sys
            \SystemRoot\system32\DRIVERS\mssmbios.sys
            \SystemRoot\system32\DRIVERS\usbhub.sys
            \SystemRoot\System32\Drivers\NDProxy.SYS
            \SystemRoot\system32\DRIVERS\mouhid.sys
            \SystemRoot\system32\DRIVERS\kbdhid.sys
            \SystemRoot\System32\DRIVERS\cmderd.sys
            \SystemRoot\System32\Drivers\Fs_Rec.SYS
            \SystemRoot\System32\Drivers\Null.SYS
            \SystemRoot\System32\Drivers\Beep.SYS
            \SystemRoot\System32\drivers\vga.sys
            \SystemRoot\System32\drivers\VIDEOPRT.SYS
            \SystemRoot\System32\DRIVERS\RDPCDD.sys
            \SystemRoot\System32\Drivers\Msfs.SYS
            \SystemRoot\System32\Drivers\Npfs.SYS
            \SystemRoot\system32\DRIVERS\rasacd.sys
            \SystemRoot\system32\DRIVERS\ipsec.sys
            \SystemRoot\system32\DRIVERS\tcpip.sys
            \SystemRoot\system32\DRIVERS\ipnat.sys
            \SystemRoot\System32\DRIVERS\cmdhlp.sys
            \SystemRoot\system32\DRIVERS\netbt.sys
            \??\C:\WINDOWS\system32\drivers\aswRdr.sys
            \SystemRoot\System32\drivers\ws2ifsl.sys
            \SystemRoot\System32\drivers\afd.sys
            \SystemRoot\system32\DRIVERS\netbios.sys
            \SystemRoot\system32\DRIVERS\rdbss.sys
            \SystemRoot\system32\DRIVERS\mrxsmb.sys
            \SystemRoot\system32\DRIVERS\USBSTOR.SYS
            \SystemRoot\System32\Drivers\Cdfs.SYS
            \SystemRoot\System32\Drivers\dump_atapi.sys
            \SystemRoot\System32\Drivers\dump_WMILIB.SYS
            \SystemRoot\System32\win32k.sys
            \SystemRoot\System32\drivers\Dxapi.sys
            \SystemRoot\System32\watchdog.sys
            \SystemRoot\System32\drivers\dxg.sys
            \SystemRoot\System32\drivers\dxgthk.sys
            \SystemRoot\System32\framebuf.dll
            \SystemRoot\System32\ATMFD.DLL
            \SystemRoot\system32\DRIVERS\ndisuio.sys
            \SystemRoot\System32\Drivers\Fastfat.SYS
            \SystemRoot\system32\DRIVERS\srv.sys
            \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
            \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
            \WINDOWS\system32\ntdll.dll
            ----------- End -----------
            Done!
            <<<1>>>
            Upper Device Name: \Device\Harddisk1\DR3
            Upper Device Object: 0xffffffff884b5548
            Upper Device Driver Name: \Driver\Disk\
            Lower Device Name: \Device\0000009f\
            Lower Device Object: 0xffffffff88571be8
            Lower Device Driver Name: \Driver\USBSTOR\
            <<<1>>>
            Upper Device Name: \Device\Harddisk0\DR0
            Upper Device Object: 0xffffffff8b0ed508
            Upper Device Driver Name: \Driver\Disk\
            Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\
            Lower Device Object: 0xffffffff8b059030
            Lower Device Driver Name: \Driver\atapi\
            <<<2>>>
            Physical Sector Size: 512
            Drive: 0, DevicePointer: 0xffffffff8b0ed508, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
            --------- Disk Stack ------
            DevicePointer: 0xffffffff8b0ed0c0, DeviceName: Unknown, DriverName: \Driver\FJGSDisk\
            DevicePointer: 0xffffffff8b0ed2e0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
            DevicePointer: 0xffffffff8b0ed508, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
            DevicePointer: 0xffffffff8b02f1c8, DeviceName: \Device\0000008d\, DriverName: \Driver\ACPI\
            DevicePointer: 0xffffffff8b059030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\
            ------------ End ----------
            Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
            Upper DeviceData: 0x0, 0x0, 0x0
            Lower DeviceData: 0x0, 0x0, 0x0
            <<<3>>>
            Volume: C:
            File system type: NTFS
            SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
            <<<2>>>
            <<<3>>>
            Volume: C:
            File system type: NTFS
            SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
            Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
            <<<2>>>
            <<<3>>>
            Volume: C:
            File system type: NTFS
            SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
            Done!
            Drive 0
            Scanning MBR on drive 0...
            Inspecting partition table:
            MBR Signature: 55AA
            Disk Signature: B2DDB2DD

            Partition information:

                Partition 0 type is Primary (0x7)
                Partition is ACTIVE.
                Partition starts at LBA: 63  Numsec = 151043067
                Partition file system is NTFS
                Partition is bootable

                Partition 1 type is Primary (0x7)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 151043130  Numsec = 5253255

                Partition 2 type is Empty (0x0)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 0  Numsec = 0

                Partition 3 type is Empty (0x0)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 0  Numsec = 0

            Disk Size: 80026361856 bytes
            Sector size: 512 bytes

            Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
            Done!
            Physical Sector Size: 512
            Drive: 1, DevicePointer: 0xffffffff884b5548, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
            --------- Disk Stack ------
            DevicePointer: 0xffffffff884b53d0, DeviceName: Unknown, DriverName: \Driver\FJGSDisk\
            DevicePointer: 0xffffffff884ca9e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
            DevicePointer: 0xffffffff884b5548, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
            DevicePointer: 0xffffffff88571be8, DeviceName: \Device\0000009f\, DriverName: \Driver\USBSTOR\
            ------------ End ----------
            Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
            Upper DeviceData: 0x0, 0x0, 0x0
            Lower DeviceData: 0x0, 0x0, 0x0
            Drive 1
            Scanning MBR on drive 1...
            Inspecting partition table:
            MBR Signature: 55AA
            Disk Signature: C3072E18

            Partition information:

                Partition 0 type is Other (0xc)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 112  Numsec = 30924688

                Partition 1 type is Empty (0x0)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 0  Numsec = 0

                Partition 2 type is Empty (0x0)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 0  Numsec = 0

                Partition 3 type is Empty (0x0)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 0  Numsec = 0

            Disk Size: 15833497600 bytes
            Sector size: 512 bytes

            Done!
            Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙ --> [Trojan.0Access]
            Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
            Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛ --> [Trojan.0Access]
            Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c} --> [Trojan.0Access]
            Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\L --> [Trojan.0Access]
            Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\U --> [Trojan.0Access]
            Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c} --> [Trojan.0Access]
            Infected: c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\    --> [Trojan.0Access]
            Infected: c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \    --> [Trojan.0Access]
            Infected: c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛ --> [Trojan.0Access]
            Infected: c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c} --> [Trojan.0Access]
            Infected: c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\l --> [Trojan.0Access]
            Infected: c:\program files\google\desktop\install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\   \   \ﯹ๛\{e1c369c1-d5b2-7d38-1d59-1675da280a1c}\u --> [Trojan.0Access]
            Infected: C:\Program Files\Google\Desktop\Install\{e1c369c1-d5b2-7d38-1d59-1675da280a1c} --> [Trojan.0Access]
            Scan finished
            Creating System Restore point...
            Could not create restore point...
            Cleaning up...
            Executing an action fixdamage.exe...
            Success!
            Queuing an action fixdamage.exe
            Removal scheduling successful. System shutdown needed.
            System shutdown occurred
            =======================================


            Removal queue found; removal started
            Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
            Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
            Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
            Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
            Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
            Removal finished

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            I'd like to scan your machine with ESET OnlineScan

            •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
            ESET OnlineScan

            •Click the button.
            •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
            • Click on to download the ESET Smart Installer. Save it to your desktop.
            • Double click on the icon on your desktop.
            •Check
            •Click the button.
            •Accept any security warnings from your browser.
            • Leave the check mark next to Remove found threats.
            •Check
            •Push the Start button.
            •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
            •When the scan completes, push
            •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
            •Push the button.
            •Push
            A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
            Windows 8 and Windows 10 dual boot with two SSD's

            Anya

              Topic Starter


              Rookie

              • Experience: Familiar
              • OS: Windows XP
              Re: Windows XP - can't access c: drive, various other start menu/taskbar issues
              « Reply #10 on: December 17, 2013, 09:56:29 PM »
              Hi, Dave,

              Here are the ESET logs/results:

              C:\Qoobox\Quarantine\C\WINDOWS\system32\c.exe.vir   JS/Agent.NJV trojan   cleaned by deleting - quarantined

              ESETSmartInstaller@High as CAB hook log:
              OnlineScanner.ocx - registred OK
              # version=8
              # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
              # OnlineScanner.ocx=1.0.0.6920
              # api_version=3.0.2
              # EOSSerial=d5a6be87503bc841b12efd0fb3a0b2f6
              # engine=16307
              # end=finished
              # remove_checked=true
              # archives_checked=true
              # unwanted_checked=false
              # unsafe_checked=false
              # antistealth_checked=false
              # utc_time=2013-12-18 04:35:38
              # local_time=2013-12-17 10:35:38 (-0600, Central Standard Time)
              # country="United States"
              # lang=1033
              # osver=5.1.2600 NT Service Pack 3
              # compatibility_mode=774 16777214 71 76 547029 547043 0 0
              # compatibility_mode=3074 16777214 100 84 0 21185780 0 0
              # scanned=67302
              # found=1
              # cleaned=1
              # scan_time=3507
              sh=5BEBE33655DCB050DB2B8E9750AEB21374EEC40A ft=1 fh=cb511a7edc3e8c95 vn="JS/Agent.NJV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\WINDOWS\system32\c.exe.vir"

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Windows XP - can't access c: drive, various other start menu/taskbar issues
              « Reply #11 on: December 18, 2013, 01:05:22 PM »
              How's your computer running now? Any other issues before we clean up?
              Windows 8 and Windows 10 dual boot with two SSD's

              Anya

                Topic Starter


                Rookie

                • Experience: Familiar
                • OS: Windows XP
                Re: Windows XP - can't access c: drive, various other start menu/taskbar issues
                « Reply #12 on: December 19, 2013, 06:50:48 AM »
                Hi, SuperDave,

                Well, I'm still having the same issues - can't access the c: drive and all the other stuff.  Other than that, no other major problems.  What do I do now?

                Thanks again for all your help.  :)

                A~

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Windows XP - can't access c: drive, various other start menu/taskbar issues
                « Reply #13 on: December 19, 2013, 12:08:39 PM »
                After you purchased the computer did you do anything to it such as create a new account or delete any old accounts that were there?
                Windows 8 and Windows 10 dual boot with two SSD's

                Anya

                  Topic Starter


                  Rookie

                  • Experience: Familiar
                  • OS: Windows XP
                  Re: Windows XP - can't access c: drive, various other start menu/taskbar issues
                  « Reply #14 on: December 19, 2013, 01:55:21 PM »
                  No, I didn't delete any accounts.  We used the generic 'administrator' account for logging in.