Unable to Delete ALL Specified Values (2)

I’m sorry for the Delay but My PC wont let me Reply to http://forum.avast.com/index.php?topic=111078.0
BUT I did manage to get 3 Log Files, except for aswMBR as it kept getting Hung-up all the time.
Thank You for your Help & Patience.

hqy and welcome to the forum. a amlware expert will guide you from here when one is online.

about the aswmbr have you tried to run it in safemode?

OK lets kill those bits first and then see if there is a reason that aswMBR hung

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O4 - HKU\S-1-5-21-2601973988-1143446372-3340486091-1001..\Run: [] C:\Users\So2L\Local Settings\Application Data\vghd.exe File not found
F3:64bit: - HKU\S-1-5-21-2601973988-1143446372-3340486091-1001 WinNT: Load - (C:\Users\So2L\LOCALS~1\Temp\msjemt.cmd) - File not found
F3 - HKU\S-1-5-21-2601973988-1143446372-3340486091-1001 WinNT: Load - (C:\Users\So2L\LOCALS~1\Temp\msjemt.cmd) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 6484 = C:\PROGRA~3\LOCALS~1\Temp\msicrtz.com
@Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\So2L\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\So2L\Desktop\desktop.ini:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Ok, I did all you asked. I really hope you can find the problem & have a solution.

There may be some delay due to differing time zones and essexboy’s availability

It is now after midnight in the UK so essexboy is likely to be in bed now and will be back later today.

Oh Ok. I’m not going to use My PC untill I can get this resolved. Thank You very much.

You’re welcome.

Should I run aswMBR in Safemode right now as stated by mikaelrask or should I just wait?

you may…it will not do any harm as long as you only save the log…dont click any fix buttons :wink:

Ok, I tried but when I rebooted into Safemode I couldn’t find aswMBR on My Desktop. I typed it in The Search Box in The Startmenu in Safemode but couldn’t locate it. Edit: Well I just tried to run aswMBR not in Safemode and after 3 min it crashed into a Windows BlueScreen Error.

Not a problem on aswMBR that does occur on some systems

The run and F3 keys should now be gone could you confirm that with a fresh MBAM run please

Sure Thanks, &, I have one other Problem I hope you can help me with. Since I got that FBI MoneyPak Virus My PC has been rebooting on its own every 15-30 min or so especially when I’m not at My PC. Is there anyway you can show me a program or something so you can diagnose why its doing that? I’m really Thankful for your Help & everybody that helps me.

Sounds like it may be a temperature problem

Download Speedfan and install it.
Once it’s installed, run the program and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.

http://artellos.geekstogo.com/speedfan.png

(this is a screenshot from a vista machine)

I took a Screenshot. There was a Fireball next to Temp2 I believe but it went away. Edit: Crud, Im so sorry, was I supposed to get SpeedFan v4.38?

No its is just that I have not updated my screenshots ;D

Do you have any dump files in C:\windows\minidumps ?

Yes, there is 1 File in the folder I believe it was from this morning when I got that BlueScreen error. Edit: Do you need me to attach the .dmp file?

Unfortunately you will not be able to attach it, and if it is related to aswMBR then it is of no use

Are any programmes running in the background when it reboots or is it just idle

I’m not sure. I could Screenshot all the stuff in Task Manager, if that helps?

Yep that would be good but select “Show all Users”

Ok, I got these Screenshots. I’m not sure as to what Windows needs and what it doesn’t need when it loadsup. Do you need me to post Screenshots of The Services too? It only allows me to post 1 Picture. I get a Forum Error saying Post is too Large 512kb max.