can't enable shields

[Devox]

Hi, i am using vista-32 and i used to use Avira free antivirus, but yesterday it stop working so i try fix it and update it but still the real time protection didn't work. so i uninstall it and re-install it again but its also didn't work. so then i tried to use another antivirus so i installed avast free. but also the shields don't work and this time i can't even make update.

I suppose this means that my computer is infected.

So now, what should i do?

attached is a HJT log file, i don't know what is HJT but i found a lot of ppl ask for it and use it to identify the problem so i used it may it help.

Thanks.

[true indian]

follow guide: http://forum.avast.com/index.php?topic=53253.0

attach all logs here..

[essexboy]

Monitoring - did Avira give any alerts ?

[Devox]

Monitoring - did Avira give any alerts ?

Its not activeted the small icon on the buttom right has an X on it but i can't do a scan or anything plus i found that i can't even connect to an acount every time i connect it tell me success but its not actualy connected !!!

[Devox]

follow guide: http://forum.avast.com/index.php?topic=53253.0

attach all logs here..

here is the logs
the aswMBR didn't work but i attached the log anyway

Thanks

[SafeSurf]

Thank you for posting your logs.  Essexboy will continue to assist you with your malware removal when he comes on the forum, which is usually late UK time zone.

In the meantime, please do not make any changes to your machine since posting these logs.  Do not sync anything to the machine and try not to use it.  If you are on a network, disconnect this machine from the network.  I do see problems in your logs that Essexboy needs to work on with you.  Thank you.

[essexboy]

OK I am not sure if OTL is strong enough to kill this but lets give it a whirl

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  SRV - File not found [Unknown (-1) | Running] -- -- (syshost32)
  DRV - File not found [Kernel | Boot | Stopped] -- -- (lhldjq)
  DRV - File not found [Unknown (-1) | Unknown (-1) | Unknown] -- -- (syshost32)
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\S-1-5-21-451692780-2006726030-4535673-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O33 - MountPoints2\{11b1738b-b1ec-11df-a6eb-f1c0d7e74bc3}\Shell\AuTopLay\coMmaND - "" = ubqjor.pif
  O33 - MountPoints2\{11b1738b-b1ec-11df-a6eb-f1c0d7e74bc3}\Shell\AutoRun\command - "" = ubqjor.pif
  O33 - MountPoints2\{11b1738b-b1ec-11df-a6eb-f1c0d7e74bc3}\Shell\eXploRe\cOmmanD - "" = ubqjor.pif
  O33 - MountPoints2\{11b1738b-b1ec-11df-a6eb-f1c0d7e74bc3}\Shell\oPen\cOmMAnd - "" = ubqjor.pif
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Devox]

i didn't found combofix log file. there is c:\combofix file but its not .txt its like the computer icon on desktop when i double click it it show me the hard disk drives.

also the windows defender stoped working after reboot from combofix i reboot again as adviced but the problem didn't get solved
i still didn't try to enable the avast shields.

[essexboy]

Aye OTL lacked the oomph to kill the main driver... 

So lets try a different tack.. Delete the current copy of Combofix from your desktop
Download a fresh copy but prior to saving rename as Gotcha and try again... Meanwhile I will look for a stronger tool.  I think maybe Avenger next 

[Devox]

just to be clear you want me to download a fresh combofix but rename before save and call it "Gotcha"?

[essexboy]

Yes please

[Devox]

the same thing happend, but i noticed that the computer didn't restart normaly; the blue screen appeared for a second and then the computer restar

[essexboy]

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code: [Select]

Begin copying here:
Drivers to delete:
syshost32
Note: the above code was created specifically for this user.  If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Accept the disclaimer

• Right click on the window under Input script here:, and select Paste.
  
  
  
  
• You can also click on this window and  press (Ctrl+V) to paste the contents of the clipboard.
  
• Click on Execute
  
  
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions.  This log file will be located at  C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh OTL log

[Devox]

attached is the log of fresh OTL quick scan with no code added
and the avenger log is :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "syshost32" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

[essexboy]

OK that killed it 

Could you now retry Combofix please