Inactive Error following 6-Step Virus Removal Guide + Google redirect virus

henrisha

Posts: 12   +0
Hi,

Running Windows Vista and just discovered that every link I clicked on after doing a search on Google redirected me to another site.
I'm not the one who uses the PC (it's my dad's) so I have no idea where the virus might have been picked up.

I feel like my case is similar to this one: https://www.techspot.com/vb/topic171985.html
We went through the entire step and more or less I encountered the same difficulties as that user.

Tried following the 6-Step Virus Removal and ran into the ff. problems:
- I installed Avast Free because when I initially checked, it didn't seem like the PC had any anti virus programs installed. After running an initial scan with Avast Free (which failed), I found that AVG was installed but it wouldn't open or run at all.
- I restarted and Avast ran a virus scan on DOS that stalled at 28% and then proceeded to load Windows. When I tried running Avast again, a dialog box popped up that said that I had no permissions to access the AvastUI.
- Restarted, uninstalled Avast (from Control Panel and using the Avast Uninstall Utility) then ran another scan. Still didn't scan until completion.
- Installed and ran Anti Malware Bytes. After updating, the program froze and didn't scan at all. Rebooted again.
- When I try running Anti Malware Bytes, an error window pops up. Program won't start anymore.
- Downloaded and tried running GMER. It exited by itself after a few seconds and same as the previous programs, it won't run again. Double-clicking it only makes an error window pop up.
- Downloaded and ran DDS. Thankfully, it ran to completion and generated logs.

I feel like I probably did more to mess up the PC as it stands.
Any help will truly be appreciated. Thanks!


DDS TEXT:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_16
Run by computer at 15:21:02 on 2011-10-13
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2010.1125 [GMT 8:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\3338480270:1909785145.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\AMT\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.ask.com?o=15161&l=dis
uSearch Bar =
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
uWinlogon: Shell=c:\users\computer\appdata\local\8e2afdc6\X
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAwADQAOAAyADgAMgAyADYALQBUADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADQANAAzADAANQAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.894
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: DhcpNameServer = 222.127.143.5 202.126.40.5
TCP: Interfaces\{E0063284-DE6C-42AE-B716-269C69F9577D} : DhcpNameServer = 222.127.143.5 202.126.40.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\kgemun6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-13 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-13 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-13 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-13 54616]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 234496]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2009-3-14 2514944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-13 22216]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2009-6-10 335872]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-13 44768]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-13 366152]
.
=============== Created Last 30 ================
.
2011-10-13 07:00:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-13 05:46:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-13 05:46:15 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-13 05:45:22 41184 ----a-w- c:\windows\avastSS.scr
2011-10-13 03:33:01 -------- d-----w- c:\users\computer\appdata\roaming\Malwarebytes
2011-10-13 03:32:52 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 03:32:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 03:32:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 03:27:22 -------- d-----w- c:\programdata\AVAST Software
2011-10-13 03:27:22 -------- d-----w- c:\program files\AVAST Software
2011-10-13 02:45:19 -------- d-----w- C:\6b106405dde16537b2467989
2011-10-11 07:36:19 -------- d-sh--w- c:\users\computer\appdata\local\8e2afdc6
2011-09-17 00:24:18 -------- d-----w- C:\43b36d0721eb0ac7f8e4f139
.
==================== Find3M ====================
.
.
============= FINISH: 15:22:25.37 ===============

ATTACH TEXT:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/28/2008 09:16:31 AM
System Uptime: 10/13/2011 03:13:37 PM (0 hours ago)
.
Motherboard: Intel Corporation | | DQ35MP
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | J1PR | 2497/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 244 GiB total, 133.647 GiB free.
D: is FIXED (NTFS) - 222 GiB total, 78.256 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.2.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
BufferChm
CD Asia Products
Chikka Messenger V4
Chinese Traditional Fonts Support For Adobe Reader 8
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
EniG\Periodic Table
eSupportQFolder
Excel OM 2
Fax
Google Chrome
Google Earth
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel(R) PRO Network Connections 12.1.12.0
Intel® Active Management Technology
Intel® Management Engine Interface
iTunes
Java(TM) 6 Update 16
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Korean Fonts Support For Adobe Reader 8
LightScribe 1.8.15.1
Luxor
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
MathType 6
Microsoft .NET Framework 3.5 SP1
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
MozBackup 1.5.1
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Thunderbird (5.0)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyPhoneExplorer
Nero 7 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia PC Suite
Nokia_Multimedia_Common_Components_2_5
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
OpenOffice.org Installer 1.0
PC Connectivity Solution
PDF Settings
QuickTime
Realtek High Definition Audio Driver
Safari
Scan
Seagate DiscWizard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype™ 3.8
SolutionCenter
SopCast 3.2.4
Status
STELLA 9.0.2 Trial
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update Manager
VideoLAN VLC media player 0.8.6f
WebReg
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinRAR archiver
Yahoo! Messenger
Yahoo! Messenger for Vista
Zuma's Revenge!
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/13/2011 12:26:24 AM, Error: EventLog [6008] - The previous system shutdown at 12:22:14 AM on 10/13/2011 was unexpected.
10/13/2011 11:39:12 AM, Error: EventLog [6008] - The previous system shutdown at 11:35:11 AM on 10/13/2011 was unexpected.
10/13/2011 10:53:47 AM, Error: EventLog [6008] - The previous system shutdown at 10:49:00 AM on 10/13/2011 was unexpected.
10/13/2011 10:36:07 AM, Error: EventLog [6008] - The previous system shutdown at 10:33:53 AM on 10/13/2011 was unexpected.
10/13/2011 10:22:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
10/13/2011 01:48:55 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
10/13/2011 01:48:50 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/13/2011 01:24:31 PM, Error: Print [19] - The print spooler failed to share printer hp psc 1300 series with shared resource name hp psc 1300 series. Error 2114. The printer cannot be used by others on the network.
10/12/2011 12:06:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/12/2011 11:21:02 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/12/2011 11:21:02 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/12/2011 09:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/12/2011 09:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/12/2011 09:50:38 AM, Error: EventLog [6008] - The previous system shutdown at 9:46:25 AM on 10/12/2011 was unexpected.
10/12/2011 08:54:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/12/2011 08:54:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/12/2011 08:54:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/12/2011 08:54:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/12/2011 08:54:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/12/2011 08:54:09 AM, Error: LSM [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
10/12/2011 08:54:04 AM, Error: EventLog [6008] - The previous system shutdown at 8:50:24 AM on 10/12/2011 was unexpected.
10/12/2011 08:39:36 AM, Error: EventLog [6008] - The previous system shutdown at 8:37:50 AM on 10/12/2011 was unexpected.
10/12/2011 08:18:11 AM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Access is denied.
10/12/2011 08:17:57 AM, Error: EventLog [6008] - The previous system shutdown at 8:15:24 AM on 10/12/2011 was unexpected.
10/12/2011 08:08:30 AM, Error: EventLog [6008] - The previous system shutdown at 8:06:13 AM on 10/12/2011 was unexpected.
10/12/2011 07:55:34 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c99568b6a4cf6b) service failed to start due to the following error: Access is denied.
10/12/2011 07:53:58 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Seagate Scheduler2 Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Intel(R) Active Management Technology System Status Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
10/12/2011 07:53:19 AM, Error: EventLog [6008] - The previous system shutdown at 7:51:26 AM on 10/12/2011 was unexpected.
10/12/2011 05:21:21 PM, Error: EventLog [6008] - The previous system shutdown at 5:17:17 PM on 10/12/2011 was unexpected.
10/12/2011 05:12:25 PM, Error: EventLog [6008] - The previous system shutdown at 5:07:07 PM on 10/12/2011 was unexpected.
10/12/2011 04:46:34 PM, Error: EventLog [6008] - The previous system shutdown at 11:29:01 AM on 10/12/2011 was unexpected.
10/08/2011 09:41:30 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/06/2011 10:52:24 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
10/06/2011 07:02:50 AM, Error: TermService [1057] - The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state. .
10/06/2011 02:29:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 000E2EF47D65 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome to TechSpot! I will try to help you get the scans running.

A note first re: "We went through the entire step and more or less I encountered the same difficulties as that user."
While we may have you run some of the same programs, the information we give is specific to the person who started the thread. And you are correct in thinking it can actually make a problem worse.
=============================================
I note that you had several crashes in a row and before that, several unexplained shut downs.
Before trying the scans, please do an Error Check as follows:
From Windows Explorer:
Right click on Start> Explore> My Computer> Right click on Local Drive (usually C)> Properties> Tools> Error Check> check both boxes on the screen that comes up> Apply> Close the message and reboot for the Error Checking to start.

This may take a while if it hasn't been done in maintenance so let it complete. The system will reboot when finished. There is no log to leave
======================================
Since you didn't give me the error message from Mbam, I'll start with this:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again
If that doesn't work and you get another message, please tell me what it is.
=====================================
I see that the AVG uninstaller has been run, so you can go on to Combofox>>> but if you get a message that it can't run because AVG is on the system, run the AppRempver first:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=========================================
Please leave the logs in our next reply.
========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

Please go on to the next reply.
 
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
Download and install then most current version and update of Java v6u27 Java Updates .

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
(I notice that the AskBar is on the system. That usually happens from a pre-checked TB on a download screen.)
---------------------------
Please update Java to v6u27 Java Updates . Make sure any earlier versions were removed in Add/Remove Programs.
==============================
You will most likely have malware in the Java cache because of the outdated programs, so it needs to be emptied:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
===========================================
 
Re:

Hi, thanks for your response.

- I tried running the Check Disk tool on Drive C. A window popped up saying the disk could not be scanned as it was still in use, so it asked if I wanted to schedule a disk check. I clicked yes.
- I rebooted the PC. It began booting up and showed a Blue Screen of Death. I left it alone and it loaded Windows again.
- I did another restart. This time, the scan was initiated before Windows was loaded. However, the following message appeared: "Cannot open volume for direct access" and the scan was not initiated or completed at all.

- I downloaded and ran randmbam. An error window popped up that some application (the name of which was just a series of numbers) had stopped working and it was going to be closed.
- I ran randmbam again. It said that a new shortcut was created on the Desktop, however, I could not find any.

- I downloaded and ran Combofix. The following message appeared in a popup window after a few minutes:
"Combofix - Zero Access
You are infected with Rootkit.Zero Access! It has inserted itself into tcp/ip stack."
- This window disappeared after a minute or so and the following appeared after:
"Combofix has detected the presence of Rootkit activity and needs to reboot."

- I click "Okay" and the system rebooted.

- ComboFix is now scanning the PC again. (Will update after scan completes -- Updating the thread as I go using another PC)
- ComboFix completed the scan successfully. After it ran, the Check Disk tool finally ran for Drive C.

- Check Disk finished scanning Drive C successfully.

COMBOFIX LOG:


ComboFix 11-10-13.05 - computer 10/14/2011 11:16:20.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2010.887 [GMT 8:00]
Running from: c:\users\computer\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ShoppingReport
c:\users\Public\Videos\11-15\_desktop.ini
c:\users\Public\Videos\11-15\Desktop_.ini
c:\users\Public\Videos\16-20\_desktop.ini
c:\users\Public\Videos\16-20\Desktop_.ini
c:\users\Public\Videos\21-25\_desktop.ini
c:\users\Public\Videos\21-25\Desktop_.ini
c:\users\Public\Videos\6teen - Season 1\_desktop.ini
c:\users\Public\Videos\6teen - Season 1\Desktop_.ini
c:\users\Public\Videos\6Teen Season 2 Eps 1-5\_desktop.ini
c:\users\Public\Videos\6Teen Season 2 Eps 1-5\Desktop_.ini
c:\users\Public\Videos\6Teen Season 2 Eps 11-15\_desktop.ini
c:\users\Public\Videos\6Teen Season 2 Eps 11-15\Desktop_.ini
c:\users\Public\Videos\6Teen Season 2 Eps 16-20\_desktop.ini
c:\users\Public\Videos\6Teen Season 2 Eps 16-20\Desktop_.ini
c:\users\Public\Videos\6Teen Season 2 Eps 21-26\_desktop.ini
c:\users\Public\Videos\6Teen Season 2 Eps 21-26\Desktop_.ini
c:\users\Public\Videos\6Teen Season 2 Eps 6-10\_desktop.ini
c:\users\Public\Videos\6Teen Season 2 Eps 6-10\Desktop_.ini
c:\users\Public\Videos\As Told By Ginger - Entire series in ENGLISH no subtitles\Desktop_.ini
c:\windows\$NtUninstallKB35859$
c:\windows\$NtUninstallKB35859$\2385182150\@
c:\windows\$NtUninstallKB35859$\2385182150\click.tlb
c:\windows\$NtUninstallKB35859$\2385182150\L\qnbwvoto
c:\windows\$NtUninstallKB35859$\2385182150\loader.tlb
c:\windows\$NtUninstallKB35859$\2385182150\U\@00000001
c:\windows\$NtUninstallKB35859$\2385182150\U\@000000c0
c:\windows\$NtUninstallKB35859$\2385182150\U\@000000cb
c:\windows\$NtUninstallKB35859$\2385182150\U\@000000cf
c:\windows\$NtUninstallKB35859$\2385182150\U\@80000000
c:\windows\$NtUninstallKB35859$\2385182150\U\@800000c0
c:\windows\$NtUninstallKB35859$\2385182150\U\@800000cb
c:\windows\$NtUninstallKB35859$\2385182150\U\@800000cf
c:\windows\$NtUninstallKB35859$\2803438837
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\3338480270
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\
c:\windows\system32\system
d:\8 gig\mp3\korean 2\piano\_desktop.ini
d:\8 gig\mp3\piano\_desktop.ini
d:\public videos\Fushigi Yuugi\Desktop_.ini
d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_01-25\_desktop.ini
d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_01-25\Desktop_.ini
d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_26-50\_desktop.ini
d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_26-50\Desktop_.ini
d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_51-75\_desktop.ini
d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_51-75\Desktop_.ini
d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_76-95\Desktop_.ini
D:\Setup.exe
d:\susan\My Documents\Hazel\HAZEL\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Diskette Contents - comelec\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Diskette Contents - comelec\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Diskette Contents - comelec\Fonts\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Diskette Contents - comelec\Fonts\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Old Share\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Old Share\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\Advanced ALGEBRA\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\Advanced ALGEBRA\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\corel prac - for share\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\corel prac - for share\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\ECONOMICS\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\ECONOMICS\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\English\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\English\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\English\TERM PAPER\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\English\TERM PAPER\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\FILIPINO\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\FILIPINO\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\1st Q Project\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\1st Q Project\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Investig\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Investig\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Investig\Final Report\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Investig\Final Report\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\TRIGONOMETRY\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\TRIGONOMETRY\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SPDiaryexe\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SPDiaryexe\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\background per sangay\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\background per sangay\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\backup\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\backup\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\extra\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\extra\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\jb - other docs - fili\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\jb - other docs - fili\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\AutoCAD Files\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\AutoCAD Files\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\chem lab - metals nonmetals FLAME TESt_files\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\chem lab - metals nonmetals FLAME TESt_files\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\flame test results_files\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\flame test results_files\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\solrules_files\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\solrules_files\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\SCORE RECORDS\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\SCORE RECORDS\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\haze-pics\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\haze-pics\336864\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\haze-pics\336864\BP8\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\haze-pics\336864\BP8\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\haze-pics\336864\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\haze-pics\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\intrams\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\intrams\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\new piCs\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\new piCs\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\rocks_files\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\rocks_files\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\HAZEL - scanns\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\HAZEL - scanns\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\old stuff\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\old stuff\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Scanned\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\Scanned\Desktop_.ini
d:\susan\My Documents\Hazel\HAZEL\Scanned\Scanned - 2\_desktop.ini
d:\susan\My Documents\Hazel\HAZEL\Scanned\Scanned - 2\Desktop_.ini
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
.
Infected copy of c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy24_!Program Files!Malwarebytes' Anti-Malware!mbamservice.exe
.
Infected copy of c:\windows\system32\nvvsvc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!nvvsvc.exe
.
c:\windows\System32\nvSCPAPISvr.exe . . . is infected!!
c:\windows\System32\nvSCPAPISvr.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_8e2afdc6
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-14 05:36 . 2011-10-14 05:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D45C60-5A54-4BE3-8AA8-64DACEC70100}\offreg.dll
2011-10-14 04:20 . 2011-10-14 05:40 -------- d-----w- c:\users\computer\AppData\Local\temp
2011-10-14 04:20 . 2011-10-14 04:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 04:20 . 2011-10-14 04:20 -------- d-----w- c:\users\henri\AppData\Local\temp
2011-10-14 03:42 . 2009-06-10 00:34 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-14 00:24 . 2011-09-21 01:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D45C60-5A54-4BE3-8AA8-64DACEC70100}\mpengine.dll
2011-10-13 07:00 . 2011-10-13 07:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-13 05:46 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-13 05:46 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-13 05:46 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-13 05:46 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-13 05:46 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-13 05:46 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-13 05:45 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-13 05:45 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-13 03:33 . 2011-10-13 03:33 -------- d-----w- c:\users\computer\AppData\Roaming\Malwarebytes
2011-10-13 03:32 . 2011-10-13 03:32 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 03:32 . 2011-10-14 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 03:32 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 03:27 . 2011-10-13 05:44 -------- d-----w- c:\programdata\AVAST Software
2011-10-13 03:27 . 2011-10-13 03:27 -------- d-----w- c:\program files\AVAST Software
2011-10-13 02:45 . 2011-10-13 02:46 -------- d-----w- C:\6b106405dde16537b2467989
2011-10-11 07:36 . 2011-10-13 06:12 -------- d-sh--w- c:\users\computer\AppData\Local\8e2afdc6
2011-09-17 00:24 . 2011-09-17 00:32 -------- d-----w- C:\43b36d0721eb0ac7f8e4f139
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 15:27 . 2011-08-12 15:27 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-09-10 05:49 . 2008-09-10 05:49 5817064 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-10-01 06:50 . 2011-05-06 02:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-07 4493312]
"Skytel"="Skytel.exe" [2007-09-07 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-07-12 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAAwADQAOAAyADgAMgAyADYALQBUADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADQANAAzADAANQAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA&prod=90&ver=9.0.894" [?]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-06-24 12:06 904768 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 00:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 04:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2007-09-07 03:48 401408 ----a-r- c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 02:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2008-06-24 11:52 1325848 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 08:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 08:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 09:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 07:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-11-06 08:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-10 00:34 13785632 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 07:12 1414144 ----a-w- c:\users\computer\Desktop\SHARISSEChua\N5310 -- PC Suite\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2008-06-24 11:56 136472 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-05-28 01:11 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-15 08:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
.
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-09-07 2514944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2009-06-09 335872]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 09:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\User_Feed_Synchronization-{057723D0-8091-4C52-87AF-36CDD9701F51}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15161&l=dis
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 222.127.143.5 202.126.40.5
FF - ProfilePath - c:\users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\kgemun6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-HotKeysCmds - c:\windows\system32\hkcmd.exe
MSConfigStartUp-IgfxTray - c:\windows\system32\igfxtray.exe
MSConfigStartUp-Persistence - c:\windows\system32\igfxpers.exe
AddRemove-Folio - c:\cdasia\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-14 13:37
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-10-14 13:45:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-14 05:45
.
Pre-Run: 142,009,114,624 bytes free
Post-Run: 145,922,535,424 bytes free
.
- - End Of File - - 25D12430AF2DF4621192D1F6AD623C0A
 
Re: Java

- Followed your instructions and removed all previous versions of Java using JavaRa.
- Downloaded and just installed Java v6u27.

QUESTION:
Should I attempt to run MalwareBytes again?
 
Re: Avast Antivirus

I'd also like to mention something that's been going on with Avast.

All of the shields of the program are turned off or are "unreachable." I click the "Fix now" button to turn the services back on, to no avail.

The ff. error appears on the Avast UI:

The avast! antivirus program has been stopped, or is in an inconsistent state. Please re-start the program to resume protecting your system.

Also, when I go to the Scan Computer tab, there's a current scan there that's been running for 24 hours (hasn't stopped since I started it yesterday) and it's not progressing at all. Clicking PAUSE or STOP doesn't do anything either.

Thanks again!
 
The fact that you had 2 active threads going for the same problem explains the delay. The system is in pretty much of a mess! I'm not sure we can 'rescue' it!

Reboot the computer- that should stop the Avast scan.

Please go to the Control Panel> Folder Options> View tab> be sure these entries are checked as follows:
Check 'do not show hidden files and folders'
Check 'hide protected system files and folders (Recommended)
Then click on Apply> OK

From the Control Panel again: Display> Desktop tab> Customize Desktop> Web tab> Web Sites box: remove any entries except 'My Home Page'> Uncheck 'Lock taskbar entries> OK> Apply> OK
Reboot, then go on with the following>
============================================
ZeroAccessRootkit:

Download and run TDSSKiller first:
  1. Double-click on TDSSKiller.exe to run the application.
  2. Click on the Start Scan button and wait for the scan and disinfection process to be over.
  3. If an infected file is detected, the default action will be Cure, click on Continue Posted Image
    tdsskiller2.png
  4. If a suspicious file is detected, the default action will be Skip, click on Continue
    tdsskiller3.png
  5. If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).
[*] If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.[/lst]
==========================
Follow with download of maxhandle.exe by noahdfear to your desktop.
  1. Double click maxhandle.exeand run the application
  2. An active internet connection is required so that maxhandle.exe may download a tool from SysInternals
  3. If Max++ is present the log will open automatically.
  4. If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
  5. Log is saved to c:\maxhandle.txt

Please post both of the logs in your next reply.
===============================
Thank you Matthew- sorry I didn't see it sooner!
 
Re:

Okay, thanks for your reply.

I am unable to find the Display>Desktop Tab for some reason in the Control Panel.

TDSS Killer Report:



09:37:16.0956 5032 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
09:37:17.0694 5032 ============================================================
09:37:17.0694 5032 Current date / time: 2011/10/19 09:37:17.0694
09:37:17.0694 5032 SystemInfo:
09:37:17.0694 5032
09:37:17.0694 5032 OS Version: 6.0.6000 ServicePack: 0.0
09:37:17.0694 5032 Product type: Workstation
09:37:17.0694 5032 ComputerName: HENRY
09:37:17.0694 5032 UserName: computer
09:37:17.0694 5032 Windows directory: C:\Windows
09:37:17.0694 5032 System windows directory: C:\Windows
09:37:17.0694 5032 Processor architecture: Intel x86
09:37:17.0694 5032 Number of processors: 4
09:37:17.0694 5032 Page size: 0x1000
09:37:17.0694 5032 Boot type: Normal boot
09:37:17.0694 5032 ============================================================
09:37:18.0591 5032 Initialize success
09:37:19.0469 5792 ============================================================
09:37:19.0469 5792 Scan started
09:37:19.0469 5792 Mode: Manual;
09:37:19.0469 5792 ============================================================
09:37:20.0114 5792 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
09:37:20.0115 5792 ACPI - ok
09:37:20.0147 5792 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:37:20.0149 5792 adp94xx - ok
09:37:20.0168 5792 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:37:20.0170 5792 adpahci - ok
09:37:20.0190 5792 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:37:20.0191 5792 adpu160m - ok
09:37:20.0211 5792 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:37:20.0212 5792 adpu320 - ok
09:37:20.0253 5792 AegisP (91f3df93f40a74d222cd166fe95db633) C:\Windows\system32\DRIVERS\AegisP.sys
09:37:20.0254 5792 AegisP - ok
09:37:20.0282 5792 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
09:37:20.0284 5792 AFD - ok
09:37:20.0313 5792 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:37:20.0314 5792 agp440 - ok
09:37:20.0356 5792 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:37:20.0356 5792 aic78xx - ok
09:37:20.0389 5792 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:37:20.0390 5792 aliide - ok
09:37:20.0404 5792 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:37:20.0405 5792 amdagp - ok
09:37:20.0416 5792 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:37:20.0418 5792 amdide - ok
09:37:20.0433 5792 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:37:20.0434 5792 AmdK7 - ok
09:37:20.0444 5792 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:37:20.0445 5792 AmdK8 - ok
09:37:20.0508 5792 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:37:20.0509 5792 arc - ok
09:37:20.0526 5792 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:37:20.0527 5792 arcsas - ok
09:37:20.0561 5792 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
09:37:20.0561 5792 aswFsBlk - ok
09:37:20.0599 5792 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
09:37:20.0600 5792 aswMonFlt - ok
09:37:20.0617 5792 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
09:37:20.0620 5792 aswRdr - ok
09:37:20.0643 5792 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
09:37:20.0645 5792 aswSnx - ok
09:37:20.0675 5792 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
09:37:20.0677 5792 aswSP - ok
09:37:20.0696 5792 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
09:37:20.0696 5792 aswTdi - ok
09:37:20.0716 5792 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
09:37:20.0716 5792 AsyncMac - ok
09:37:20.0741 5792 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
09:37:20.0741 5792 atapi - ok
09:37:20.0779 5792 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
09:37:20.0779 5792 Beep - ok
09:37:20.0803 5792 blbdrive - ok
09:37:20.0815 5792 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
09:37:20.0816 5792 bowser - ok
09:37:20.0834 5792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:37:20.0834 5792 BrFiltLo - ok
09:37:20.0865 5792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:37:20.0867 5792 BrFiltUp - ok
09:37:20.0881 5792 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:37:20.0881 5792 Brserid - ok
09:37:20.0897 5792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:37:20.0898 5792 BrSerWdm - ok
09:37:20.0915 5792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:37:20.0915 5792 BrUsbMdm - ok
09:37:20.0934 5792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:37:20.0934 5792 BrUsbSer - ok
09:37:20.0949 5792 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:37:20.0951 5792 BTHMODEM - ok
09:37:20.0954 5792 catchme - ok
09:37:20.0969 5792 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
09:37:20.0970 5792 cdfs - ok
09:37:20.0999 5792 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
09:37:21.0000 5792 cdrom - ok
09:37:21.0020 5792 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:37:21.0021 5792 circlass - ok
09:37:21.0058 5792 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
09:37:21.0065 5792 CLFS - ok
09:37:21.0081 5792 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:37:21.0083 5792 cmdide - ok
09:37:21.0101 5792 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
09:37:21.0101 5792 Compbatt - ok
09:37:21.0141 5792 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:37:21.0143 5792 crcdisk - ok
09:37:21.0168 5792 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:37:21.0169 5792 Crusoe - ok
09:37:21.0193 5792 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
09:37:21.0194 5792 DfsC - ok
09:37:21.0215 5792 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
09:37:21.0216 5792 disk - ok
09:37:21.0248 5792 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
09:37:21.0250 5792 drmkaud - ok
09:37:21.0343 5792 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
09:37:21.0346 5792 DXGKrnl - ok
09:37:21.0367 5792 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
09:37:21.0368 5792 e1express - ok
09:37:21.0388 5792 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:37:21.0389 5792 E1G60 - ok
09:37:21.0415 5792 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
09:37:21.0416 5792 Ecache - ok
09:37:21.0455 5792 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:37:21.0458 5792 elxstor - ok
09:37:21.0488 5792 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
09:37:21.0489 5792 fastfat - ok
09:37:21.0508 5792 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:37:21.0508 5792 fdc - ok
09:37:21.0531 5792 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
09:37:21.0532 5792 FileInfo - ok
09:37:21.0545 5792 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
09:37:21.0545 5792 Filetrace - ok
09:37:21.0568 5792 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:37:21.0569 5792 flpydisk - ok
09:37:21.0596 5792 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
09:37:21.0598 5792 FltMgr - ok
09:37:21.0626 5792 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
09:37:21.0626 5792 Fs_Rec - ok
09:37:21.0656 5792 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:37:21.0657 5792 gagp30kx - ok
09:37:21.0686 5792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:37:21.0687 5792 GEARAspiWDM - ok
09:37:21.0710 5792 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:37:21.0712 5792 HdAudAddService - ok
09:37:21.0728 5792 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:37:21.0729 5792 HDAudBus - ok
09:37:21.0757 5792 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\Windows\system32\DRIVERS\HECI.sys
09:37:21.0757 5792 HECI - ok
09:37:21.0777 5792 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:37:21.0777 5792 HidBth - ok
09:37:21.0798 5792 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:37:21.0799 5792 HidIr - ok
09:37:21.0812 5792 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
09:37:21.0813 5792 HidUsb - ok
09:37:21.0831 5792 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:37:21.0832 5792 HpCISSs - ok
09:37:21.0884 5792 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
09:37:21.0886 5792 HTTP - ok
09:37:21.0899 5792 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:37:21.0900 5792 i2omp - ok
09:37:21.0931 5792 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
09:37:21.0931 5792 i8042prt - ok
09:37:21.0946 5792 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:37:21.0948 5792 iaStorV - ok
09:37:21.0960 5792 igfx - ok
09:37:21.0980 5792 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:37:21.0981 5792 iirsp - ok
09:37:22.0149 5792 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys
09:37:22.0158 5792 IntcAzAudAddService - ok
09:37:22.0190 5792 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
09:37:22.0191 5792 intelide - ok
09:37:22.0208 5792 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
09:37:22.0209 5792 intelppm - ok
09:37:22.0223 5792 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:37:22.0224 5792 IpFilterDriver - ok
09:37:22.0235 5792 IpInIp - ok
09:37:22.0252 5792 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:37:22.0254 5792 IPMIDRV - ok
09:37:22.0266 5792 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
09:37:22.0266 5792 IPNAT - ok
09:37:22.0284 5792 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
09:37:22.0285 5792 IRENUM - ok
09:37:22.0300 5792 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:37:22.0301 5792 isapnp - ok
09:37:22.0339 5792 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
09:37:22.0340 5792 iScsiPrt - ok
09:37:22.0367 5792 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:37:22.0368 5792 iteatapi - ok
09:37:22.0381 5792 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:37:22.0382 5792 iteraid - ok
09:37:22.0413 5792 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
09:37:22.0414 5792 kbdclass - ok
09:37:22.0433 5792 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
09:37:22.0434 5792 kbdhid - ok
09:37:22.0466 5792 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
09:37:22.0469 5792 KSecDD - ok
09:37:22.0494 5792 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
09:37:22.0495 5792 lltdio - ok
09:37:22.0524 5792 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:37:22.0525 5792 LSI_FC - ok
09:37:22.0537 5792 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:37:22.0538 5792 LSI_SAS - ok
09:37:22.0551 5792 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:37:22.0552 5792 LSI_SCSI - ok
09:37:22.0573 5792 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
09:37:22.0574 5792 luafv - ok
09:37:22.0627 5792 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
09:37:22.0628 5792 MBAMProtector - ok
09:37:22.0658 5792 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:37:22.0659 5792 megasas - ok
09:37:22.0727 5792 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
09:37:22.0728 5792 Modem - ok
09:37:22.0761 5792 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
09:37:22.0761 5792 monitor - ok
09:37:22.0781 5792 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
09:37:22.0782 5792 mouclass - ok
09:37:22.0802 5792 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
09:37:22.0803 5792 mouhid - ok
09:37:22.0827 5792 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
09:37:22.0827 5792 MountMgr - ok
09:37:22.0851 5792 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:37:22.0852 5792 mpio - ok
09:37:22.0880 5792 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
09:37:22.0881 5792 mpsdrv - ok
09:37:22.0894 5792 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:37:22.0895 5792 Mraid35x - ok
09:37:22.0919 5792 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
09:37:22.0920 5792 MRxDAV - ok
09:37:22.0971 5792 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:37:22.0973 5792 mrxsmb - ok
09:37:23.0031 5792 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:37:23.0033 5792 mrxsmb10 - ok
09:37:23.0064 5792 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:37:23.0065 5792 mrxsmb20 - ok
09:37:23.0092 5792 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:37:23.0093 5792 msahci - ok
09:37:23.0104 5792 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:37:23.0105 5792 msdsm - ok
09:37:23.0131 5792 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
09:37:23.0131 5792 Msfs - ok
09:37:23.0148 5792 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
09:37:23.0149 5792 msisadrv - ok
09:37:23.0180 5792 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
09:37:23.0181 5792 MSKSSRV - ok
09:37:23.0202 5792 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
09:37:23.0203 5792 MSPCLOCK - ok
09:37:23.0215 5792 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
09:37:23.0216 5792 MSPQM - ok
09:37:23.0229 5792 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
09:37:23.0230 5792 MsRPC - ok
09:37:23.0253 5792 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
09:37:23.0254 5792 mssmbios - ok
09:37:23.0264 5792 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
09:37:23.0265 5792 MSTEE - ok
09:37:23.0278 5792 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
09:37:23.0279 5792 Mup - ok
09:37:23.0305 5792 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
09:37:23.0307 5792 NativeWifiP - ok
09:37:23.0351 5792 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
09:37:23.0354 5792 NDIS - ok
09:37:23.0379 5792 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
09:37:23.0380 5792 NdisTapi - ok
09:37:23.0390 5792 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
09:37:23.0391 5792 Ndisuio - ok
09:37:23.0407 5792 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
09:37:23.0409 5792 NdisWan - ok
09:37:23.0422 5792 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
09:37:23.0422 5792 NDProxy - ok
09:37:23.0441 5792 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
09:37:23.0442 5792 NetBIOS - ok
09:37:23.0461 5792 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
09:37:23.0463 5792 netbt - ok
09:37:23.0486 5792 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:37:23.0488 5792 nfrd960 - ok
09:37:23.0517 5792 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
09:37:23.0518 5792 nmwcd - ok
09:37:23.0548 5792 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
09:37:23.0548 5792 nmwcdc - ok
09:37:23.0562 5792 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
09:37:23.0563 5792 Npfs - ok
09:37:23.0577 5792 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
09:37:23.0578 5792 nsiproxy - ok
09:37:23.0646 5792 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
09:37:23.0652 5792 Ntfs - ok
09:37:23.0664 5792 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:37:23.0665 5792 ntrigdigi - ok
09:37:23.0714 5792 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
09:37:23.0714 5792 Null - ok
09:37:23.0901 5792 nvlddmkm (2913f72c5f4007cd2226e5d34e0aeece) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:37:23.0948 5792 nvlddmkm - ok
09:37:23.0964 5792 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:37:23.0964 5792 nvraid - ok
09:37:23.0979 5792 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:37:23.0995 5792 nvstor - ok
09:37:24.0003 5792 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:37:24.0004 5792 nv_agp - ok
09:37:24.0015 5792 NwlnkFlt - ok
09:37:24.0026 5792 NwlnkFwd - ok
09:37:24.0056 5792 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:37:24.0057 5792 ohci1394 - ok
09:37:24.0089 5792 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:37:24.0090 5792 Parport - ok
09:37:24.0145 5792 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
09:37:24.0146 5792 partmgr - ok
09:37:24.0169 5792 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:37:24.0170 5792 Parvdm - ok
09:37:24.0214 5792 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
09:37:24.0215 5792 pccsmcfd - ok
09:37:24.0236 5792 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
09:37:24.0237 5792 pci - ok
09:37:24.0268 5792 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
09:37:24.0269 5792 pciide - ok
09:37:24.0294 5792 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:37:24.0295 5792 pcmcia - ok
09:37:24.0332 5792 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:37:24.0338 5792 PEAUTH - ok
09:37:24.0386 5792 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
09:37:24.0387 5792 PptpMiniport - ok
09:37:24.0400 5792 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:37:24.0401 5792 Processor - ok
09:37:24.0424 5792 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
09:37:24.0425 5792 PSched - ok
09:37:24.0460 5792 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:37:24.0465 5792 ql2300 - ok
09:37:24.0490 5792 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:37:24.0491 5792 ql40xx - ok
09:37:24.0511 5792 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
09:37:24.0512 5792 QWAVEdrv - ok
09:37:24.0535 5792 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
09:37:24.0536 5792 RasAcd - ok
09:37:24.0557 5792 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:37:24.0558 5792 Rasl2tp - ok
09:37:24.0575 5792 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
09:37:24.0577 5792 RasPppoe - ok
09:37:24.0696 5792 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
09:37:24.0698 5792 rdbss - ok
09:37:24.0771 5792 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:37:24.0772 5792 RDPCDD - ok
09:37:24.0819 5792 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:37:24.0821 5792 rdpdr - ok
09:37:24.0833 5792 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
09:37:24.0834 5792 RDPENCDD - ok
09:37:24.0860 5792 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
09:37:24.0862 5792 RDPWD - ok
09:37:24.0890 5792 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
09:37:24.0891 5792 rspndr - ok
09:37:24.0924 5792 RT61 (da84c3ed2f31b1d5d68f775eba4ecb59) C:\Windows\system32\DRIVERS\RT61.sys
09:37:24.0927 5792 RT61 - ok
09:37:24.0963 5792 rt61x86 (dd0bacc94b640abd17901557814e0bff) C:\Windows\system32\DRIVERS\netr61.sys
09:37:24.0965 5792 rt61x86 - ok
09:37:24.0990 5792 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:37:24.0991 5792 sbp2port - ok
09:37:25.0010 5792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:37:25.0011 5792 secdrv - ok
09:37:25.0026 5792 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
09:37:25.0027 5792 Serenum - ok
09:37:25.0051 5792 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
09:37:25.0052 5792 Serial - ok
09:37:25.0071 5792 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
09:37:25.0071 5792 sermouse - ok
09:37:25.0100 5792 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:37:25.0101 5792 sffdisk - ok
09:37:25.0113 5792 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:37:25.0114 5792 sffp_mmc - ok
09:37:25.0134 5792 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:37:25.0134 5792 sffp_sd - ok
09:37:25.0146 5792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:37:25.0146 5792 sfloppy - ok
09:37:25.0172 5792 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:37:25.0173 5792 sisagp - ok
09:37:25.0189 5792 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:37:25.0190 5792 SiSRaid2 - ok
09:37:25.0213 5792 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:37:25.0214 5792 SiSRaid4 - ok
09:37:25.0236 5792 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
09:37:25.0237 5792 Smb - ok
09:37:25.0285 5792 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
09:37:25.0285 5792 snapman - ok
09:37:25.0316 5792 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
09:37:25.0316 5792 spldr - ok
09:37:25.0347 5792 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
09:37:25.0347 5792 srv - ok
09:37:25.0379 5792 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
09:37:25.0379 5792 srv2 - ok
09:37:25.0410 5792 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
09:37:25.0410 5792 srvnet - ok
09:37:25.0441 5792 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
09:37:25.0457 5792 swenum - ok
09:37:25.0472 5792 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:37:25.0472 5792 Symc8xx - ok
09:37:25.0472 5792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:37:25.0488 5792 Sym_hi - ok
09:37:25.0488 5792 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:37:25.0504 5792 Sym_u3 - ok
09:37:25.0566 5792 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
09:37:25.0566 5792 Tcpip - ok
09:37:25.0597 5792 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
09:37:25.0597 5792 Tcpip6 - ok
09:37:25.0629 5792 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
09:37:25.0629 5792 tcpipreg - ok
09:37:25.0644 5792 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
09:37:25.0644 5792 TDPIPE - ok
09:37:25.0676 5792 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
09:37:25.0676 5792 tdrpman - ok
09:37:25.0691 5792 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
09:37:25.0691 5792 TDTCP - ok
09:37:25.0722 5792 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
09:37:25.0722 5792 tdx - ok
09:37:25.0738 5792 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
09:37:25.0738 5792 TermDD - ok
09:37:25.0757 5792 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
09:37:25.0758 5792 tifsfilter - ok
09:37:25.0775 5792 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
09:37:25.0778 5792 timounter - ok
09:37:25.0791 5792 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
09:37:25.0792 5792 TPM - ok
09:37:25.0807 5792 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:37:25.0808 5792 tssecsrv - ok
09:37:25.0855 5792 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
09:37:25.0856 5792 tunmp - ok
09:37:25.0891 5792 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
09:37:25.0892 5792 tunnel - ok
09:37:25.0920 5792 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:37:25.0921 5792 uagp35 - ok
09:37:25.0941 5792 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
09:37:25.0944 5792 udfs - ok
09:37:25.0972 5792 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:37:25.0973 5792 uliagpkx - ok
09:37:25.0997 5792 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:37:25.0999 5792 uliahci - ok
09:37:26.0012 5792 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:37:26.0013 5792 UlSata - ok
09:37:26.0031 5792 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:37:26.0032 5792 ulsata2 - ok
09:37:26.0044 5792 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
09:37:26.0045 5792 umbus - ok
09:37:26.0086 5792 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
09:37:26.0087 5792 upperdev - ok
09:37:26.0116 5792 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
09:37:26.0117 5792 USBAAPL - ok
09:37:26.0152 5792 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
09:37:26.0153 5792 usbaudio - ok
09:37:26.0186 5792 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
09:37:26.0187 5792 usbccgp - ok
09:37:26.0207 5792 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:37:26.0208 5792 usbcir - ok
09:37:26.0240 5792 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
09:37:26.0241 5792 usbehci - ok
09:37:26.0260 5792 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
09:37:26.0262 5792 usbhub - ok
09:37:26.0283 5792 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:37:26.0284 5792 usbohci - ok
09:37:26.0296 5792 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
09:37:26.0297 5792 usbprint - ok
09:37:26.0337 5792 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
09:37:26.0338 5792 usbscan - ok
09:37:26.0371 5792 usbser (c0488cc01a1c686b08a3d360c7f50324) C:\Windows\system32\DRIVERS\usbser.sys
09:37:26.0372 5792 usbser - ok
09:37:26.0393 5792 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
09:37:26.0394 5792 UsbserFilt - ok
09:37:26.0416 5792 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:37:26.0417 5792 USBSTOR - ok
09:37:26.0429 5792 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:37:26.0430 5792 usbuhci - ok
09:37:26.0456 5792 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
09:37:26.0457 5792 usbvideo - ok
09:37:26.0483 5792 usb_rndisx (db4721908daa0383ee82ffe430aebae1) C:\Windows\system32\DRIVERS\usb8023x.sys
09:37:26.0484 5792 usb_rndisx - ok
09:37:26.0505 5792 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:37:26.0506 5792 vga - ok
09:37:26.0519 5792 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
09:37:26.0520 5792 VgaSave - ok
09:37:26.0533 5792 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:37:26.0534 5792 viaagp - ok
09:37:26.0548 5792 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:37:26.0549 5792 ViaC7 - ok
09:37:26.0568 5792 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:37:26.0570 5792 viaide - ok
09:37:26.0592 5792 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
09:37:26.0593 5792 volmgr - ok
09:37:26.0609 5792 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
09:37:26.0611 5792 volmgrx - ok
09:37:26.0626 5792 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
09:37:26.0627 5792 volsnap - ok
09:37:26.0643 5792 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:37:26.0645 5792 vsmraid - ok
09:37:26.0663 5792 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:37:26.0664 5792 WacomPen - ok
09:37:26.0704 5792 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
09:37:26.0705 5792 Wanarp - ok
09:37:26.0710 5792 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
09:37:26.0712 5792 Wanarpv6 - ok
09:37:26.0739 5792 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:37:26.0741 5792 Wd - ok
09:37:26.0780 5792 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:37:26.0783 5792 Wdf01000 - ok
09:37:26.0821 5792 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:37:26.0822 5792 WmiAcpi - ok
09:37:26.0865 5792 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
09:37:26.0866 5792 WpdUsb - ok
09:37:26.0882 5792 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
09:37:26.0883 5792 ws2ifsl - ok
09:37:26.0922 5792 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:37:26.0922 5792 WUDFRd - ok
09:37:26.0941 5792 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:37:26.0951 5792 \Device\Harddisk0\DR0 - ok
09:37:26.0960 5792 Boot (0x1200) (14b9574d9610ace9b2b8a21bf6527fde) \Device\Harddisk0\DR0\Partition0
09:37:26.0962 5792 \Device\Harddisk0\DR0\Partition0 - ok
09:37:26.0981 5792 Boot (0x1200) (7281dc1fa4358dfd17352aea9d2664d6) \Device\Harddisk0\DR0\Partition1
09:37:26.0982 5792 \Device\Harddisk0\DR0\Partition1 - ok
09:37:26.0982 5792 ============================================================
09:37:26.0982 5792 Scan finished
09:37:26.0982 5792 ============================================================
09:37:26.0990 1696 Detected object count: 0
09:37:26.0990 1696 Actual detected object count: 0
 
If Control Panel is in Category View: Start> Settings> Control Panel> Appearance & Themes> Pick a Task> Change Desktop background> Customize Desktop> Web tab>>>>>

If Control Panel is in Classic View: Start> Control Panel> Display> Desktop Customize Desktop> Web tab>>>>>
 
Please go back to the Combofix log and review all those deletions. It appears that files for several users were removed. Some are videos of 'teen' and 'college'. Other are school related subjects such as physics, economics and 'old school documents'.

The desktop.ini file is placed under the “Files Ready to Be Written to the Disc” section. Normally, it would be a hidden file. When you found the desktop to follow my instructions, what did you find and what did you have to change?

Do or did you have hidden files and folders open? Please make sure they are not:
Control Panel> Folder Options> View tab> check 'do not show hidden files and folders' and check 'hide protected system files' (Recommended)> OK> Apply> OK.

I don't want you to lose special files because they aren't configured correctly.

Do you have any idea why there would be removed? Files, folders, images,
 
Re:

I ran Google Chrome and did a quick search on Google. I can now click on results and get to the indicated page-- no more redirection.

Noticed errors:
- There's this game (Zuma by PopCap) that my dad plays a lot, and in the middle of his game, the score suddenly resets to 0. This never happened before, so I'm not sure if it's a problem with the game or with the PC, but this still happens from time to time.
- iTunes no longer recognizes any iPod or iPhone when connected. I was planning to uninstall and install iTunes, but wanted to wait to hear from you again. Would it be okay to do this?

But the PC seems fine, at least better than it was, because it doesn't turn off or shut down out of the blue and for no reason.

As for the deleted files, I have no idea why they were deleted by ComboFix.
I also don't/didn't have any hidden files/folders open.
 
Also, I never ran the MalwareBytes scan to completion because it always ran into an error before. Should I try it again?
 
As for the deleted files, I have no idea why they were deleted by ComboFix.

I'm not the one who uses the PC (it's my dad's) so I have no idea where the virus might have been picked up.

Please ask him if he recognizes the files ending in desktop.ini?
------------------------------------
You can try Mbam again, but please don't reboot yet.
 
Re:

According to him, the files were copied from another drive directly into his drive to free up space on the other drive.
The files were already burnt to a data DVD though, so I don't think anything important was deleted.
 
Back