TechSpot

Error following 6-Step Virus Removal Guide + Google redirect virus

Inactive
By henrisha
Oct 13, 2011
  1. Hi,

    Running Windows Vista and just discovered that every link I clicked on after doing a search on Google redirected me to another site.
    I'm not the one who uses the PC (it's my dad's) so I have no idea where the virus might have been picked up.

    I feel like my case is similar to this one: http://www.techspot.com/vb/topic171985.html
    We went through the entire step and more or less I encountered the same difficulties as that user.

    Tried following the 6-Step Virus Removal and ran into the ff. problems:
    - I installed Avast Free because when I initially checked, it didn't seem like the PC had any anti virus programs installed. After running an initial scan with Avast Free (which failed), I found that AVG was installed but it wouldn't open or run at all.
    - I restarted and Avast ran a virus scan on DOS that stalled at 28% and then proceeded to load Windows. When I tried running Avast again, a dialog box popped up that said that I had no permissions to access the AvastUI.
    - Restarted, uninstalled Avast (from Control Panel and using the Avast Uninstall Utility) then ran another scan. Still didn't scan until completion.
    - Installed and ran Anti Malware Bytes. After updating, the program froze and didn't scan at all. Rebooted again.
    - When I try running Anti Malware Bytes, an error window pops up. Program won't start anymore.
    - Downloaded and tried running GMER. It exited by itself after a few seconds and same as the previous programs, it won't run again. Double-clicking it only makes an error window pop up.
    - Downloaded and ran DDS. Thankfully, it ran to completion and generated logs.

    I feel like I probably did more to mess up the PC as it stands.
    Any help will truly be appreciated. Thanks!


    DDS TEXT:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_16
    Run by computer at 15:21:02 on 2011-10-13
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2010.1125 [GMT 8:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\3338480270:1909785145.exe
    C:\Windows\system32\WerFault.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\AMT\UNS.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.ask.com?o=15161&l=dis
    uSearch Bar =
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearchAssistant =
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    uWinlogon: Shell=c:\users\computer\appdata\local\8e2afdc6\X
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAwADQAOAAyADgAMgAyADYALQBUADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADQANAAzADAANQAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.894
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    TCP: DhcpNameServer = 222.127.143.5 202.126.40.5
    TCP: Interfaces\{E0063284-DE6C-42AE-B716-269C69F9577D} : DhcpNameServer = 222.127.143.5 202.126.40.5
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\kgemun6k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-13 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-13 320856]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-13 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-13 54616]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 234496]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2009-3-14 2514944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-13 22216]
    R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2009-6-10 335872]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-13 44768]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-13 366152]
    .
    =============== Created Last 30 ================
    .
    2011-10-13 07:00:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-13 05:46:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-10-13 05:46:15 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-10-13 05:45:22 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-13 03:33:01 -------- d-----w- c:\users\computer\appdata\roaming\Malwarebytes
    2011-10-13 03:32:52 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-13 03:32:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-13 03:32:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-13 03:27:22 -------- d-----w- c:\programdata\AVAST Software
    2011-10-13 03:27:22 -------- d-----w- c:\program files\AVAST Software
    2011-10-13 02:45:19 -------- d-----w- C:\6b106405dde16537b2467989
    2011-10-11 07:36:19 -------- d-sh--w- c:\users\computer\appdata\local\8e2afdc6
    2011-09-17 00:24:18 -------- d-----w- C:\43b36d0721eb0ac7f8e4f139
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 15:22:25.37 ===============

    ATTACH TEXT:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 05/28/2008 09:16:31 AM
    System Uptime: 10/13/2011 03:13:37 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | DQ35MP
    Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | J1PR | 2497/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 244 GiB total, 133.647 GiB free.
    D: is FIXED (NTFS) - 222 GiB total, 78.256 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.2.0
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AIO_CDB_Software
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    BufferChm
    CD Asia Products
    Chikka Messenger V4
    Chinese Traditional Fonts Support For Adobe Reader 8
    Compatibility Pack for the 2007 Office system
    Copy
    CustomerResearchQFolder
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    EniG\Periodic Table
    eSupportQFolder
    Excel OM 2
    Fax
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 8.0
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    HP Product Assistant
    HP Solution Center 8.0
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    Intel(R) PRO Network Connections 12.1.12.0
    Intel® Active Management Technology
    Intel® Management Engine Interface
    iTunes
    Java(TM) 6 Update 16
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    Korean Fonts Support For Adobe Reader 8
    LightScribe 1.8.15.1
    Luxor
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    MathType 6
    Microsoft .NET Framework 3.5 SP1
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    MozBackup 1.5.1
    Mozilla Firefox 7.0.1 (x86 en-US)
    Mozilla Thunderbird (5.0)
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyPhoneExplorer
    Nero 7 Essentials
    neroxml
    Nokia Connectivity Cable Driver
    Nokia Ovi Player
    Nokia PC Suite
    Nokia_Multimedia_Common_Components_2_5
    NTRU TCG Software Stack
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Octoshape add-in for Adobe Flash Player
    OpenOffice.org Installer 1.0
    PC Connectivity Solution
    PDF Settings
    QuickTime
    Realtek High Definition Audio Driver
    Safari
    Scan
    Seagate DiscWizard
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Skype™ 3.8
    SolutionCenter
    SopCast 3.2.4
    Status
    STELLA 9.0.2 Trial
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update Manager
    VideoLAN VLC media player 0.8.6f
    WebReg
    Windows Driver Package - Nokia Modem (06/01/2009 4.1)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Messenger for Vista
    Zuma's Revenge!
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/13/2011 12:26:24 AM, Error: EventLog [6008] - The previous system shutdown at 12:22:14 AM on 10/13/2011 was unexpected.
    10/13/2011 11:39:12 AM, Error: EventLog [6008] - The previous system shutdown at 11:35:11 AM on 10/13/2011 was unexpected.
    10/13/2011 10:53:47 AM, Error: EventLog [6008] - The previous system shutdown at 10:49:00 AM on 10/13/2011 was unexpected.
    10/13/2011 10:36:07 AM, Error: EventLog [6008] - The previous system shutdown at 10:33:53 AM on 10/13/2011 was unexpected.
    10/13/2011 10:22:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    10/13/2011 01:48:55 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
    10/13/2011 01:48:50 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/13/2011 01:24:31 PM, Error: Print [19] - The print spooler failed to share printer hp psc 1300 series with shared resource name hp psc 1300 series. Error 2114. The printer cannot be used by others on the network.
    10/12/2011 12:06:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    10/12/2011 11:21:02 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    10/12/2011 11:21:02 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    10/12/2011 09:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/12/2011 09:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/12/2011 09:50:38 AM, Error: EventLog [6008] - The previous system shutdown at 9:46:25 AM on 10/12/2011 was unexpected.
    10/12/2011 08:54:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/12/2011 08:54:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/12/2011 08:54:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/12/2011 08:54:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/12/2011 08:54:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    10/12/2011 08:54:09 AM, Error: LSM [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
    10/12/2011 08:54:04 AM, Error: EventLog [6008] - The previous system shutdown at 8:50:24 AM on 10/12/2011 was unexpected.
    10/12/2011 08:39:36 AM, Error: EventLog [6008] - The previous system shutdown at 8:37:50 AM on 10/12/2011 was unexpected.
    10/12/2011 08:18:11 AM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Access is denied.
    10/12/2011 08:17:57 AM, Error: EventLog [6008] - The previous system shutdown at 8:15:24 AM on 10/12/2011 was unexpected.
    10/12/2011 08:08:30 AM, Error: EventLog [6008] - The previous system shutdown at 8:06:13 AM on 10/12/2011 was unexpected.
    10/12/2011 07:55:34 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c99568b6a4cf6b) service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:58 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Seagate Scheduler2 Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Intel(R) Active Management Technology System Status Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:19 AM, Error: EventLog [6008] - The previous system shutdown at 7:51:26 AM on 10/12/2011 was unexpected.
    10/12/2011 05:21:21 PM, Error: EventLog [6008] - The previous system shutdown at 5:17:17 PM on 10/12/2011 was unexpected.
    10/12/2011 05:12:25 PM, Error: EventLog [6008] - The previous system shutdown at 5:07:07 PM on 10/12/2011 was unexpected.
    10/12/2011 04:46:34 PM, Error: EventLog [6008] - The previous system shutdown at 11:29:01 AM on 10/12/2011 was unexpected.
    10/08/2011 09:41:30 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/06/2011 10:52:24 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    10/06/2011 07:02:50 AM, Error: TermService [1057] - The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state. .
    10/06/2011 02:29:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 000E2EF47D65 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I will try to help you get the scans running.

    A note first re: "We went through the entire step and more or less I encountered the same difficulties as that user."
    While we may have you run some of the same programs, the information we give is specific to the person who started the thread. And you are correct in thinking it can actually make a problem worse.
    =============================================
    I note that you had several crashes in a row and before that, several unexplained shut downs.
    Before trying the scans, please do an Error Check as follows:
    From Windows Explorer:
    Right click on Start> Explore> My Computer> Right click on Local Drive (usually C)> Properties> Tools> Error Check> check both boxes on the screen that comes up> Apply> Close the message and reboot for the Error Checking to start.

    This may take a while if it hasn't been done in maintenance so let it complete. The system will reboot when finished. There is no log to leave
    ======================================
    Since you didn't give me the error message from Mbam, I'll start with this:
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again
    If that doesn't work and you get another message, please tell me what it is.
    =====================================
    I see that the AVG uninstaller has been run, so you can go on to Combofox>>> but if you get a message that it can't run because AVG is on the system, run the AppRempver first:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =========================================
    Please leave the logs in our next reply.
    ========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================

    Please go on to the next reply.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java v6u27 Java Updates .

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    (I notice that the AskBar is on the system. That usually happens from a pre-checked TB on a download screen.)
    ---------------------------
    Please update Java to v6u27 Java Updates . Make sure any earlier versions were removed in Add/Remove Programs.
    ==============================
    You will most likely have malware in the Java cache because of the outdated programs, so it needs to be emptied:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===========================================
  4. Matthew

    Matthew TechSpot Staff Posts: 6,052   +84 Staff Member

  5. henrisha

    henrisha Newcomer, in training Topic Starter

    Re:

    Hi, thanks for your response.

    - I tried running the Check Disk tool on Drive C. A window popped up saying the disk could not be scanned as it was still in use, so it asked if I wanted to schedule a disk check. I clicked yes.
    - I rebooted the PC. It began booting up and showed a Blue Screen of Death. I left it alone and it loaded Windows again.
    - I did another restart. This time, the scan was initiated before Windows was loaded. However, the following message appeared: "Cannot open volume for direct access" and the scan was not initiated or completed at all.

    - I downloaded and ran randmbam. An error window popped up that some application (the name of which was just a series of numbers) had stopped working and it was going to be closed.
    - I ran randmbam again. It said that a new shortcut was created on the Desktop, however, I could not find any.

    - I downloaded and ran Combofix. The following message appeared in a popup window after a few minutes:
    "Combofix - Zero Access
    You are infected with Rootkit.Zero Access! It has inserted itself into tcp/ip stack."
    - This window disappeared after a minute or so and the following appeared after:
    "Combofix has detected the presence of Rootkit activity and needs to reboot."

    - I click "Okay" and the system rebooted.

    - ComboFix is now scanning the PC again. (Will update after scan completes -- Updating the thread as I go using another PC)
    - ComboFix completed the scan successfully. After it ran, the Check Disk tool finally ran for Drive C.

    - Check Disk finished scanning Drive C successfully.

    COMBOFIX LOG:


    ComboFix 11-10-13.05 - computer 10/14/2011 11:16:20.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2010.887 [GMT 8:00]
    Running from: c:\users\computer\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\ShoppingReport
    c:\users\Public\Videos\11-15\_desktop.ini
    c:\users\Public\Videos\11-15\Desktop_.ini
    c:\users\Public\Videos\16-20\_desktop.ini
    c:\users\Public\Videos\16-20\Desktop_.ini
    c:\users\Public\Videos\21-25\_desktop.ini
    c:\users\Public\Videos\21-25\Desktop_.ini
    c:\users\Public\Videos\6teen - Season 1\_desktop.ini
    c:\users\Public\Videos\6teen - Season 1\Desktop_.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 1-5\_desktop.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 1-5\Desktop_.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 11-15\_desktop.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 11-15\Desktop_.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 16-20\_desktop.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 16-20\Desktop_.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 21-26\_desktop.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 21-26\Desktop_.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 6-10\_desktop.ini
    c:\users\Public\Videos\6Teen Season 2 Eps 6-10\Desktop_.ini
    c:\users\Public\Videos\As Told By Ginger - Entire series in ENGLISH no subtitles\Desktop_.ini
    c:\windows\$NtUninstallKB35859$
    c:\windows\$NtUninstallKB35859$\2385182150\@
    c:\windows\$NtUninstallKB35859$\2385182150\click.tlb
    c:\windows\$NtUninstallKB35859$\2385182150\L\qnbwvoto
    c:\windows\$NtUninstallKB35859$\2385182150\loader.tlb
    c:\windows\$NtUninstallKB35859$\2385182150\U\@00000001
    c:\windows\$NtUninstallKB35859$\2385182150\U\@000000c0
    c:\windows\$NtUninstallKB35859$\2385182150\U\@000000cb
    c:\windows\$NtUninstallKB35859$\2385182150\U\@000000cf
    c:\windows\$NtUninstallKB35859$\2385182150\U\@80000000
    c:\windows\$NtUninstallKB35859$\2385182150\U\@800000c0
    c:\windows\$NtUninstallKB35859$\2385182150\U\@800000cb
    c:\windows\$NtUninstallKB35859$\2385182150\U\@800000cf
    c:\windows\$NtUninstallKB35859$\2803438837
    c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    c:\windows\3338480270
    c:\windows\assembly\GAC_MSIL\desktop.ini
    c:\windows\system32\
    c:\windows\system32\system
    d:\8 gig\mp3\korean 2\piano\_desktop.ini
    d:\8 gig\mp3\piano\_desktop.ini
    d:\public videos\Fushigi Yuugi\Desktop_.ini
    d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_01-25\_desktop.ini
    d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_01-25\Desktop_.ini
    d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_26-50\_desktop.ini
    d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_26-50\Desktop_.ini
    d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_51-75\_desktop.ini
    d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_51-75\Desktop_.ini
    d:\public videos\Rurouni Kenshin (Complete)\[a4e]Rurouni_Kenshin_TV_76-95\Desktop_.ini
    D:\Setup.exe
    d:\susan\My Documents\Hazel\HAZEL\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Diskette Contents - comelec\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Diskette Contents - comelec\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Diskette Contents - comelec\Fonts\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Diskette Contents - comelec\Fonts\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Old Share\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\Old School Documents\Old Share\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\Advanced ALGEBRA\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\Advanced ALGEBRA\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\corel prac - for share\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\corel prac - for share\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\ECONOMICS\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\ECONOMICS\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\English\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\English\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\English\TERM PAPER\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\English\TERM PAPER\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\FILIPINO\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\FILIPINO\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\1st Q Project\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\1st Q Project\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Investig\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Investig\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Investig\Final Report\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\PHYSICS\Investig\Final Report\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\TRIGONOMETRY\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SCHOOL STUFF\TRIGONOMETRY\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SPDiaryexe\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\BACKUP - My Documents\Hazel\SPDiaryexe\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\background per sangay\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\background per sangay\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\backup\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\backup\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\extra\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\extra\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\jb - other docs - fili\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\backup docs\jb - other docs - fili\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FILI PAPER\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\AutoCAD Files\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\AutoCAD Files\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\chem lab - metals nonmetals FLAME TESt_files\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\chem lab - metals nonmetals FLAME TESt_files\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\flame test results_files\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\CHEMLAB - Expt 1\flame test results_files\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\solrules_files\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\CHEMLAB\solrules_files\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\College - FIRST YEAR\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\SCORE RECORDS\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\FIRST YEAR (COLLEGE)\SCORE RECORDS\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\haze-pics\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\haze-pics\336864\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\haze-pics\336864\BP8\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\haze-pics\336864\BP8\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\haze-pics\336864\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\haze-pics\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\intrams\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\intrams\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\new piCs\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\intrams\Grad Pic (Haze)\new piCs\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\rocks_files\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\Haze - Grad Pic\rocks_files\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\HAZEL - scanns\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\HAZEL - scanns\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\old stuff\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\old stuff\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Scanned\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\Scanned\Desktop_.ini
    d:\susan\My Documents\Hazel\HAZEL\Scanned\Scanned - 2\_desktop.ini
    d:\susan\My Documents\Hazel\HAZEL\Scanned\Scanned - 2\Desktop_.ini
    .
    Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
    Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
    .
    Infected copy of c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy24_!Program Files!Malwarebytes' Anti-Malware!mbamservice.exe
    .
    Infected copy of c:\windows\system32\nvvsvc.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!nvvsvc.exe
    .
    c:\windows\System32\nvSCPAPISvr.exe . . . is infected!!
    c:\windows\System32\nvSCPAPISvr.exe . . . was deleted!! You should re-install the program it pertains to
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_8e2afdc6
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-14 05:36 . 2011-10-14 05:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D45C60-5A54-4BE3-8AA8-64DACEC70100}\offreg.dll
    2011-10-14 04:20 . 2011-10-14 05:40 -------- d-----w- c:\users\computer\AppData\Local\temp
    2011-10-14 04:20 . 2011-10-14 04:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-14 04:20 . 2011-10-14 04:20 -------- d-----w- c:\users\henri\AppData\Local\temp
    2011-10-14 03:42 . 2009-06-10 00:34 211488 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-14 00:24 . 2011-09-21 01:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D45C60-5A54-4BE3-8AA8-64DACEC70100}\mpengine.dll
    2011-10-13 07:00 . 2011-10-13 07:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-13 05:46 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-10-13 05:46 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-10-13 05:46 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-10-13 05:46 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-10-13 05:46 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-10-13 05:46 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-10-13 05:45 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-13 05:45 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-10-13 03:33 . 2011-10-13 03:33 -------- d-----w- c:\users\computer\AppData\Roaming\Malwarebytes
    2011-10-13 03:32 . 2011-10-13 03:32 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-13 03:32 . 2011-10-14 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-13 03:32 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-13 03:27 . 2011-10-13 05:44 -------- d-----w- c:\programdata\AVAST Software
    2011-10-13 03:27 . 2011-10-13 03:27 -------- d-----w- c:\program files\AVAST Software
    2011-10-13 02:45 . 2011-10-13 02:46 -------- d-----w- C:\6b106405dde16537b2467989
    2011-10-11 07:36 . 2011-10-13 06:12 -------- d-sh--w- c:\users\computer\AppData\Local\8e2afdc6
    2011-09-17 00:24 . 2011-09-17 00:32 -------- d-----w- C:\43b36d0721eb0ac7f8e4f139
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-12 15:27 . 2011-08-12 15:27 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2008-09-10 05:49 . 2008-09-10 05:49 5817064 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    2011-10-01 06:50 . 2011-05-06 02:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-07 4493312]
    "Skytel"="Skytel.exe" [2007-09-07 1826816]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-07-12 149280]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAAwADQAOAAyADgAMgAyADYALQBUADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADQANAAzADAANQAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA&prod=90&ver=9.0.894" [?]
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    2008-06-24 12:06 904768 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 00:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-04-20 04:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
    2007-09-07 03:48 401408 ----a-r- c:\program files\Intel\AMT\atchk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-01 02:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
    2008-06-24 11:52 1325848 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 08:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-08-11 08:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2007-07-18 09:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 07:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
    2009-11-06 08:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-06-10 00:34 13785632 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-06-25 07:12 1414144 ----a-w- c:\users\computer\Desktop\SHARISSEChua\N5310 -- PC Suite\Nokia PC Suite 7\PCSuite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
    2008-06-24 11:56 136472 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2008-05-28 01:11 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-01-15 08:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
    2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
    .
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-09-07 2514944]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2009-06-09 335872]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-07-18 09:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-14 c:\windows\Tasks\User_Feed_Synchronization-{057723D0-8091-4C52-87AF-36CDD9701F51}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=15161&l=dis
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 222.127.143.5 202.126.40.5
    FF - ProfilePath - c:\users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\kgemun6k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
    MSConfigStartUp-HotKeysCmds - c:\windows\system32\hkcmd.exe
    MSConfigStartUp-IgfxTray - c:\windows\system32\igfxtray.exe
    MSConfigStartUp-Persistence - c:\windows\system32\igfxpers.exe
    AddRemove-Folio - c:\cdasia\Uninst.isu
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-14 13:37
    Windows 6.0.6000 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Intel\AMT\LMS.exe
    c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-14 13:45:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-14 05:45
    .
    Pre-Run: 142,009,114,624 bytes free
    Post-Run: 145,922,535,424 bytes free
    .
    - - End Of File - - 25D12430AF2DF4621192D1F6AD623C0A
  6. henrisha

    henrisha Newcomer, in training Topic Starter

    Re: Java

    - Followed your instructions and removed all previous versions of Java using JavaRa.
    - Downloaded and just installed Java v6u27.

    QUESTION:
    Should I attempt to run MalwareBytes again?
  7. henrisha

    henrisha Newcomer, in training Topic Starter

    Re: Avast Antivirus

    I'd also like to mention something that's been going on with Avast.

    All of the shields of the program are turned off or are "unreachable." I click the "Fix now" button to turn the services back on, to no avail.

    The ff. error appears on the Avast UI:

    The avast! antivirus program has been stopped, or is in an inconsistent state. Please re-start the program to resume protecting your system.

    Also, when I go to the Scan Computer tab, there's a current scan there that's been running for 24 hours (hasn't stopped since I started it yesterday) and it's not progressing at all. Clicking PAUSE or STOP doesn't do anything either.

    Thanks again!
  8. henrisha

    henrisha Newcomer, in training Topic Starter

    Re: Bump

    Just want to follow up on this thread. Thanks!
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The fact that you had 2 active threads going for the same problem explains the delay. The system is in pretty much of a mess! I'm not sure we can 'rescue' it!

    Reboot the computer- that should stop the Avast scan.

    Please go to the Control Panel> Folder Options> View tab> be sure these entries are checked as follows:
    Check 'do not show hidden files and folders'
    Check 'hide protected system files and folders (Recommended)
    Then click on Apply> OK

    From the Control Panel again: Display> Desktop tab> Customize Desktop> Web tab> Web Sites box: remove any entries except 'My Home Page'> Uncheck 'Lock taskbar entries> OK> Apply> OK
    Reboot, then go on with the following>
    ============================================
    ZeroAccessRootkit:

    Download and run TDSSKiller first:
    1. Double-click on TDSSKiller.exe to run the application.
    2. Click on the Start Scan button and wait for the scan and disinfection process to be over.
    3. If an infected file is detected, the default action will be Cure, click on Continue Posted Image
      [​IMG]
    4. If a suspicious file is detected, the default action will be Skip, click on Continue
      [​IMG]
    5. If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).
    [*] If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.[/lst]
    ==========================
    Follow with download of maxhandle.exe by noahdfear to your desktop.
    1. Double click maxhandle.exeand run the application
    2. An active internet connection is required so that maxhandle.exe may download a tool from SysInternals
    3. If Max++ is present the log will open automatically.
    4. If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
    5. Log is saved to c:\maxhandle.txt

    Please post both of the logs in your next reply.
    ===============================
    Thank you Matthew- sorry I didn't see it sooner!
  10. henrisha

    henrisha Newcomer, in training Topic Starter

    Re:

    Okay, thanks for your reply.

    I am unable to find the Display>Desktop Tab for some reason in the Control Panel.

    TDSS Killer Report:



    09:37:16.0956 5032 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
    09:37:17.0694 5032 ============================================================
    09:37:17.0694 5032 Current date / time: 2011/10/19 09:37:17.0694
    09:37:17.0694 5032 SystemInfo:
    09:37:17.0694 5032
    09:37:17.0694 5032 OS Version: 6.0.6000 ServicePack: 0.0
    09:37:17.0694 5032 Product type: Workstation
    09:37:17.0694 5032 ComputerName: HENRY
    09:37:17.0694 5032 UserName: computer
    09:37:17.0694 5032 Windows directory: C:\Windows
    09:37:17.0694 5032 System windows directory: C:\Windows
    09:37:17.0694 5032 Processor architecture: Intel x86
    09:37:17.0694 5032 Number of processors: 4
    09:37:17.0694 5032 Page size: 0x1000
    09:37:17.0694 5032 Boot type: Normal boot
    09:37:17.0694 5032 ============================================================
    09:37:18.0591 5032 Initialize success
    09:37:19.0469 5792 ============================================================
    09:37:19.0469 5792 Scan started
    09:37:19.0469 5792 Mode: Manual;
    09:37:19.0469 5792 ============================================================
    09:37:20.0114 5792 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
    09:37:20.0115 5792 ACPI - ok
    09:37:20.0147 5792 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    09:37:20.0149 5792 adp94xx - ok
    09:37:20.0168 5792 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    09:37:20.0170 5792 adpahci - ok
    09:37:20.0190 5792 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    09:37:20.0191 5792 adpu160m - ok
    09:37:20.0211 5792 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    09:37:20.0212 5792 adpu320 - ok
    09:37:20.0253 5792 AegisP (91f3df93f40a74d222cd166fe95db633) C:\Windows\system32\DRIVERS\AegisP.sys
    09:37:20.0254 5792 AegisP - ok
    09:37:20.0282 5792 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    09:37:20.0284 5792 AFD - ok
    09:37:20.0313 5792 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    09:37:20.0314 5792 agp440 - ok
    09:37:20.0356 5792 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    09:37:20.0356 5792 aic78xx - ok
    09:37:20.0389 5792 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    09:37:20.0390 5792 aliide - ok
    09:37:20.0404 5792 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    09:37:20.0405 5792 amdagp - ok
    09:37:20.0416 5792 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    09:37:20.0418 5792 amdide - ok
    09:37:20.0433 5792 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    09:37:20.0434 5792 AmdK7 - ok
    09:37:20.0444 5792 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    09:37:20.0445 5792 AmdK8 - ok
    09:37:20.0508 5792 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    09:37:20.0509 5792 arc - ok
    09:37:20.0526 5792 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    09:37:20.0527 5792 arcsas - ok
    09:37:20.0561 5792 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
    09:37:20.0561 5792 aswFsBlk - ok
    09:37:20.0599 5792 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
    09:37:20.0600 5792 aswMonFlt - ok
    09:37:20.0617 5792 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
    09:37:20.0620 5792 aswRdr - ok
    09:37:20.0643 5792 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
    09:37:20.0645 5792 aswSnx - ok
    09:37:20.0675 5792 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
    09:37:20.0677 5792 aswSP - ok
    09:37:20.0696 5792 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
    09:37:20.0696 5792 aswTdi - ok
    09:37:20.0716 5792 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    09:37:20.0716 5792 AsyncMac - ok
    09:37:20.0741 5792 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
    09:37:20.0741 5792 atapi - ok
    09:37:20.0779 5792 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    09:37:20.0779 5792 Beep - ok
    09:37:20.0803 5792 blbdrive - ok
    09:37:20.0815 5792 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    09:37:20.0816 5792 bowser - ok
    09:37:20.0834 5792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    09:37:20.0834 5792 BrFiltLo - ok
    09:37:20.0865 5792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    09:37:20.0867 5792 BrFiltUp - ok
    09:37:20.0881 5792 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    09:37:20.0881 5792 Brserid - ok
    09:37:20.0897 5792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    09:37:20.0898 5792 BrSerWdm - ok
    09:37:20.0915 5792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    09:37:20.0915 5792 BrUsbMdm - ok
    09:37:20.0934 5792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    09:37:20.0934 5792 BrUsbSer - ok
    09:37:20.0949 5792 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    09:37:20.0951 5792 BTHMODEM - ok
    09:37:20.0954 5792 catchme - ok
    09:37:20.0969 5792 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    09:37:20.0970 5792 cdfs - ok
    09:37:20.0999 5792 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    09:37:21.0000 5792 cdrom - ok
    09:37:21.0020 5792 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    09:37:21.0021 5792 circlass - ok
    09:37:21.0058 5792 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
    09:37:21.0065 5792 CLFS - ok
    09:37:21.0081 5792 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    09:37:21.0083 5792 cmdide - ok
    09:37:21.0101 5792 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    09:37:21.0101 5792 Compbatt - ok
    09:37:21.0141 5792 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    09:37:21.0143 5792 crcdisk - ok
    09:37:21.0168 5792 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    09:37:21.0169 5792 Crusoe - ok
    09:37:21.0193 5792 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    09:37:21.0194 5792 DfsC - ok
    09:37:21.0215 5792 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    09:37:21.0216 5792 disk - ok
    09:37:21.0248 5792 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    09:37:21.0250 5792 drmkaud - ok
    09:37:21.0343 5792 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
    09:37:21.0346 5792 DXGKrnl - ok
    09:37:21.0367 5792 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
    09:37:21.0368 5792 e1express - ok
    09:37:21.0388 5792 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    09:37:21.0389 5792 E1G60 - ok
    09:37:21.0415 5792 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    09:37:21.0416 5792 Ecache - ok
    09:37:21.0455 5792 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    09:37:21.0458 5792 elxstor - ok
    09:37:21.0488 5792 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    09:37:21.0489 5792 fastfat - ok
    09:37:21.0508 5792 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    09:37:21.0508 5792 fdc - ok
    09:37:21.0531 5792 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    09:37:21.0532 5792 FileInfo - ok
    09:37:21.0545 5792 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    09:37:21.0545 5792 Filetrace - ok
    09:37:21.0568 5792 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    09:37:21.0569 5792 flpydisk - ok
    09:37:21.0596 5792 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    09:37:21.0598 5792 FltMgr - ok
    09:37:21.0626 5792 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    09:37:21.0626 5792 Fs_Rec - ok
    09:37:21.0656 5792 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    09:37:21.0657 5792 gagp30kx - ok
    09:37:21.0686 5792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    09:37:21.0687 5792 GEARAspiWDM - ok
    09:37:21.0710 5792 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    09:37:21.0712 5792 HdAudAddService - ok
    09:37:21.0728 5792 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
    09:37:21.0729 5792 HDAudBus - ok
    09:37:21.0757 5792 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\Windows\system32\DRIVERS\HECI.sys
    09:37:21.0757 5792 HECI - ok
    09:37:21.0777 5792 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    09:37:21.0777 5792 HidBth - ok
    09:37:21.0798 5792 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    09:37:21.0799 5792 HidIr - ok
    09:37:21.0812 5792 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
    09:37:21.0813 5792 HidUsb - ok
    09:37:21.0831 5792 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    09:37:21.0832 5792 HpCISSs - ok
    09:37:21.0884 5792 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
    09:37:21.0886 5792 HTTP - ok
    09:37:21.0899 5792 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    09:37:21.0900 5792 i2omp - ok
    09:37:21.0931 5792 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
    09:37:21.0931 5792 i8042prt - ok
    09:37:21.0946 5792 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    09:37:21.0948 5792 iaStorV - ok
    09:37:21.0960 5792 igfx - ok
    09:37:21.0980 5792 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    09:37:21.0981 5792 iirsp - ok
    09:37:22.0149 5792 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys
    09:37:22.0158 5792 IntcAzAudAddService - ok
    09:37:22.0190 5792 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    09:37:22.0191 5792 intelide - ok
    09:37:22.0208 5792 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    09:37:22.0209 5792 intelppm - ok
    09:37:22.0223 5792 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    09:37:22.0224 5792 IpFilterDriver - ok
    09:37:22.0235 5792 IpInIp - ok
    09:37:22.0252 5792 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    09:37:22.0254 5792 IPMIDRV - ok
    09:37:22.0266 5792 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    09:37:22.0266 5792 IPNAT - ok
    09:37:22.0284 5792 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    09:37:22.0285 5792 IRENUM - ok
    09:37:22.0300 5792 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    09:37:22.0301 5792 isapnp - ok
    09:37:22.0339 5792 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    09:37:22.0340 5792 iScsiPrt - ok
    09:37:22.0367 5792 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    09:37:22.0368 5792 iteatapi - ok
    09:37:22.0381 5792 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    09:37:22.0382 5792 iteraid - ok
    09:37:22.0413 5792 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
    09:37:22.0414 5792 kbdclass - ok
    09:37:22.0433 5792 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
    09:37:22.0434 5792 kbdhid - ok
    09:37:22.0466 5792 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
    09:37:22.0469 5792 KSecDD - ok
    09:37:22.0494 5792 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    09:37:22.0495 5792 lltdio - ok
    09:37:22.0524 5792 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    09:37:22.0525 5792 LSI_FC - ok
    09:37:22.0537 5792 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    09:37:22.0538 5792 LSI_SAS - ok
    09:37:22.0551 5792 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    09:37:22.0552 5792 LSI_SCSI - ok
    09:37:22.0573 5792 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    09:37:22.0574 5792 luafv - ok
    09:37:22.0627 5792 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    09:37:22.0628 5792 MBAMProtector - ok
    09:37:22.0658 5792 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    09:37:22.0659 5792 megasas - ok
    09:37:22.0727 5792 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    09:37:22.0728 5792 Modem - ok
    09:37:22.0761 5792 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
    09:37:22.0761 5792 monitor - ok
    09:37:22.0781 5792 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
    09:37:22.0782 5792 mouclass - ok
    09:37:22.0802 5792 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
    09:37:22.0803 5792 mouhid - ok
    09:37:22.0827 5792 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    09:37:22.0827 5792 MountMgr - ok
    09:37:22.0851 5792 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    09:37:22.0852 5792 mpio - ok
    09:37:22.0880 5792 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    09:37:22.0881 5792 mpsdrv - ok
    09:37:22.0894 5792 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    09:37:22.0895 5792 Mraid35x - ok
    09:37:22.0919 5792 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
    09:37:22.0920 5792 MRxDAV - ok
    09:37:22.0971 5792 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
    09:37:22.0973 5792 mrxsmb - ok
    09:37:23.0031 5792 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    09:37:23.0033 5792 mrxsmb10 - ok
    09:37:23.0064 5792 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    09:37:23.0065 5792 mrxsmb20 - ok
    09:37:23.0092 5792 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    09:37:23.0093 5792 msahci - ok
    09:37:23.0104 5792 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    09:37:23.0105 5792 msdsm - ok
    09:37:23.0131 5792 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    09:37:23.0131 5792 Msfs - ok
    09:37:23.0148 5792 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
    09:37:23.0149 5792 msisadrv - ok
    09:37:23.0180 5792 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    09:37:23.0181 5792 MSKSSRV - ok
    09:37:23.0202 5792 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    09:37:23.0203 5792 MSPCLOCK - ok
    09:37:23.0215 5792 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    09:37:23.0216 5792 MSPQM - ok
    09:37:23.0229 5792 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    09:37:23.0230 5792 MsRPC - ok
    09:37:23.0253 5792 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
    09:37:23.0254 5792 mssmbios - ok
    09:37:23.0264 5792 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    09:37:23.0265 5792 MSTEE - ok
    09:37:23.0278 5792 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    09:37:23.0279 5792 Mup - ok
    09:37:23.0305 5792 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
    09:37:23.0307 5792 NativeWifiP - ok
    09:37:23.0351 5792 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
    09:37:23.0354 5792 NDIS - ok
    09:37:23.0379 5792 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
    09:37:23.0380 5792 NdisTapi - ok
    09:37:23.0390 5792 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    09:37:23.0391 5792 Ndisuio - ok
    09:37:23.0407 5792 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    09:37:23.0409 5792 NdisWan - ok
    09:37:23.0422 5792 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
    09:37:23.0422 5792 NDProxy - ok
    09:37:23.0441 5792 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    09:37:23.0442 5792 NetBIOS - ok
    09:37:23.0461 5792 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    09:37:23.0463 5792 netbt - ok
    09:37:23.0486 5792 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    09:37:23.0488 5792 nfrd960 - ok
    09:37:23.0517 5792 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
    09:37:23.0518 5792 nmwcd - ok
    09:37:23.0548 5792 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
    09:37:23.0548 5792 nmwcdc - ok
    09:37:23.0562 5792 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    09:37:23.0563 5792 Npfs - ok
    09:37:23.0577 5792 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    09:37:23.0578 5792 nsiproxy - ok
    09:37:23.0646 5792 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
    09:37:23.0652 5792 Ntfs - ok
    09:37:23.0664 5792 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    09:37:23.0665 5792 ntrigdigi - ok
    09:37:23.0714 5792 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    09:37:23.0714 5792 Null - ok
    09:37:23.0901 5792 nvlddmkm (2913f72c5f4007cd2226e5d34e0aeece) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    09:37:23.0948 5792 nvlddmkm - ok
    09:37:23.0964 5792 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    09:37:23.0964 5792 nvraid - ok
    09:37:23.0979 5792 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    09:37:23.0995 5792 nvstor - ok
    09:37:24.0003 5792 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    09:37:24.0004 5792 nv_agp - ok
    09:37:24.0015 5792 NwlnkFlt - ok
    09:37:24.0026 5792 NwlnkFwd - ok
    09:37:24.0056 5792 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    09:37:24.0057 5792 ohci1394 - ok
    09:37:24.0089 5792 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    09:37:24.0090 5792 Parport - ok
    09:37:24.0145 5792 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
    09:37:24.0146 5792 partmgr - ok
    09:37:24.0169 5792 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    09:37:24.0170 5792 Parvdm - ok
    09:37:24.0214 5792 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    09:37:24.0215 5792 pccsmcfd - ok
    09:37:24.0236 5792 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
    09:37:24.0237 5792 pci - ok
    09:37:24.0268 5792 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
    09:37:24.0269 5792 pciide - ok
    09:37:24.0294 5792 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    09:37:24.0295 5792 pcmcia - ok
    09:37:24.0332 5792 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    09:37:24.0338 5792 PEAUTH - ok
    09:37:24.0386 5792 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
    09:37:24.0387 5792 PptpMiniport - ok
    09:37:24.0400 5792 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    09:37:24.0401 5792 Processor - ok
    09:37:24.0424 5792 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
    09:37:24.0425 5792 PSched - ok
    09:37:24.0460 5792 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    09:37:24.0465 5792 ql2300 - ok
    09:37:24.0490 5792 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    09:37:24.0491 5792 ql40xx - ok
    09:37:24.0511 5792 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    09:37:24.0512 5792 QWAVEdrv - ok
    09:37:24.0535 5792 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    09:37:24.0536 5792 RasAcd - ok
    09:37:24.0557 5792 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
    09:37:24.0558 5792 Rasl2tp - ok
    09:37:24.0575 5792 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    09:37:24.0577 5792 RasPppoe - ok
    09:37:24.0696 5792 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    09:37:24.0698 5792 rdbss - ok
    09:37:24.0771 5792 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    09:37:24.0772 5792 RDPCDD - ok
    09:37:24.0819 5792 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    09:37:24.0821 5792 rdpdr - ok
    09:37:24.0833 5792 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    09:37:24.0834 5792 RDPENCDD - ok
    09:37:24.0860 5792 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
    09:37:24.0862 5792 RDPWD - ok
    09:37:24.0890 5792 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    09:37:24.0891 5792 rspndr - ok
    09:37:24.0924 5792 RT61 (da84c3ed2f31b1d5d68f775eba4ecb59) C:\Windows\system32\DRIVERS\RT61.sys
    09:37:24.0927 5792 RT61 - ok
    09:37:24.0963 5792 rt61x86 (dd0bacc94b640abd17901557814e0bff) C:\Windows\system32\DRIVERS\netr61.sys
    09:37:24.0965 5792 rt61x86 - ok
    09:37:24.0990 5792 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    09:37:24.0991 5792 sbp2port - ok
    09:37:25.0010 5792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    09:37:25.0011 5792 secdrv - ok
    09:37:25.0026 5792 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
    09:37:25.0027 5792 Serenum - ok
    09:37:25.0051 5792 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
    09:37:25.0052 5792 Serial - ok
    09:37:25.0071 5792 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
    09:37:25.0071 5792 sermouse - ok
    09:37:25.0100 5792 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    09:37:25.0101 5792 sffdisk - ok
    09:37:25.0113 5792 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    09:37:25.0114 5792 sffp_mmc - ok
    09:37:25.0134 5792 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    09:37:25.0134 5792 sffp_sd - ok
    09:37:25.0146 5792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    09:37:25.0146 5792 sfloppy - ok
    09:37:25.0172 5792 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    09:37:25.0173 5792 sisagp - ok
    09:37:25.0189 5792 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    09:37:25.0190 5792 SiSRaid2 - ok
    09:37:25.0213 5792 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    09:37:25.0214 5792 SiSRaid4 - ok
    09:37:25.0236 5792 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
    09:37:25.0237 5792 Smb - ok
    09:37:25.0285 5792 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
    09:37:25.0285 5792 snapman - ok
    09:37:25.0316 5792 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    09:37:25.0316 5792 spldr - ok
    09:37:25.0347 5792 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
    09:37:25.0347 5792 srv - ok
    09:37:25.0379 5792 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
    09:37:25.0379 5792 srv2 - ok
    09:37:25.0410 5792 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
    09:37:25.0410 5792 srvnet - ok
    09:37:25.0441 5792 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
    09:37:25.0457 5792 swenum - ok
    09:37:25.0472 5792 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    09:37:25.0472 5792 Symc8xx - ok
    09:37:25.0472 5792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    09:37:25.0488 5792 Sym_hi - ok
    09:37:25.0488 5792 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    09:37:25.0504 5792 Sym_u3 - ok
    09:37:25.0566 5792 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
    09:37:25.0566 5792 Tcpip - ok
    09:37:25.0597 5792 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
    09:37:25.0597 5792 Tcpip6 - ok
    09:37:25.0629 5792 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    09:37:25.0629 5792 tcpipreg - ok
    09:37:25.0644 5792 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    09:37:25.0644 5792 TDPIPE - ok
    09:37:25.0676 5792 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
    09:37:25.0676 5792 tdrpman - ok
    09:37:25.0691 5792 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    09:37:25.0691 5792 TDTCP - ok
    09:37:25.0722 5792 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    09:37:25.0722 5792 tdx - ok
    09:37:25.0738 5792 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
    09:37:25.0738 5792 TermDD - ok
    09:37:25.0757 5792 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
    09:37:25.0758 5792 tifsfilter - ok
    09:37:25.0775 5792 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
    09:37:25.0778 5792 timounter - ok
    09:37:25.0791 5792 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
    09:37:25.0792 5792 TPM - ok
    09:37:25.0807 5792 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    09:37:25.0808 5792 tssecsrv - ok
    09:37:25.0855 5792 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
    09:37:25.0856 5792 tunmp - ok
    09:37:25.0891 5792 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
    09:37:25.0892 5792 tunnel - ok
    09:37:25.0920 5792 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    09:37:25.0921 5792 uagp35 - ok
    09:37:25.0941 5792 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    09:37:25.0944 5792 udfs - ok
    09:37:25.0972 5792 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    09:37:25.0973 5792 uliagpkx - ok
    09:37:25.0997 5792 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    09:37:25.0999 5792 uliahci - ok
    09:37:26.0012 5792 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    09:37:26.0013 5792 UlSata - ok
    09:37:26.0031 5792 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    09:37:26.0032 5792 ulsata2 - ok
    09:37:26.0044 5792 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    09:37:26.0045 5792 umbus - ok
    09:37:26.0086 5792 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
    09:37:26.0087 5792 upperdev - ok
    09:37:26.0116 5792 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    09:37:26.0117 5792 USBAAPL - ok
    09:37:26.0152 5792 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
    09:37:26.0153 5792 usbaudio - ok
    09:37:26.0186 5792 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
    09:37:26.0187 5792 usbccgp - ok
    09:37:26.0207 5792 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    09:37:26.0208 5792 usbcir - ok
    09:37:26.0240 5792 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
    09:37:26.0241 5792 usbehci - ok
    09:37:26.0260 5792 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
    09:37:26.0262 5792 usbhub - ok
    09:37:26.0283 5792 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    09:37:26.0284 5792 usbohci - ok
    09:37:26.0296 5792 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
    09:37:26.0297 5792 usbprint - ok
    09:37:26.0337 5792 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
    09:37:26.0338 5792 usbscan - ok
    09:37:26.0371 5792 usbser (c0488cc01a1c686b08a3d360c7f50324) C:\Windows\system32\DRIVERS\usbser.sys
    09:37:26.0372 5792 usbser - ok
    09:37:26.0393 5792 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
    09:37:26.0394 5792 UsbserFilt - ok
    09:37:26.0416 5792 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    09:37:26.0417 5792 USBSTOR - ok
    09:37:26.0429 5792 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    09:37:26.0430 5792 usbuhci - ok
    09:37:26.0456 5792 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
    09:37:26.0457 5792 usbvideo - ok
    09:37:26.0483 5792 usb_rndisx (db4721908daa0383ee82ffe430aebae1) C:\Windows\system32\DRIVERS\usb8023x.sys
    09:37:26.0484 5792 usb_rndisx - ok
    09:37:26.0505 5792 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    09:37:26.0506 5792 vga - ok
    09:37:26.0519 5792 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    09:37:26.0520 5792 VgaSave - ok
    09:37:26.0533 5792 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    09:37:26.0534 5792 viaagp - ok
    09:37:26.0548 5792 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    09:37:26.0549 5792 ViaC7 - ok
    09:37:26.0568 5792 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    09:37:26.0570 5792 viaide - ok
    09:37:26.0592 5792 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
    09:37:26.0593 5792 volmgr - ok
    09:37:26.0609 5792 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
    09:37:26.0611 5792 volmgrx - ok
    09:37:26.0626 5792 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
    09:37:26.0627 5792 volsnap - ok
    09:37:26.0643 5792 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    09:37:26.0645 5792 vsmraid - ok
    09:37:26.0663 5792 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    09:37:26.0664 5792 WacomPen - ok
    09:37:26.0704 5792 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    09:37:26.0705 5792 Wanarp - ok
    09:37:26.0710 5792 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    09:37:26.0712 5792 Wanarpv6 - ok
    09:37:26.0739 5792 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    09:37:26.0741 5792 Wd - ok
    09:37:26.0780 5792 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    09:37:26.0783 5792 Wdf01000 - ok
    09:37:26.0821 5792 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    09:37:26.0822 5792 WmiAcpi - ok
    09:37:26.0865 5792 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
    09:37:26.0866 5792 WpdUsb - ok
    09:37:26.0882 5792 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    09:37:26.0883 5792 ws2ifsl - ok
    09:37:26.0922 5792 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    09:37:26.0922 5792 WUDFRd - ok
    09:37:26.0941 5792 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    09:37:26.0951 5792 \Device\Harddisk0\DR0 - ok
    09:37:26.0960 5792 Boot (0x1200) (14b9574d9610ace9b2b8a21bf6527fde) \Device\Harddisk0\DR0\Partition0
    09:37:26.0962 5792 \Device\Harddisk0\DR0\Partition0 - ok
    09:37:26.0981 5792 Boot (0x1200) (7281dc1fa4358dfd17352aea9d2664d6) \Device\Harddisk0\DR0\Partition1
    09:37:26.0982 5792 \Device\Harddisk0\DR0\Partition1 - ok
    09:37:26.0982 5792 ============================================================
    09:37:26.0982 5792 Scan finished
    09:37:26.0982 5792 ============================================================
    09:37:26.0990 1696 Detected object count: 0
    09:37:26.0990 1696 Actual detected object count: 0
  11. henrisha

    henrisha Newcomer, in training Topic Starter

    Re:

    Max++ is not found, Nothing found!

    No log.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If Control Panel is in Category View: Start> Settings> Control Panel> Appearance & Themes> Pick a Task> Change Desktop background> Customize Desktop> Web tab>>>>>

    If Control Panel is in Classic View: Start> Control Panel> Display> Desktop Customize Desktop> Web tab>>>>>
  13. henrisha

    henrisha Newcomer, in training Topic Starter

    Hi Bobbye,

    Okay, thanks. What should I do next? :)
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please update me on how the system is running now.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please go back to the Combofix log and review all those deletions. It appears that files for several users were removed. Some are videos of 'teen' and 'college'. Other are school related subjects such as physics, economics and 'old school documents'.

    The desktop.ini file is placed under the “Files Ready to Be Written to the Disc” section. Normally, it would be a hidden file. When you found the desktop to follow my instructions, what did you find and what did you have to change?

    Do or did you have hidden files and folders open? Please make sure they are not:
    Control Panel> Folder Options> View tab> check 'do not show hidden files and folders' and check 'hide protected system files' (Recommended)> OK> Apply> OK.

    I don't want you to lose special files because they aren't configured correctly.

    Do you have any idea why there would be removed? Files, folders, images,
  16. henrisha

    henrisha Newcomer, in training Topic Starter

    Re:

    I ran Google Chrome and did a quick search on Google. I can now click on results and get to the indicated page-- no more redirection.

    Noticed errors:
    - There's this game (Zuma by PopCap) that my dad plays a lot, and in the middle of his game, the score suddenly resets to 0. This never happened before, so I'm not sure if it's a problem with the game or with the PC, but this still happens from time to time.
    - iTunes no longer recognizes any iPod or iPhone when connected. I was planning to uninstall and install iTunes, but wanted to wait to hear from you again. Would it be okay to do this?

    But the PC seems fine, at least better than it was, because it doesn't turn off or shut down out of the blue and for no reason.

    As for the deleted files, I have no idea why they were deleted by ComboFix.
    I also don't/didn't have any hidden files/folders open.
  17. henrisha

    henrisha Newcomer, in training Topic Starter

    Also, I never ran the MalwareBytes scan to completion because it always ran into an error before. Should I try it again?
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please ask him if he recognizes the files ending in desktop.ini?
    ------------------------------------
    You can try Mbam again, but please don't reboot yet.
  19. henrisha

    henrisha Newcomer, in training Topic Starter

    Re:

    According to him, the files were copied from another drive directly into his drive to free up space on the other drive.
    The files were already burnt to a data DVD though, so I don't think anything important was deleted.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.