wicked infection desktop icons gone

[trynfix]

okay, so my pc has been at my friends house on loan for about 9 months.  i finally get it back because he is no longer able to get online.  i start the thing up and all but 3 of the desktop icons disappear.  i try to run combofix because i have had success in the past.  i can't use it because an instance of combofix was on my desktop and i can not remove it because my pc can not find the path.  so, i download malwarebytes because i found on another site how it removes malware similar to combofix.  i run the quick scan first and it finds somethings.  i will include that log.  my computer is acting alot better after this.  prior to the use of the malwarebytes i was unable to play video files and unable to use programs without the pc crashing.  my pc was still very slow so i performed a full scan and that removed 2 items.  again the log will be included.  now the pc is working alot better, but i still do not have my icons back and start menu items are missing.  also i am noticing that some programs are out of place and i am unable to uninstall one program in particular
(pdanet) so that i can update it.  i try to use unhide.exe and that does not work because i do not have the smtmp folder.  i try to use roguekiller, because i saw somewhere else that that may help remove registries that are hiding my icons,etc.  i can include a log of that as well.  i came to this site because i saw that you guys have been great in helping people.  i have performed your preliminary steps and i will include the logs in replies.  if you guys could help me that would be great.  i am unable to browse the web and again icons and shortcuts are missing. 

[trynfix]

adwcleaner log

# AdwCleaner v2.303 - Logfile created 06/09/2013 at 22:18:11
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Sherra - GWEN
# Boot Mode : Normal
# Running from : C:\Users\Sherra\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\Users\Sherra\AppData\Roaming\Mozilla\Firefox\Profiles\o7xe8usu.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Sherra\AppData\LocalLow\AskSBar
Folder Deleted : C:\Users\Sherra\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Sherra\AppData\Roaming\Mozilla\Firefox\Profiles\o7xe8usu.default\FCTB

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AskSBar Uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Sherra\AppData\Roaming\Mozilla\Firefox\Profiles\o7xe8usu.default\prefs.js

C:\Users\Sherra\AppData\Roaming\Mozilla\Firefox\Profiles\o7xe8usu.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.DNSCatch", false);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.FirstLaunchShown", true);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.LastDate", 26);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.customNewTab", false);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.CaptureType", 3);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.lastPrivacyRulesTime", 1309141745);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.lastPrivacyRulesUrl", "hxxp://dcs.consumeri[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.lastWhitelistTime", 1309141745);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.lastWhitelistUrl", "hxxp://dcs.consumerinpu[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.panelID", "freecausefox");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.userID", "FCZ3E7B04324065");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.version", "6211");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.dca.whitelistInterval", 1440);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.installDate", "07052010");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.lastPingTime", 1309141747);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.processAddrBar", false);
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.session", "01158B5038FC455578AD3F69D7E0DCCAF64C[...]
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.tbver", "1.0.12");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.user_id", "04324065");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.voicebox.surveys", "");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.voicebox.version", "1013");
Deleted : user_pref("freecausefa3d1246250b4212a2bef1387ccca2 e7.yahooSearch", false);

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Sherra\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6520 octets] - [09/06/2013 22:18:11]

########## EOF - C:\AdwCleaner[S1].txt - [6580 octets] ##########


[recovering disk space, attachment deleted by admin]

[trynfix]

malwarebytes file from quick scan

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sherra :: GWEN [administrator]

6/7/2013 12:59:19 PM
mbam-log-2013-06-07 (12-59-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242554
Time elapsed: 14 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKCU\Software\voomuusa (Adware.HotBar.VM) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\VooMuu (Adware.HotBar.VM) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Sherra\AppData\Roaming\F2DA2\lvvm.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Data: C:\Users\Sherra\AppData\Roaming\F2DA2\lvvm.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Sherra\AppData\Roaming\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Local\temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


[recovering disk space, attachment deleted by admin]

[trynfix]

malwarebytes log from full scan

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sherra :: GWEN [administrator]

6/7/2013 6:43:25 PM
mbam-log-2013-06-07 (18-43-25).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 487274
Time elapsed: 3 hour(s), 25 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Sherra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2290926-3ad4920d (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.
C:\Users\Sherra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\14334ff3-3c75bc1f (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


[recovering disk space, attachment deleted by admin]

[trynfix]

securitycheck log

 Results of screen317's Security Check version 0.99.64 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Disabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Spyware Terminator   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner     
 Java(TM) 6 Update 21 
 Java(TM) 6 Update 4 
 Java(TM) 6 Update 5 
 Java(TM) 6 Update 7 
 Java version out of Date!
 Adobe Flash Player    11.4.402.265 
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox 14.0.1 Firefox out of Date! 
 Google Chrome 21.0.1180.79 
 Google Chrome 21.0.1180.83 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Webroot Webroot Desktop Firewall wdfsvc.exe 
 Webroot Webroot Desktop Firewall WDF.exe 
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 9 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]


[recovering disk space, attachment deleted by admin]

[trynfix]

i did 2 roguekiller scans.  the first was a scan and delete.  here is that log

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Sherra [Admin rights]
Mode : Scan -- Date : 06/08/2013 19:45:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] At1.job : C:\Users\Sherra\AppData\Roaming\wmplayer.exe /help

• -> FOUND

[TASK][SUSP PATH] At1 : C:\Users\Sherra\AppData\Roaming\wmplayer.exe /help

• -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:63475) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] $NtUninstallKB46385$ : C:\Windows\$NtUninstallKB46385$ --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[18] : NtAllocateVirtualMemory @ 0x83E504AB -> HOOKED (Unknown @ 0x86AAB818)
SSDT[72] : NtCreateProcess @ 0x83E99D63 -> HOOKED (Unknown @ 0x86AB0620)
SSDT[73] : NtCreateProcessEx @ 0x83E99DAE -> HOOKED (Unknown @ 0x86AA92E8)
SSDT[78] : NtCreateThread @ 0x83E99B98 -> HOOKED (Unknown @ 0x86AABAE8)
SSDT[255] : NtQueueApcThread @ 0x83DB9837 -> HOOKED (Unknown @ 0x86AAB890)
SSDT[261] : NtReadVirtualMemory @ 0x83DDA986 -> HOOKED (Unknown @ 0x86AAB728)
SSDT[289] : NtSetContextThread @ 0x83E9A867 -> HOOKED (Unknown @ 0x86AAB980)
SSDT[305] : NtSetInformationProcess @ 0x83E1C858 -> HOOKED (Unknown @ 0x86AA91F8)
SSDT[306] : NtSetInformationThread @ 0x83E0123D -> HOOKED (Unknown @ 0x86AAB9F8)
SSDT[330] : NtSuspendProcess @ 0x83E9B457 -> HOOKED (Unknown @ 0x86AA9180)
SSDT[331] : NtSuspendThread @ 0x83DA292D -> HOOKED (Unknown @ 0x86AAB908)
SSDT[334] : NtTerminateProcess @ 0x83DF90D3 -> HOOKED (Unknown @ 0x86AA9270)
SSDT[335] : NtTerminateThread @ 0x83E244DF -> HOOKED (Unknown @ 0x86AABA70)
SSDT[358] : NtWriteVirtualMemory @ 0x83E158BD -> HOOKED (Unknown @ 0x86AAB7A0)
SSDT[382] : NtCreateThreadEx @ 0x83E23F94 -> HOOKED (Unknown @ 0x86AAB638)
SSDT[383] : NtCreateUserProcess @ 0x83DD1BA6 -> HOOKED (Unknown @ 0x86AAB6B0)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x894FE420)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x895525F8)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x894FE3A8)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89552670)
S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x8955E460)
S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x89566BD8)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89566B60)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89694CF0)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x894D66E8)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-22YGA SCSI Disk Device +++++
--- User ---
[MBR] 8457d23c1b7eaf08c1b808635ac7db80
[BSP] 6dcd7dfb57a43d79b9bad5cc99f31bd2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 11209 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22956885 | Size: 465728 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_06082013_02d1945.txt >>
RKreport[1]_S_06082013_02d1945.txt





[recovering disk space, attachment deleted by admin]

[trynfix]

the second log from roguekiller was the scan and delete with the registry option

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Sherra [Admin rights]
Mode : Remove -- Date : 06/08/2013 19:49:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] At1.job : C:\Users\Sherra\AppData\Roaming\wmplayer.exe /help

• -> DELETED

[TASK][SUSP PATH] At1 : C:\Users\Sherra\AppData\Roaming\wmplayer.exe /help

• -> DELETED

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:63475) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\Windows\$NtUninstallKB46385$ >> \systemroot\system32\config --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB46385$\1053783041\L --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB46385$\1053783041\U --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB46385$\1053783041 --> REMOVED
[Del.Parent][FILE] 3721021429 : C:\Windows\$NtUninstallKB46385$\3721021429 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\$NtUninstallKB46385$ --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[18] : NtAllocateVirtualMemory @ 0x83E504AB -> HOOKED (Unknown @ 0x86AAB818)
SSDT[72] : NtCreateProcess @ 0x83E99D63 -> HOOKED (Unknown @ 0x86AB0620)
SSDT[73] : NtCreateProcessEx @ 0x83E99DAE -> HOOKED (Unknown @ 0x86AA92E8)
SSDT[78] : NtCreateThread @ 0x83E99B98 -> HOOKED (Unknown @ 0x86AABAE8)
SSDT[255] : NtQueueApcThread @ 0x83DB9837 -> HOOKED (Unknown @ 0x86AAB890)
SSDT[261] : NtReadVirtualMemory @ 0x83DDA986 -> HOOKED (Unknown @ 0x86AAB728)
SSDT[289] : NtSetContextThread @ 0x83E9A867 -> HOOKED (Unknown @ 0x86AAB980)
SSDT[305] : NtSetInformationProcess @ 0x83E1C858 -> HOOKED (Unknown @ 0x86AA91F8)
SSDT[306] : NtSetInformationThread @ 0x83E0123D -> HOOKED (Unknown @ 0x86AAB9F8)
SSDT[330] : NtSuspendProcess @ 0x83E9B457 -> HOOKED (Unknown @ 0x86AA9180)
SSDT[331] : NtSuspendThread @ 0x83DA292D -> HOOKED (Unknown @ 0x86AAB908)
SSDT[334] : NtTerminateProcess @ 0x83DF90D3 -> HOOKED (Unknown @ 0x86AA9270)
SSDT[335] : NtTerminateThread @ 0x83E244DF -> HOOKED (Unknown @ 0x86AABA70)
SSDT[358] : NtWriteVirtualMemory @ 0x83E158BD -> HOOKED (Unknown @ 0x86AAB7A0)
SSDT[382] : NtCreateThreadEx @ 0x83E23F94 -> HOOKED (Unknown @ 0x86AAB638)
SSDT[383] : NtCreateUserProcess @ 0x83DD1BA6 -> HOOKED (Unknown @ 0x86AAB6B0)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x894FE420)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x895525F8)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x894FE3A8)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89552670)
S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x8955E460)
S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x89566BD8)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89566B60)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89694CF0)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x894D66E8)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-22YGA SCSI Disk Device +++++
--- User ---
[MBR] 8457d23c1b7eaf08c1b808635ac7db80
[BSP] 6dcd7dfb57a43d79b9bad5cc99f31bd2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 11209 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22956885 | Size: 465728 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_06082013_02d1949.txt >>
RKreport[1]_S_06082013_02d1945.txt ; RKreport[2]_D_06082013_02d1949.txt





[recovering disk space, attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
This tool will remove ComboFix from your computer but don't run CF unless I ask you to do so.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

***********************************

Total Fragmentation on Drive C: 9 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

Please do not ignore this warning and defrag soon. SSD means Solid State Drive.

Please download Zero Access Removal tool by Symantec from here and save it to your desktop.

• Close all programs and doubleclick FixZeroAccess.exe to run the tool.
  
• Accept the EULA and click Proceed
  
• Allow the tool to restart your computer
• After restarting it should provide you with a report
• Please let me know what was the result.

As a matter of fact, since this is the first time I work with this tool, let me know if it saves a report to your desktop.

[trynfix]

i ran the cf uninstaller.  i also ran the zeroaccess fix tool 1.0.1.  that tool did not leave a report on my desktop.  a message box popped up saying 'scan result no threats detected.'  it also gave today's date

[trynfix]

oh, and thanks dave.  i really appreciate your help.  i had my pc check to see if defragmentation is needed.  it gave me a message your file system performance is good.  you do not need to defragment at this time.  since posting i have deleted some files.  i had about 1.4gb of free space and i now have about 50. should i still defragment?

[SuperDave]

i had about 1.4gb of free space and i now have about 50. should i still defragment?

Wow, I can't believe that computer was still able to boot. You should always have at least 15% of free space for Windows to operate efficiently. How's your computer running now?

[trynfix]

it is operating normally, however, desktop icons are missing and some files are missing as well

[trynfix]

also can not connect to the internet. 

[trynfix]

and some start menu options are still missing.

[trynfix]

forgot to mention, with the internet, i have a lan connection.  the cable is fine and it works with a laptop in the same slot in the modem.  my pc does not show the connection.