No problems with anything else I tried. So maybe I'll try that tomorrow. I need to be done by tomorrow night. You don't think it has an infection anymore? I'm ready for bed too. Its late here.

I think I'll try creating another profile tomorrow & see if I continue to have problems with those programs.

Very good idea. Let me know.
I should be back around lunch time.

Did you check the other AVZ?

I did, but since you used system restore, it doesn't make much difference.
One more thing, I want you to check though.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to VirusTotal - Free Online Virus and Malware Scan for security check:
ndisrd.sys located @ C:\Windows\system32\DRIVERS\
Post scan results.

I messaged you the link.

I am totally bewildered. First combofix didn't work [same error] on the temp account but then AVZ did so I switched to the owner's profile & now everything that you earlier had me run on the owner's account will run!!! So what now? Do I still need to run those scans? Should I still do an SFC?

Like I've said windows has & can bewilder me both in its problems & solutions. I created that account to test her shell. What I didn't think would happen is for that to seemingly fix the problem.

I'm as much perplexed as you're.
Pretty weird...

No more scans, because I don't see any infection anymore, but please, post fresh HJT log, so we can run final cleaning steps.

Originally Posted by broni

I'm as much perplexed as you're.
Pretty weird...

At least I'm not the only perplexed one. HJT:

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

================================================== ==============

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

================================================== ===========

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- R3 - Default URLSearchHook is missing
- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
- O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
- O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.