dscia

Nothing happens when I try to open my usb drive to try to get the files open. The one time I was actually able to open the E drive neither program did anything when i was trying to open the files.

I am not able to load either of them off of my flashdrive. I can no longer even boot into safe mode (arrow keys won't let me go up the list to safe mode and the 30 seconds run out and it boots me into normal mode).

I downloaded mbam-clean.exe on my other computer and tried to transfer it over on my USB drive. It won't even open up my E drive to let me take the program out even in safe mode.

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 6.0.2900.5512 7/1/2011 12:19:36 PM mbam-log-2011-07-01 (12-19-36).txt Scan type: Quick scan Objects scanned: 116181 Time elapsed: 2 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Sadly I can't get into My Computer or any folders. My flash drive isn't auto-starting when plugged in anymore either.

Hi, I've had Kenny94 for help in the past and he was extremely helpful. My computer has recently been potentially exposed to something else as I can't open some programs like World of Warcraft, iTunes is laggy/crashes, and programs like AOL Instant Messenger and Steam games refuse to load/be recognized. Here is a recent HJT scan. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:02:10 AM, on 7/1/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Wireless-N PCI Adapter\WLService.exe C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dwwin.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\World of Warcraft\Launcher.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/divx/webplayerdemo/en R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: WMP300NSvc - GEMTEKS - C:\Program Files\Wireless-N PCI Adapter\WLService.exe -- End of file - 6919 bytes

Kenny, your generosity and passion for helping individuals in need is inspirational. I can't thank you enough. I know I can't send hundreds of dollars but I hope you check your PayPal in the upcoming days.

Everything appears to be running like normal! Kenny sir, you are a saint.

False alarm, went with what my specs required, x86 offline. Things seem to be running well, I'm going to browse and search, and give it a bit of a test.

Hi Kenny, Which of these would I select? Again, thank you for your patience and generosity. Windows x86 Online 0.85 MB jre-6u25-windows-i586-iftw.exe Windows x86 Offline 15.77 MB jre-6u25-windows-i586.exe Windows Intel Itanium 16.09 MB jre-6u25-windows-ia64.exe Windows x64 16.09 MB jre-6u25-windows-x64.exe

ESET log: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDM74XMJ\QQkFBg0NBgYDDAABEkcJBQcEBw0CAQQGDQ==[1] JS/Exploit.Agent.NCQ trojan C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\Sun\kbmovm.dll.vir a variant of Win32/AutoRun.Spy.Ambler.CR worm C:\Qoobox\Quarantine\C\WINDOWS\dsudthas.dll.vir Win32/Cimag.DU trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir probably a variant of Win32/Wimpixo.AA trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\itlnfw32.dll.vir a variant of Win32/Koblu.A trojan C:\System Volume Information\_restore{A7B55C8D-3542-45C5-A462-BDE3A24D0C21}\RP1\A0002101.dll Win32/Cimag.DU trojan C:\System Volume Information\_restore{A7B55C8D-3542-45C5-A462-BDE3A24D0C21}\RP1\A0002102.dll probably a variant of Win32/Wimpixo.AA trojan C:\System Volume Information\_restore{A7B55C8D-3542-45C5-A462-BDE3A24D0C21}\RP2\A0005217.exe a variant of Win32/Kryptik.NCX trojan C:\System Volume Information\_restore{A7B55C8D-3542-45C5-A462-BDE3A24D0C21}\RP2\A0005218.exe a variant of Win32/Kryptik.NCX trojan

DDS.txt: . DDS (Ver_11-03-05.01) - NTFSx86 Run by David at 18:15:04.04 on Sat 04/30/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1493 [GMT -4:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Wireless-N PCI Adapter\WLService.exe C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\David\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/en uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\ywlzr6de.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.firefox.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll FF - plugin: c:\documents and settings\david\application data\move networks\plugins\npqmp071706000001.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-28 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-28 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-28 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-2 61960] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-3 24652] R2 WMP300NSvc;WMP300NSvc;c:\program files\wireless-n pci adapter\WLService.exe [2009-1-20 53307] R3 ArcFltr;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2009-6-1 16896] R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-6-1 12032] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-11-16 18432] S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-29 464264] S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-29 234888] . =============== Created Last 30 ================ . 2011-04-30 16:46:55 -------- d-----w- c:\documents and settings\david\DoctorWeb 2011-04-30 13:15:14 -------- d-----w- C:\ComboFix 2011-04-29 22:20:14 -------- d-----w- c:\docume~1\david\applic~1\SUPERAntiSpyware.com 2011-04-29 22:20:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-04-29 22:20:06 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-29 21:28:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-29 21:28:53 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-04-29 21:28:53 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-04-29 21:28:53 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-04-29 21:28:53 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll 2011-04-29 21:28:53 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-04-29 21:28:53 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-04-29 21:28:53 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-04-28 20:36:26 -------- d-sha-r- C:\cmdcons 2011-04-28 20:32:01 98816 ----a-w- c:\windows\sed.exe 2011-04-28 20:32:01 89088 ----a-w- c:\windows\MBR.exe 2011-04-28 20:32:01 256512 ----a-w- c:\windows\PEV.exe 2011-04-28 20:32:01 161792 ----a-w- c:\windows\SWREG.exe 2011-04-28 12:14:54 -------- d-----w- c:\docume~1\david\applic~1\Hisem 2011-04-28 11:18:29 388096 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-04-28 11:18:28 -------- d-----w- c:\program files\Trend Micro 2011-04-28 05:59:26 -------- d-----w- c:\docume~1\david\applic~1\Avira 2011-04-28 05:49:33 -------- d-----w- c:\windows\system32\NtmsData 2011-04-28 05:45:39 -------- d-----w- c:\program files\Avira 2011-04-28 05:45:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-04-28 05:28:26 744 ----a-w- c:\windows\uqenocesofih.dll 2011-04-27 22:44:30 742 ----a-w- c:\windows\orugizutazet.dll 2011-04-27 20:38:17 -------- d-----w- c:\docume~1\david\locals~1\applic~1\WMTools Downloaded Files 2011-04-27 14:21:01 742 ----a-w- c:\windows\exadasibiduk.dll 2011-04-25 02:43:18 742 ----a-w- c:\windows\ujawikisoxebuxe.dll 2011-04-24 16:05:51 742 ----a-w- c:\windows\ujujubetov.dll 2011-04-24 02:48:26 742 ----a-w- c:\windows\olikuyase.dll 2011-04-23 00:50:14 742 ----a-w- c:\windows\alibizebufisaw.dll 2011-04-22 14:14:14 742 ----a-w- c:\windows\elofidel.dll 2011-04-19 17:35:21 -------- d-----w- c:\program files\iPod 2011-04-19 17:33:08 -------- d-----w- c:\program files\Bonjour 2011-04-19 05:23:31 742 ----a-w- c:\windows\aladohugilidupa.dll 2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll 2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-06 16:13:19 742 ----a-w- c:\windows\opomapes.dll 2011-04-04 21:24:31 742 ----a-w- c:\windows\uguroxehotepopeg.dll . ==================== Find3M ==================== . 2011-04-28 09:58:45 0 ----a-w- c:\windows\Icejeyitam.bin 2011-04-19 01:59:28 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-04-19 01:59:28 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-03-31 11:05:25 742 ----a-w- c:\windows\oyakeregucoruwu.dll 2011-03-30 12:49:18 742 ----a-w- c:\windows\oyegewus.dll 2011-03-29 12:57:22 742 ----a-w- c:\windows\ilaloxegirifaduf.dll 2011-03-28 23:18:13 742 ----a-w- c:\windows\uwubufebosuyeg.dll 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-25 02:00:07 742 ----a-w- c:\windows\ufikatiyuwaxo.dll 2011-02-24 15:28:42 742 ----a-w- c:\windows\inatenimiqayoqan.dll 2011-02-24 03:43:12 742 ----a-w- c:\windows\atiyagasuti.dll 2011-02-22 16:48:57 742 ----a-w- c:\windows\oguvevam.dll 2011-02-22 06:34:32 742 ----a-w- c:\windows\osureciyozoxu.dll 2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-18 12:15:25 742 ----a-w- c:\windows\edocasatoxolib.dll 2011-02-17 14:08:10 742 ----a-w- c:\windows\ofuriquy.dll 2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-16 16:59:17 742 ----a-w- c:\windows\elikuyasezaxi.dll 2011-02-15 16:56:51 742 ----a-w- c:\windows\exegodin.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-14 11:33:19 742 ----a-w- c:\windows\eladohug.dll 2011-02-13 15:48:48 742 ----a-w- c:\windows\alodahig.dll 2011-02-12 15:16:02 742 ----a-w- c:\windows\ucakeregucoruwu.dll 2011-02-11 23:13:01 742 ----a-w- c:\windows\ipibadisuvu.dll 2011-02-11 10:30:32 742 ----a-w- c:\windows\iviroxehotepopeg.dll 2011-02-11 08:28:32 742 ----a-w- c:\windows\ocuvokomasokup.dll 2011-02-11 06:26:32 742 ----a-w- c:\windows\umuxixibabudepig.dll 2011-02-11 04:24:33 742 ----a-w- c:\windows\ahemipusovo.dll 2011-02-10 21:13:43 742 ----a-w- c:\windows\oceqoziyijevu.dll 2011-02-10 14:22:50 742 ----a-w- c:\windows\awegavimovum.dll 2011-02-09 16:55:29 742 ----a-w- c:\windows\eyomisun.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 20:53:12 742 ----a-w- c:\windows\olayemamerih.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-07 16:42:29 742 ----a-w- c:\windows\atematumoyesicog.dll 2011-02-07 06:10:36 742 ----a-w- c:\windows\eqibopitucig.dll 2011-02-03 22:17:09 742 ----a-w- c:\windows\ogevupomubarax.dll 2011-02-03 16:55:03 742 ----a-w- c:\windows\irayasom.dll 2011-02-03 12:58:41 742 ----a-w- c:\windows\icexumugeya.dll 2011-02-02 18:19:52 742 ----a-w- c:\windows\eduvamiw.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-02-01 14:23:02 742 ----a-w- c:\windows\iwozivaz.dll . ============= FINISH: 18:15:24.76 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 1/3/2009 2:19:49 AM System Uptime: 4/30/2011 5:46:47 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS3L Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 466 GiB total, 167.135 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 4/28/2011 1:26:34 AM - System Checkpoint RP2: 4/29/2011 8:55:55 PM - System Checkpoint . ==== Installed Programs ====================== .

2011/04/30 18:05:43.0453 2976 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/30 18:05:43.0765 2976 ================================================================================ 2011/04/30 18:05:43.0765 2976 SystemInfo: 2011/04/30 18:05:43.0765 2976 2011/04/30 18:05:43.0765 2976 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/30 18:05:43.0765 2976 Product type: Workstation 2011/04/30 18:05:43.0765 2976 ComputerName: DAVE 2011/04/30 18:05:43.0765 2976 UserName: David 2011/04/30 18:05:43.0765 2976 Windows directory: C:\WINDOWS 2011/04/30 18:05:43.0765 2976 System windows directory: C:\WINDOWS 2011/04/30 18:05:43.0765 2976 Processor architecture: Intel x86 2011/04/30 18:05:43.0765 2976 Number of processors: 2 2011/04/30 18:05:43.0765 2976 Page size: 0x1000 2011/04/30 18:05:43.0765 2976 Boot type: Normal boot 2011/04/30 18:05:43.0765 2976 ================================================================================ 2011/04/30 18:05:43.0906 2976 Initialize success 2011/04/30 18:05:52.0500 4048 ================================================================================ 2011/04/30 18:05:52.0500 4048 Scan started 2011/04/30 18:05:52.0500 4048 Mode: Manual; 2011/04/30 18:05:52.0500 4048 ================================================================================ 2011/04/30 18:05:52.0828 4048 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/30 18:05:52.0859 4048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/30 18:05:52.0906 4048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/30 18:05:52.0937 4048 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/04/30 18:05:53.0046 4048 ArcFltr (1fbb058304fd90eed99c6beaf80aa602) C:\WINDOWS\system32\Drivers\Arctosa.sys 2011/04/30 18:05:53.0109 4048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/30 18:05:53.0125 4048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/30 18:05:53.0156 4048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/30 18:05:53.0187 4048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/30 18:05:53.0312 4048 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/30 18:05:53.0343 4048 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/04/30 18:05:53.0359 4048 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/04/30 18:05:53.0406 4048 BCM43XX (2ee34b694d1ce077678662d7884f6c79) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/04/30 18:05:53.0421 4048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/30 18:05:53.0562 4048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/30 18:05:53.0578 4048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/30 18:05:53.0578 4048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/30 18:05:53.0593 4048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/30 18:05:53.0671 4048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/30 18:05:53.0703 4048 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/30 18:05:53.0734 4048 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/30 18:05:53.0750 4048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/30 18:05:53.0765 4048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/30 18:05:53.0781 4048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/30 18:05:53.0828 4048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/30 18:05:53.0843 4048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/30 18:05:53.0843 4048 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/30 18:05:53.0859 4048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/30 18:05:53.0890 4048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/04/30 18:05:53.0890 4048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/30 18:05:53.0906 4048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/30 18:05:53.0937 4048 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys 2011/04/30 18:05:55.0062 4048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/04/30 18:05:55.0078 4048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/30 18:05:55.0203 4048 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\PROGRA~1\WIRELE~1\GTNDIS5.SYS 2011/04/30 18:05:55.0218 4048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/30 18:05:55.0265 4048 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/30 18:05:55.0343 4048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/30 18:05:55.0375 4048 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/30 18:05:55.0390 4048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/30 18:05:55.0562 4048 IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/30 18:05:55.0609 4048 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/30 18:05:55.0640 4048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/04/30 18:05:55.0671 4048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/30 18:05:55.0687 4048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/30 18:05:55.0718 4048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/30 18:05:55.0734 4048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/30 18:05:55.0750 4048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/30 18:05:55.0781 4048 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/30 18:05:55.0796 4048 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/30 18:05:55.0828 4048 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/30 18:05:55.0859 4048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/30 18:05:55.0875 4048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/30 18:05:55.0906 4048 L8042Kbd (ad1541d5ff5b3f903da34737b6ba9a53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 2011/04/30 18:05:55.0937 4048 LachesisFltr (5e34cd48b7eb440bb77e93528cc9f0cc) C:\WINDOWS\system32\drivers\Lachesis.sys 2011/04/30 18:05:55.0984 4048 LHidKe (e47f94327e369ed6916049febf5f85e5) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys 2011/04/30 18:05:56.0000 4048 LHidUsbK (a54c75e7481272eaaa6245683c89ecaa) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys 2011/04/30 18:05:56.0015 4048 LMouKE (0e34232fca6f20172b1d8b6e8a9a26d1) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 2011/04/30 18:05:56.0031 4048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/30 18:05:56.0046 4048 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/30 18:05:56.0062 4048 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/30 18:05:56.0062 4048 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/30 18:05:56.0093 4048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/30 18:05:56.0125 4048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/30 18:05:56.0156 4048 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/30 18:05:56.0171 4048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/30 18:05:56.0203 4048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/30 18:05:56.0218 4048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/30 18:05:56.0234 4048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/30 18:05:56.0265 4048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/30 18:05:56.0281 4048 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/30 18:05:56.0296 4048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/30 18:05:56.0296 4048 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/30 18:05:56.0328 4048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/30 18:05:56.0328 4048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/30 18:05:56.0359 4048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/30 18:05:56.0390 4048 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys 2011/04/30 18:05:56.0390 4048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/30 18:05:56.0421 4048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/30 18:05:56.0453 4048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/30 18:05:56.0468 4048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/30 18:05:56.0500 4048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/30 18:05:56.0765 4048 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/04/30 18:05:57.0015 4048 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys 2011/04/30 18:05:57.0125 4048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/30 18:05:57.0125 4048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/30 18:05:57.0156 4048 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/04/30 18:05:57.0171 4048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/30 18:05:57.0187 4048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/30 18:05:57.0203 4048 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/30 18:05:57.0234 4048 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/30 18:05:57.0265 4048 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/30 18:05:57.0359 4048 PnkBstrK (f4ba8e3e515a3dd9dd29a031d6f94e02) C:\WINDOWS\system32\drivers\PnkBstrK.sys 2011/04/30 18:05:57.0375 4048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/30 18:05:57.0390 4048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/30 18:05:57.0421 4048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/30 18:05:57.0437 4048 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/04/30 18:05:57.0484 4048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/30 18:05:57.0515 4048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/30 18:05:57.0531 4048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/30 18:05:57.0531 4048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/30 18:05:57.0546 4048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/30 18:05:57.0562 4048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/30 18:05:57.0593 4048 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/30 18:05:57.0609 4048 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/30 18:05:57.0640 4048 RTLE8023xp (098de621085d7f922871a99b0ec7ddd6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/04/30 18:05:57.0718 4048 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/04/30 18:05:57.0750 4048 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/04/30 18:05:57.0781 4048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/30 18:05:57.0812 4048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/30 18:05:57.0859 4048 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/30 18:05:57.0875 4048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/30 18:05:57.0906 4048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/30 18:05:57.0921 4048 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/30 18:05:57.0968 4048 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/30 18:05:58.0015 4048 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/04/30 18:05:58.0015 4048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/30 18:05:58.0031 4048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/30 18:05:58.0093 4048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/30 18:05:58.0140 4048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/30 18:05:58.0156 4048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/30 18:05:58.0171 4048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/30 18:05:58.0187 4048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/30 18:05:58.0328 4048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/30 18:05:58.0421 4048 uisp (1c768107ac5bd510686c8f0e4da30c48) C:\WINDOWS\system32\Drivers\usbicp.sys 2011/04/30 18:05:58.0468 4048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/30 18:05:58.0515 4048 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/04/30 18:05:58.0546 4048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/30 18:05:58.0562 4048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/30 18:05:58.0562 4048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/30 18:05:58.0593 4048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/30 18:05:58.0609 4048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/30 18:05:58.0625 4048 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/30 18:05:58.0640 4048 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/04/30 18:05:58.0640 4048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/30 18:05:58.0671 4048 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/30 18:05:58.0687 4048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/30 18:05:58.0734 4048 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/04/30 18:05:58.0750 4048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/30 18:05:58.0812 4048 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/04/30 18:05:58.0828 4048 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/04/30 18:05:58.0984 4048 ================================================================================ 2011/04/30 18:05:58.0984 4048 Scan finished 2011/04/30 18:05:58.0984 4048 ================================================================================ It said no infections found.

Clicked Fix and it told me to restart ASAP. Ran another scan when I booted back up: aswMBR version 0.9.5 Copyright© 2011 AVAST Software Run date: 2011-04-30 17:49:18 ----------------------------- 17:49:18.546 OS Version: Windows 5.1.2600 Service Pack 3 17:49:18.546 Number of processors: 2 586 0xF0B 17:49:18.546 ComputerName: DAVE UserName: 17:49:20.046 Initialize success 17:49:24.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b 17:49:24.218 Disk 0 Vendor: WDC_WD5000AAKS-22TMA0 12.01C01 Size: 476938MB BusType: 3 17:49:26.234 Disk 0 MBR read successfully 17:49:26.234 Disk 0 MBR scan 17:49:28.234 Disk 0 scanning sectors +976752000 17:49:28.250 Disk 0 scanning C:\WINDOWS\system32\drivers 17:49:33.968 Service scanning 17:49:34.890 Disk 0 trace - called modules: 17:49:34.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 17:49:34.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89de8ab8] 17:49:34.890 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x89e5c570] 17:49:34.890 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-b[0x89dfb120] 17:49:34.890 Scan finished successfully 17:50:06.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David\Desktop\MBR.dat" 17:50:06.468 The log file has been saved successfully to "C:\Documents and Settings\David\Desktop\aswMBR.txt" The FixMBR option is now able to be used, waiting on your next move. Thank you again Kenny, you are a gift.

The option to Fix is able to be used, but not FixMBR.

I don't see administrator. It simply says: Run As Current user (DAVE\David) The following user: User name: [blank space] Password: [blank space]

aswMBR version 0.9.5 Copyright© 2011 AVAST Software Run date: 2011-04-30 16:36:05 ----------------------------- 16:36:05.937 OS Version: Windows 5.1.2600 Service Pack 3 16:36:05.937 Number of processors: 2 586 0xF0B 16:36:05.937 ComputerName: DAVE UserName: 16:36:08.375 Initialize success 16:36:23.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b 16:36:23.109 Disk 0 Vendor: WDC_WD5000AAKS-22TMA0 12.01C01 Size: 476938MB BusType: 3 16:36:23.109 Device \Driver\atapi -> DriverStartIo 89d2357b 16:36:25.109 Disk 0 MBR read successfully 16:36:25.109 Disk 0 MBR scan 16:36:25.109 Disk 0 TDL4@MBR code has been found 16:36:25.109 Disk 0 MBR hidden 16:36:25.109 Disk 0 MBR [TDL4] **ROOTKIT** 16:36:25.109 Disk 0 trace - called modules: 16:36:25.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89d23730]<< 16:36:25.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89df4ab8] 16:36:25.109 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x89e5dde8] 16:36:25.109 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> [0x89e42970] 16:36:25.109 \Driver\atapi[0x89e04a08] -> IRP_MJ_CREATE -> 0x89d23730 16:36:25.109 Scan finished successfully 16:36:50.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David\Desktop\MBR.dat" 16:36:50.546 The log file has been saved successfully to "C:\Documents and Settings\David\Desktop\aswMBR.txt"

4cf9a335.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.; 4cf9a335.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4cf9a335.qua;Trojan.Hiloti.2;; 4d8ca4c1.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.; 4d8ca4c1.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4d8ca4c1.qua;Trojan.Hiloti.2;; 546e864a.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.; 546e864a.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\546e864a.qua;Trojan.Hiloti.2;; 551b80cf.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.; 551b80cf.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\551b80cf.qua;Trojan.Hiloti.2;; Process in memory: C:\WINDOWS\Explorer.EXE:1196;;BackDoor.Tdss.565;Eradicated.;

When I rebooted after the Dr.Web CureIt scan I noticed that I could finally move the arrows on the booting up screen to the Recovery Console. Not sure what the plan of action was, but I thought it would be helpful to inform you.

ComboFix 11-04-29.03 - David 04/30/2011 9:18.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1622 [GMT -4:00] Running from: c:\documents and settings\David\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 ))))))))))))))))))))))))))))))) . . 2011-04-30 13:14 . 2011-04-30 13:15 -------- d-----w- C:\32788R22FWJFW 2011-04-29 22:20 . 2011-04-29 22:20 -------- d-----w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com 2011-04-29 22:20 . 2011-04-29 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-04-29 22:20 . 2011-04-29 22:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-29 21:28 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-04-29 21:28 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-04-29 21:28 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-04-29 21:28 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-04-29 21:28 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-04-29 21:28 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-04-29 21:28 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-04-29 21:28 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-04-28 21:44 . 2011-04-28 21:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2011-04-28 17:44 . 2011-04-28 17:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-04-28 12:14 . 2011-04-28 20:25 -------- d-----w- c:\documents and settings\David\Application Data\Hisem 2011-04-28 11:18 . 2011-04-28 11:18 388096 ----a-r- c:\documents and settings\David\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-28 11:18 . 2011-04-28 11:18 -------- d-----w- c:\program files\Trend Micro 2011-04-28 05:59 . 2011-04-28 05:59 -------- d-----w- c:\documents and settings\David\Application Data\Avira 2011-04-28 05:49 . 2011-04-28 11:02 -------- d-----w- c:\windows\system32\NtmsData 2011-04-28 05:45 . 2011-04-28 05:45 -------- d-----w- c:\program files\Avira 2011-04-28 05:45 . 2011-04-28 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-04-28 05:45 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-28 05:45 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-04-28 05:45 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-04-28 05:28 . 2011-04-28 05:28 744 ----a-w- c:\windows\uqenocesofih.dll 2011-04-28 03:59 . 2011-04-28 03:59 -------- d-s---w- c:\documents and settings\LocalService\UserData 2011-04-28 03:47 . 2011-04-28 03:47 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2011-04-27 22:44 . 2011-04-27 22:44 742 ----a-w- c:\windows\orugizutazet.dll 2011-04-27 20:38 . 2011-04-27 20:38 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\WMTools Downloaded Files 2011-04-27 14:21 . 2011-04-27 14:21 742 ----a-w- c:\windows\exadasibiduk.dll 2011-04-25 02:43 . 2011-04-25 02:43 742 ----a-w- c:\windows\ujawikisoxebuxe.dll 2011-04-24 16:05 . 2011-04-24 16:05 742 ----a-w- c:\windows\ujujubetov.dll 2011-04-24 02:48 . 2011-04-24 02:48 742 ----a-w- c:\windows\olikuyase.dll 2011-04-23 00:50 . 2011-04-23 00:50 742 ----a-w- c:\windows\alibizebufisaw.dll 2011-04-22 14:14 . 2011-04-22 14:14 742 ----a-w- c:\windows\elofidel.dll 2011-04-19 17:35 . 2011-04-19 17:35 -------- d-----w- c:\program files\iPod 2011-04-19 17:33 . 2011-04-19 17:33 -------- d-----w- c:\program files\Bonjour 2011-04-19 05:23 . 2011-04-19 05:23 742 ----a-w- c:\windows\aladohugilidupa.dll 2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\system32\xfcodec.dll 2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-06 16:13 . 2011-04-06 16:13 742 ----a-w- c:\windows\opomapes.dll 2011-04-04 21:24 . 2011-04-04 21:24 742 ----a-w- c:\windows\uguroxehotepopeg.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-19 01:59 . 2009-02-14 04:10 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-04-19 01:59 . 2009-03-03 01:47 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-04-19 01:59 . 2009-02-14 04:07 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-04-01 21:07 . 2009-10-02 23:34 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-07 05:33 . 2009-01-03 07:16 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2006-02-28 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-18 20:36 . 2010-08-12 01:12 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 20:36 . 2010-08-12 01:12 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 13:51 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 13:51 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:37 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32 . 2009-04-17 02:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58 . 2009-01-03 07:15 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-04-14 16:26 . 2011-04-29 21:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-04-28_20.54.22 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-30 12:59 . 2011-04-30 12:59 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat + 2011-04-30 12:59 . 2011-04-30 12:59 16384 c:\windows\Temp\Perflib_Perfdata_770.dat - 2006-02-28 12:00 . 2011-04-28 20:27 39992 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2011-04-30 13:17 39992 c:\windows\system32\perfc009.dat + 2009-11-04 01:35 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys - 2009-11-04 01:35 . 2009-09-10 19:54 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2009-11-04 01:35 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys - 2006-02-28 12:00 . 2011-04-28 20:27 311604 c:\windows\system32\perfh009.dat + 2006-02-28 12:00 . 2011-04-30 13:17 311604 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arctosa] 2008-10-06 19:03 147456 ----a-w- c:\program files\Razer\Arctosa\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2011-03-28 20:15 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2006-04-25 04:51 1273856 ----a-w- c:\windows\system32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lachesis] 2007-09-12 15:52 172032 ----a-w- c:\program files\Razer\Lachesis\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] 2004-12-10 17:45 49152 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-10-16 17:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] 2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-10-16 17:04 110696 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2010-08-26 05:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-04-12 09:33 16132608 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-03-24 16:59 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "ASKUpgrade"=2 (0x2) "ASKService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Steam\\steamapps\\dariustriplet\\counter-strike\\hl.exe"= "c:\\Program Files\\Steam\\steamapps\\dariustriplet\\counter-strike source\\hl2.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Steam\\steamapps\\dscia\\team fortress 2\\hl2.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/28/2011 1:45 AM 136360] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/3/2009 4:01 AM 24652] R2 WMP300NSvc;WMP300NSvc;c:\program files\Wireless-N PCI Adapter\WLService.exe [1/20/2009 4:19 PM 53307] R3 ArcFltr;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [6/1/2009 8:30 PM 16896] R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [6/1/2009 8:37 PM 12032] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [11/16/2010 3:30 PM 18432] S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/29/2009 8:13 PM 464264] S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/29/2009 8:14 PM 234888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] itlsvc REG_MULTI_SZ itlperf . Contents of the 'Scheduled Tasks' folder . 2011-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/en uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\ywlzr6de.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.firefox.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-PT25DHYRAW - c:\windows\Qxivua.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-30 09:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD5000AAKS-22TMA0 rev.12.01C01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b . device: opened successfully user: MBR read successfully error: Read A device attached to the system is not functioning. kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x89D2357B user & kernel MBR OK . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(864) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(3596) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-04-30 09:37:00 ComboFix-quarantined-files.txt 2011-04-30 13:36 ComboFix2.txt 2011-04-28 21:01 . Pre-Run: 179,547,492,352 bytes free Post-Run: 179,778,297,856 bytes free . - - End Of File - - 23C1497BF4786F230A08181D2D12B67D

Well, I'm happy to report that I was able to get a Microsoft keyboard from one of the classrooms but sadly the results were the same. I wasn't able to move the arrows on the initial startup screen to get into the Windows Recovery Console initiative. I even tried using the numpad arrows and they were unsuccessful as well.

Do you know if there is any way around me having to ask someone to borrow their keyboard? Keyboards around here are like dinosaurs, everyone just has their laptops. I tried calling the school library but they said they wouldn't be able to loan one out for even 5 minutes. If there is no way around this, I will be able to utilize another keyboard of mine when I'm back home at some point. If that were the only case, I think after 3 days threads close, but with a PM I would be able to re-open the thread. Thank you for your time, I look forward to your response. Thank you as always for your generosity.

I'm currently in a dorm setting, so I could potentially ask someone for their keyboard. The keyboard I have is a Razer Arctosa.

Hi Kenny94, and thank you for your patience and passion for fixing computer and helping people. When I'm at that screen trying to move arrows up to get to the Recovery option it's simply not allowing me to. Could this be because of my keyboard, or is it because something is blocking it not allowing me to move up on that screen? It's options are like the screenshots, except there is a Do not select (debug) option in the middle of the two.

ComboFix Log: ComboFix 11-04-28.01 - David 04/28/2011 16:38:35.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1049 [GMT -4:00] Running from: F:\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Start Menu\Programs\Linksys Wireless-N PCI Adapter c:\documents and settings\All Users\Start Menu\Programs\Linksys Wireless-N PCI Adapter \Uninstall.lnk c:\documents and settings\All Users\Start Menu\Programs\Linksys Wireless-N PCI Adapter \Wireless Network Monitor.lnk c:\documents and settings\David\Application Data\Naevfe c:\documents and settings\David\Application Data\Naevfe\zogiu.exe c:\documents and settings\David\Application Data\Sun\kbmovm.dll c:\documents and settings\David\Local Settings\Application Data\{DD4DF435-4E12-4D71-8FD4-7B7690AE9A4A} c:\documents and settings\David\Local Settings\Application Data\{DD4DF435-4E12-4D71-8FD4-7B7690AE9A4A}\chrome.manifest c:\documents and settings\David\Local Settings\Application Data\{DD4DF435-4E12-4D71-8FD4-7B7690AE9A4A}\chrome\content\_cfg.js c:\documents and settings\David\Local Settings\Application Data\{DD4DF435-4E12-4D71-8FD4-7B7690AE9A4A}\chrome\content\overlay.xul c:\documents and settings\David\Local Settings\Application Data\{DD4DF435-4E12-4D71-8FD4-7B7690AE9A4A}\install.rdf c:\documents and settings\Default User\Start Menu\Programs\Startup\ixvu.exe C:\install.exe c:\program files\AskSearch\bin\DefaultSearch.dll c:\windows\dsudthas.dll c:\windows\OPTIONS\CABS\_desktop.ini c:\windows\system32\6to4v32.dll c:\windows\system32\certstore.dat c:\windows\system32\itlnfw32.dll c:\windows\system32\itlpfw32.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_6TO4 -------\Legacy_ITLPERF -------\Service_6to4 -------\Service_itlperf . . ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 ))))))))))))))))))))))))))))))) . . 2011-04-28 20:30 . 2011-04-28 20:31 -------- d-----w- C:\32788R22FWJFW 2011-04-28 17:44 . 2011-04-28 17:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-04-28 12:14 . 2011-04-28 20:25 -------- d-----w- c:\documents and settings\David\Application Data\Hisem 2011-04-28 11:18 . 2011-04-28 11:18 388096 ----a-r- c:\documents and settings\David\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-28 11:18 . 2011-04-28 11:18 -------- d-----w- c:\program files\Trend Micro 2011-04-28 05:59 . 2011-04-28 05:59 -------- d-----w- c:\documents and settings\David\Application Data\Avira 2011-04-28 05:49 . 2011-04-28 11:02 -------- d-----w- c:\windows\system32\NtmsData 2011-04-28 05:45 . 2011-04-28 05:45 -------- d-----w- c:\program files\Avira 2011-04-28 05:45 . 2011-04-28 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-04-28 05:45 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-28 05:45 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-04-28 05:45 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-04-28 05:28 . 2011-04-28 05:28 744 ----a-w- c:\windows\uqenocesofih.dll 2011-04-28 03:59 . 2011-04-28 03:59 -------- d-s---w- c:\documents and settings\LocalService\UserData 2011-04-28 03:47 . 2011-04-28 03:47 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2011-04-28 03:37 . 2011-04-28 03:37 133120 ----a-w- c:\windows\Qxivub.exe 2011-04-28 03:37 . 2011-04-28 03:37 133120 ----a-w- c:\windows\Qxivua.exe 2011-04-28 03:37 . 2011-04-28 03:37 157184 --sha-r- c:\windows\system32\savedumpu.dll 2011-04-28 03:37 . 2011-04-28 03:37 157184 --sha-r- c:\windows\system32\resutils2.dll 2011-04-28 03:37 . 2011-04-28 03:37 157184 --sha-r- c:\windows\system32\nvdatan.dll 2011-04-28 03:37 . 2011-04-28 03:37 157184 --sha-r- c:\windows\system32\d3dimx.dll 2011-04-28 03:37 . 2011-04-28 03:37 157184 --sha-r- c:\windows\system32\sysdmj.dll 2011-04-27 22:44 . 2011-04-27 22:44 742 ----a-w- c:\windows\orugizutazet.dll 2011-04-27 20:38 . 2011-04-27 20:38 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\WMTools Downloaded Files 2011-04-27 14:21 . 2011-04-27 14:21 742 ----a-w- c:\windows\exadasibiduk.dll 2011-04-25 02:43 . 2011-04-25 02:43 742 ----a-w- c:\windows\ujawikisoxebuxe.dll 2011-04-24 16:05 . 2011-04-24 16:05 742 ----a-w- c:\windows\ujujubetov.dll 2011-04-24 02:48 . 2011-04-24 02:48 742 ----a-w- c:\windows\olikuyase.dll 2011-04-23 00:50 . 2011-04-23 00:50 742 ----a-w- c:\windows\alibizebufisaw.dll 2011-04-22 14:14 . 2011-04-22 14:14 742 ----a-w- c:\windows\elofidel.dll 2011-04-19 17:35 . 2011-04-19 17:35 -------- d-----w- c:\program files\iPod 2011-04-19 17:33 . 2011-04-19 17:33 -------- d-----w- c:\program files\Bonjour 2011-04-19 05:23 . 2011-04-19 05:23 742 ----a-w- c:\windows\aladohugilidupa.dll 2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\system32\xfcodec.dll 2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-06 16:13 . 2011-04-06 16:13 742 ----a-w- c:\windows\opomapes.dll 2011-04-04 21:24 . 2011-04-04 21:24 742 ----a-w- c:\windows\uguroxehotepopeg.dll 2011-03-31 11:05 . 2011-03-31 11:05 742 ----a-w- c:\windows\oyakeregucoruwu.dll 2011-03-30 12:49 . 2011-03-30 12:49 742 ----a-w- c:\windows\oyegewus.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-19 01:59 . 2009-02-14 04:10 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-04-19 01:59 . 2009-03-03 01:47 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-04-19 01:59 . 2009-02-14 04:07 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-04-01 21:07 . 2009-10-02 23:34 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-07 05:33 . 2009-01-03 07:16 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2006-02-28 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-18 20:36 . 2010-08-12 01:12 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 20:36 . 2010-08-12 01:12 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 13:51 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 13:51 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:37 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32 . 2009-04-17 02:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58 . 2009-01-03 07:15 2067456 ----a-w- c:\windows\system32\mstscax.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arctosa] 2008-10-06 19:03 147456 ----a-w- c:\program files\Razer\Arctosa\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2011-03-28 20:15 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2006-04-25 04:51 1273856 ----a-w- c:\windows\system32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lachesis] 2007-09-12 15:52 172032 ----a-w- c:\program files\Razer\Lachesis\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] 2004-12-10 17:45 49152 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-10-16 17:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] 2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-10-16 17:04 110696 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2010-08-26 05:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PT25DHYRAW] 2011-04-28 03:37 133120 ----a-w- c:\windows\Qxivua.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-04-12 09:33 16132608 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-03-24 16:59 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "ASKUpgrade"=2 (0x2) "ASKService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Steam\\steamapps\\dariustriplet\\counter-strike\\hl.exe"= "c:\\Program Files\\Steam\\steamapps\\dariustriplet\\counter-strike source\\hl2.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Steam\\steamapps\\dscia\\team fortress 2\\hl2.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/28/2011 1:45 AM 136360] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/3/2009 4:01 AM 24652] R2 WMP300NSvc;WMP300NSvc;c:\program files\Wireless-N PCI Adapter\WLService.exe [1/20/2009 4:19 PM 53307] R3 ArcFltr;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [6/1/2009 8:30 PM 16896] R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [6/1/2009 8:37 PM 12032] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [11/16/2010 3:30 PM 18432] S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/29/2009 8:13 PM 464264] S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/29/2009 8:14 PM 234888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] itlsvc REG_MULTI_SZ itlperf . Contents of the 'Scheduled Tasks' folder . 2011-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/en uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\ywlzr6de.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.firefox.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Simple Dyyno Launcher: NPDyyno@dyyno.com - %profile%\extensions\NPDyyno@dyyno.com FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: LastFM: {82BC70E0-FE85-11DA-A899-3A655C103D30} - %profile%\extensions\{82BC70E0-FE85-11DA-A899-3A655C103D30} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\David\Application Data\Move Networks FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Pqovozugecavaleg - c:\windows\dsudthas.dll HKCU-Run-{764673CF-F23F-426B-37C1-308DD37274B0} - c:\documents and settings\David\Application Data\Naevfe\zogiu.exe Notify-itlntfy - itlnfw32.dll MSConfigStartUp-GHWAUC6NNZ - c:\docume~1\David\LOCALS~1\Temp\Qvu.exe MSConfigStartUp-Pqovozugecavaleg - c:\windows\dsudthas.dll MSConfigStartUp-{764673CF-F23F-426B-37C1-308DD37274B0} - c:\documents and settings\David\Application Data\Naevfe\zogiu.exe HKLM_ActiveSetup-{F9F803E5-559F-4323-8962-1572E758FDA7} - c:\documents and settings\David\Application Data\Sun\kbmovm.dll AddRemove-Guidua - c:\program files\Guidua 0.16\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-28 16:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD5000AAKS-22TMA0 rev.12.01C01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b . device: opened successfully user: MBR read successfully error: Read A device attached to the system is not functioning. kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x89D9657B user & kernel MBR OK . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(864) c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(1840) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Wireless-N PCI Adapter\WMP300N.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2011-04-28 17:01:49 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-28 21:01 . Pre-Run: 178,803,941,376 bytes free Post-Run: 179,901,886,464 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - D61F1A88680D8DD3D6E8D82AB4A364FB