Inactive Pages loading slowly or not at all

[Inactive] Pages loading slowly or not at all

I had a virus (or several) last week that caused a total shutdown--couldn't even access my browsers. After using Antivir and malwarebytes I am able to use my browsers, etc. but the pages load very slowly--some more complex sites won't load at all. I think it's possible that some of my dll files were quarantined because they were suspicious, but I've no idea what to do about it. Can you help?

 

DDS log

DDS (Ver_09-03-16.01) - NTFSx86
Run by Trish Maskew at 23:28:02.09 on Sat 05/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1308 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Ryanair Bargains\1.0\RyanairBargains.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Trish Maskew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {B2BA40A2-74F0-42BD-F434-12345A2C8953} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe "
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [<NO NAME>] c:\docume~1\trishm~1\locals~1\temp\na7g7.exe
uRun: [reader_s] c:\documents and settings\trish maskew\reader_s.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] "c:\program files\symantec antivirus\VPTray.exe "
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
uExplorerRun: [winmgmt] c:\windows\system32\wmiprvse.exe
StartupFolder: c:\docume~1\trishm~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\trishm~1\startm~1\programs\startup\ryanai~1.lnk - c:\program files\ryanair bargains\1.0\RyanairBargains.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\c2cmon~1.lnk - c:\program files\clicktoconvert\C2CMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: DisableRegistryTools = 30
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c16/v21.147/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\lawakuwi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\trishm~1\applic~1\mozilla\firefox\profiles\5ask64l6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - plugin: c:\documents and settings\trish maskew\application data\mozilla\firefox\profiles\5ask64l6.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\trish maskew\application data\mozilla\firefox\profiles\5ask64l6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-4-28 11840]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2007-8-30 34671]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-4-28 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-4-28 151297]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-10-4 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-10-4 177776]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-11-15 1756912]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-4-28 52032]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-2-22 9433]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\naveng.sys [2009-4-24 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\navex15.sys [2009-4-24 876144]
S2 gupdate1c9948dbbf8282d;Google Update Service (gupdate1c9948dbbf8282d);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-2-22 115680]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-10-4 83568]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [2004-6-15 7882]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-11-15 169200]

=============== Created Last 30 ================

2009-04-29 20:42 <DIR> --d----- c:\docume~1\trishm~1\applic~1\Malwarebytes
2009-04-29 20:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-29 20:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 20:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-29 20:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-28 22:51 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-04-28 21:56 <DIR> --d----- c:\program files\Avira
2009-04-28 21:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-26 23:14 0 a------- C:\27.tmp
2009-04-26 23:14 0 a------- C:\26.tmp
2009-04-26 23:14 0 a------- C:\25.tmp
2009-04-26 23:14 0 a------- C:\24.tmp
2009-04-26 23:14 0 a------- C:\23.tmp
2009-04-26 23:14 0 a------- C:\22.tmp
2009-04-26 23:13 0 a------- C:\21.tmp
2009-04-26 23:13 0 a------- C:\20.tmp
2009-04-26 23:13 0 a------- C:\1E.tmp
2009-04-26 23:13 0 a------- C:\1D.tmp
2009-04-26 23:13 0 a------- C:\1C.tmp
2009-04-26 23:13 0 a------- C:\1B.tmp
2009-04-26 23:13 0 a------- C:\1A.tmp
2009-04-26 23:13 0 a------- C:\15.tmp
2009-04-25 22:38 0 a------- C:\19.tmp
2009-04-25 22:38 0 a------- C:\18.tmp
2009-04-25 22:37 0 a------- C:\17.tmp
2009-04-25 22:37 0 a------- C:\14.tmp
2009-04-25 22:37 0 a------- C:\13.tmp
2009-04-25 22:37 0 a------- C:\12.tmp
2009-04-25 22:36 38 a------- C:\11.tmp
2009-04-25 22:36 0 a------- C:\10.tmp
2009-04-25 22:36 0 a------- C:\F.tmp
2009-04-25 22:36 38 a------- C:\E.tmp
2009-04-25 22:35 0 a------- C:\D.tmp
2009-04-25 22:35 0 a------- C:\C.tmp
2009-04-25 13:42 38 a------- C:\73.tmp
2009-04-25 13:42 0 a------- C:\72.tmp
2009-04-25 13:42 0 a------- C:\71.tmp
2009-04-25 13:42 0 a------- C:\70.tmp
2009-04-25 13:42 0 a------- C:\6F.tmp
2009-04-25 13:42 0 a------- C:\6E.tmp
2009-04-25 13:42 0 a------- C:\6D.tmp
2009-04-25 13:42 0 a------- C:\6C.tmp
2009-04-25 13:42 0 a------- C:\6B.tmp
2009-04-25 13:42 38 a------- C:\6A.tmp
2009-04-25 13:41 182,912 a------- c:\windows\system32\dllcache\ndis.sys
2009-04-25 13:41 94,204 a------- c:\windows\system32\drivers\b0902390.sys
2009-04-25 13:40 2,560 a------- C:\pdtivk.exe
2009-04-25 13:40 2 a------- C:\673764162
2009-04-25 13:40 15,000 a------- c:\windows\system32\sjg9s8guigjs.dll
2009-04-25 11:46 85,626,460 a------- C:\SYM_REGISTRY_BACKUP.reg
2009-04-24 23:38 <DIR> --d----- c:\windows\pss
2009-04-24 21:24 1,407,024 ---sh--- c:\windows\system32\ivapuleb.ini
2009-04-18 11:36 <DIR> --d----- c:\program files\REFN
2009-04-17 06:38 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-17 06:38 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-17 06:38 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-17 06:38 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 06:38 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-17 06:38 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-17 06:38 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-17 06:38 715,264 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-17 06:38 617,984 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-17 06:37 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-29 23:50 41,442 a------- c:\windows\system32\nvModes.dat
2009-04-26 23:11 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-03-21 10:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:52 1,495,552 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-19 05:58 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2009-02-10 18:31 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 06:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:01 728,576 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 06:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-06 06:32 2,186,112 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 06:29 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:29 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 05:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:49 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 05:49 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 05:49 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 16:08 55,808 -------- c:\windows\system32\dllcache\secur32.dll
2008-04-20 14:10 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 23:28:32.10 ===============

 

atttach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/16/2007 9:07:09 PM
System Uptime: 5/2/2009 8:42:04 PM (3 hours ago)

Motherboard: Dell Inc. | | 0KX350
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Microprocessor | 2163/166mhz
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Microprocessor | 2163/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 44.392 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Service: b57w2k

==== System Restore Points ===================

RP1: 4/25/2009 12:15:18 PM - System Checkpoint
RP2: 4/29/2009 9:38:12 PM - Removed Compatibility Pack for the 2007 Office system
RP3: 4/29/2009 9:39:17 PM - Configured EMBASSY Trust Suite by Wave Systems
RP4: 4/29/2009 9:39:31 PM - Configured ETS Upgrade
RP5: 4/29/2009 9:39:45 PM - Configured Wave Support Software
RP6: 4/29/2009 9:40:32 PM - Configured Document Manager Lite
RP7: 4/29/2009 9:40:55 PM - Configured Private Information Manager
RP8: 4/29/2009 9:41:09 PM - Configured EMBASSY Security Center
RP9: 4/29/2009 9:42:01 PM - Configured Security Wizards
RP10: 4/29/2009 9:42:14 PM - Configured Secure Update
RP11: 4/29/2009 9:42:34 PM - Configured ETS Launch Pad
RP12: 4/29/2009 9:42:55 PM - Removed NTRU Hybrid TSS v2.0.25
RP13: 4/29/2009 9:43:05 PM - Removed Broadcom TPM Driver Installer
RP14: 4/29/2009 9:43:14 PM - Removed EMBASSY Trust Suite by Wave Systems
RP15: 5/1/2009 6:47:54 PM - System Checkpoint
RP16: 5/2/2009 8:57:55 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
AudibleManager
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite
Click to Convert 6.0
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Digital Line Detect
DING!
FormViewer
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Microsoft .NET Framework 2.0 (KB923319)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hoyle Card Games 2005
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 7
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.9)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
mZConfig
neroxml
NetWaiting
Nortel Networks Contivity VPN Client
Novell iPrint Client v04.26.00
NVIDIA Drivers
PowerDVD 5.7
QuickSet
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Ryanair Bargains! 1.0
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Skypeâ„¢ 3.6
Snapshot Viewer
Sonic Update Manager
Symantec AntiVirus
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
upekmsi
VCRedistSetup
Watchtower Library 2003 - English Edition
Wave Infrastructure Installer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

5/1/2009 11:13:07 PM, error: Service Control Manager [7034] - The Avira AntiVir Personal - Free Antivirus Guard service terminated unexpectedly. It has done this 1 time(s).
4/29/2009 9:37:08 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/29/2009 8:43:06 PM, error: Service Control Manager [7000] - The Nortel Extranet Access Protocol service failed to start due to the following error: The system cannot find the file specified.
4/29/2009 8:43:06 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
4/29/2009 8:42:48 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/29/2009 8:41:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/29/2009 8:27:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/29/2009 8:26:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL ssmdrv Tcpip Tosrfcom
4/29/2009 8:26:45 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 8:26:45 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 8:26:45 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 8:26:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 8:26:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 8:26:45 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 11:34:11 PM, error: PSched [14103] - QoS [Adapter {11F542B4-62C1-4D2A-8A2D-257D8AF6F0FC}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
4/29/2009 11:34:11 PM, error: NETw3x32 [43] -
4/29/2009 10:04:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DataSvr2 service to connect.
4/29/2009 10:04:24 PM, error: Service Control Manager [7000] - The DataSvr2 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/28/2009 9:14:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV eeCtrl Fips intelppm SAVRT SAVRTPEL Tosrfcom
4/28/2009 9:00:41 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user TRISH\IWAM_TRISH SID (S-1-5-21-3097754456-3607105768-1730322666-1009). This security permission can be modified using the Component Services administrative tool.
4/28/2009 11:02:48 PM, error: Schannel [36871] - A fatal error occurred while creating an SSL server credential.
4/28/2009 10:41:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV avgio avipbb eeCtrl Fips intelppm SAVRT SAVRTPEL Tosrfcom
4/28/2009 10:40:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/28/2009 10:12:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL Tcpip Tosrfcom
4/26/2009 9:09:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL Tcpip Tosrfcom
4/26/2009 11:14:55 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
4/26/2009 11:11:30 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/25/2009 10:36:28 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PlugPlay service.

==== End Of File ===========================

 

Hi and welcome


I have a feeling you have a bad file infector on your computer.
The below recommended scan will probably give me verification.




Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html

Please leave the flash drive plugged in while completing the following.

Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Confused

Hi,

Your instructions were a bit confusing. First, you say I MUST rename ComboFix before I save it, but the downloads do not give me that option before it saves to my desktop. How do I rename before downloading?

Secondly, you say, leave the flash drive in--what flash drive? You don't mention a flash drive prior to that point. Please clarify.

T

 

I should had edited out the information for Flash drive, many people use USB/Flash drives on their computers that are also infected.

An install window/box should had opened with the install name present, that would be the time to rename.
If ComboFix wont allow you to rename just carry on normally.

If that doesn't work we can try something else.

 

Here is the combofix log. How do I get a hijackthis log?

ComboFix 09-05-26.05 - Trish Maskew 05/28/2009 7:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1338 [GMT -4:00]
Running from: c:\documents and settings\Trish Maskew\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
c:\windows\system32\ivapuleb.ini

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-28 03:50 . 2009-05-28 03:50 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-28 03:50 . 2009-04-27 18:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-28 03:50 . 2009-05-28 03:50 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-28 03:50 . 2009-05-28 03:50 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\TuneUp Software
2009-05-28 03:49 . 2009-05-28 03:50 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-28 03:49 . 2009-05-28 03:49 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-28 03:48 . 2009-05-28 03:48 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-22 02:25 . 2009-05-22 02:25 -------- d-----w c:\documents and settings\Trish Maskew\Local Settings\Application Data\WMTools Downloaded Files
2009-04-30 00:42 . 2009-04-30 00:42 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Malwarebytes
2009-04-30 00:27 . 2009-04-30 00:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-30 00:27 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 00:27 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 00:27 . 2009-04-30 00:27 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 00:27 . 2009-04-30 00:27 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 02:51 . 2009-04-29 02:51 -------- d--h--w c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 11:49 . 2009-04-25 17:41 94204 ----a-w c:\windows\system32\drivers\b0902390.sys
2009-05-28 11:48 . 2007-08-17 05:37 -------- d-----w c:\program files\Symantec AntiVirus
2009-05-28 02:51 . 2008-10-28 18:14 -------- d-----w c:\program files\Google
2009-05-26 03:42 . 2009-02-22 01:26 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-22 01:25 . 2007-07-28 23:26 41442 ----a-w c:\windows\system32\nvModes.dat
2009-05-03 01:56 . 2007-09-29 04:34 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Move Networks
2009-04-30 01:43 . 2007-07-28 23:43 -------- d-----w c:\program files\Broadcom
2009-04-30 01:42 . 2007-07-28 23:52 -------- d-----w c:\program files\Wave Systems Corp
2009-04-27 03:14 . 2009-04-27 03:14 0 ----a-w C:\27.tmp
2009-04-27 03:14 . 2009-04-27 03:14 0 ----a-w C:\26.tmp
2009-04-27 03:14 . 2009-04-27 03:14 0 ----a-w C:\25.tmp
2009-04-27 03:14 . 2009-04-27 03:14 0 ----a-w C:\24.tmp
2009-04-27 03:14 . 2009-04-27 03:14 0 ----a-w C:\23.tmp
2009-04-27 03:14 . 2009-04-27 03:14 0 ----a-w C:\22.tmp
2009-04-27 03:13 . 2009-04-27 03:13 0 ----a-w C:\21.tmp
2009-04-27 03:13 . 2009-04-27 03:13 0 ----a-w C:\20.tmp
2009-04-27 03:13 . 2009-04-27 03:13 0 ----a-w C:\1E.tmp
2009-04-27 03:13 . 2009-04-27 03:13 0 ----a-w C:\1D.tmp
2009-04-27 03:13 . 2009-04-27 03:13 0 ----a-w C:\1C.tmp
2009-04-27 03:13 . 2009-04-27 03:13 0 ----a-w C:\1B.tmp
2009-04-27 03:13 . 2009-04-27 03:13 0 ----a-w C:\1A.tmp
2009-04-27 03:13 . 2009-04-27 03:13 0 ----a-w C:\15.tmp
2009-04-27 03:11 . 2004-08-11 22:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-26 02:38 . 2009-04-26 02:38 0 ----a-w C:\19.tmp
2009-04-26 02:38 . 2009-04-26 02:38 0 ----a-w C:\18.tmp
2009-04-26 02:37 . 2009-04-26 02:37 0 ----a-w C:\17.tmp
2009-04-26 02:37 . 2009-04-26 02:36 38 ----a-w C:\E.tmp
2009-04-26 02:37 . 2009-04-26 02:36 38 ----a-w C:\11.tmp
2009-04-26 02:37 . 2009-04-26 02:37 0 ----a-w C:\14.tmp
2009-04-26 02:37 . 2009-04-26 02:37 0 ----a-w C:\13.tmp
2009-04-26 02:37 . 2009-04-26 02:37 0 ----a-w C:\12.tmp
2009-04-26 02:36 . 2009-04-26 02:36 0 ----a-w C:\10.tmp
2009-04-26 02:36 . 2009-04-26 02:36 0 ----a-w C:\F.tmp
2009-04-26 02:35 . 2009-04-26 02:35 0 ----a-w C:\D.tmp
2009-04-26 02:35 . 2009-04-26 02:35 0 ----a-w C:\C.tmp
2009-04-25 17:42 . 2009-04-25 17:42 38 ----a-w C:\73.tmp
2009-04-25 17:42 . 2009-04-25 17:42 0 ----a-w C:\72.tmp
2009-04-25 17:42 . 2009-04-25 17:42 0 ----a-w C:\71.tmp
2009-04-25 17:42 . 2009-04-25 17:42 0 ----a-w C:\70.tmp
2009-04-25 17:42 . 2009-04-25 17:42 0 ----a-w C:\6F.tmp
2009-04-25 17:42 . 2009-04-25 17:42 0 ----a-w C:\6E.tmp
2009-04-25 17:42 . 2009-04-25 17:42 0 ----a-w C:\6D.tmp
2009-04-25 17:42 . 2009-04-25 17:42 0 ----a-w C:\6C.tmp
2009-04-25 17:42 . 2009-04-25 17:42 0 ----a-w C:\6B.tmp
2009-04-25 17:42 . 2009-04-25 17:42 38 ----a-w C:\6A.tmp
2009-04-25 17:40 . 2009-04-25 17:40 2560 ----a-w C:\pdtivk.exe
2009-04-25 15:46 . 2009-04-25 15:46 85626460 ----a-w C:\SYM_REGISTRY_BACKUP.reg
2009-04-25 01:28 . 2007-07-28 23:41 -------- d-----w c:\program files\Common Files\Java
2009-04-25 01:28 . 2008-04-20 18:08 -------- d-----w c:\program files\Common Files\Skype
2009-04-25 01:28 . 2007-07-28 23:43 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-25 01:28 . 2008-05-21 03:58 -------- d-----w c:\program files\Common Files\Apple
2009-04-25 01:28 . 2007-08-17 03:21 -------- d-----w c:\program files\Common Files\L&H
2009-04-25 01:28 . 2007-07-28 23:55 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-25 01:27 . 2008-03-20 18:18 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-25 01:27 . 2007-08-17 05:37 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-25 01:27 . 2008-04-21 20:25 -------- d-----w c:\program files\Common Files\Adobe
2009-04-25 01:27 . 2007-08-17 03:54 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-25 01:27 . 2007-08-17 03:34 -------- d-----w c:\program files\Common Files\Real
2009-04-25 01:27 . 2007-07-28 23:55 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-25 01:25 . 2007-12-20 03:43 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Nero
2009-04-25 01:25 . 2008-10-05 12:21 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\GetRightToGo
2009-04-25 01:25 . 2008-09-26 16:00 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\FileZilla
2009-04-25 01:25 . 2008-08-31 01:50 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\MySpace
2009-04-25 01:25 . 2007-08-17 01:08 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\InstallShield
2009-04-25 01:25 . 2007-08-17 04:37 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\The Bat!
2009-04-25 01:25 . 2008-05-21 03:59 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Apple Computer
2009-04-25 01:25 . 2007-10-20 03:07 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\CyberLink
2009-04-25 01:25 . 2009-01-26 21:10 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\GarageGames
2009-04-25 01:24 . 2007-08-17 01:08 -------- d--h--w c:\documents and settings\Trish Maskew\Application Data\Gtek
2009-04-25 01:24 . 2008-07-06 22:21 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\ThomsonWest
2009-04-25 01:24 . 2007-08-17 01:08 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Intel
2009-04-25 01:24 . 2007-11-14 20:36 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Watchtower
2009-04-25 01:24 . 2007-08-20 03:32 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Southwest Airlines
2009-04-25 01:24 . 2008-04-20 18:08 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Skype
2009-04-25 01:24 . 2007-08-20 03:29 -------- d--h--r c:\documents and settings\Trish Maskew\Application Data\yahoo!
2009-04-25 01:24 . 2008-09-20 11:06 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\MSNInstaller
2009-04-25 01:24 . 2008-04-20 18:10 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\skypePM
2009-04-25 01:24 . 2008-01-21 02:18 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\SecondLife
2009-04-25 01:24 . 2007-08-19 16:41 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\CiscoCAA
2009-04-25 01:24 . 2007-08-17 01:08 -------- d-----w c:\documents and settings\Trish Maskew\Application Data\Dell
2009-04-18 15:39 . 2007-08-17 01:08 135 ----a-w c:\documents and settings\Trish Maskew\Local Settings\Application Data\fusioncache.dat
2009-04-18 15:36 . 2007-07-28 23:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 15:36 . 2009-04-18 15:36 -------- d-----w c:\program files\REFN
2009-03-21 01:55 . 2009-03-21 01:55 965344 ----a-w c:\documents and settings\Trish Maskew\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-03-09 15:34 . 2009-03-21 02:15 971776 ----a-w c:\documents and settings\Trish Maskew\Application Data\Mozilla\Firefox\Profiles\5ask64l6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
2009-03-06 14:00 . 2004-08-11 22:00 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray "= "c:\program files\Symantec AntiVirus\VPTray.exe" [2005-11-15 85744]
"iPrint Tray "= "c:\windows\system32\iprntctl.exe" [2006-10-18 40960]
"iPrint Event Monitor "= "c:\windows\system32\iprntlgn.exe" [2006-10-18 45056]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey "= "nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"SigmatelSysTrayApp "= "stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\Trish Maskew\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Ryanair Bargains 1.0.lnk - c:\program files\Ryanair Bargains\1.0\RyanairBargains.exe [2008-5-18 1289216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-6-13 1754456]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
C2CMonitor.lnk - c:\program files\ClickToConvert\C2CMonitor.exe [2007-8-26 412160]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-28 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Nortel Networks\\Extranet.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Symantec AntiVirus\\DoScan.exe "=
"c:\\WINDOWS\\system32\\DLA\\DLACTRLW.EXE "=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe "=
"c:\\Program Files\\Dell Support\\DSAgnt.exe "=
"c:\\Program Files\\Apoint\\ApntEx.exe "=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [8/30/2007 10:42 AM 34671]
R2 tuneup.programstatisticssvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/27/2009 11:50 PM 604416]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2/22/2009 8:02 PM 9433]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 9:01 PM 101936]
S2 gupdate1c9948dbbf8282d;Google Update Service (gupdate1c9948dbbf8282d);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 9:34 PM 133104]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2/22/2009 8:02 PM 115680]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 3:55 PM 7882]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 19:37]

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]

2009-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 00:21]

2009-05-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 01:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Explorer_Run-winmgmt - c:\windows\system32\wmiprvse.exe
SafeBoot-procexp90.sys


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Trish Maskew\Application Data\Mozilla\Firefox\Profiles\5ask64l6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Trish Maskew\Application Data\Mozilla\Firefox\Profiles\5ask64l6.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Trish Maskew\Application Data\Mozilla\Firefox\Profiles\5ask64l6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnipp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 07:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
winmgmt = c:\windows\system32\wmiprvse.exe???????|???|????<??????????|???????|,??????|????,???0m??????#???????????,??????|???|????????D? ?????d?????A~??@? ?????A~??????????????????????????????????@?H???????????o^?????????????????????????||??????????|?l??H???Q??|h???m??|
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
winmgmt = c:\windows\system32\wmiprvse.exe???????|???|????<??????????|???????|,??????|????,???0m??????#???????????,??????|???|????????D? ?????d?????A~??@? ?????A~??????????????????????????????????@?H???????????o^?????????????????????????||??????????|?l??H???Q??|h???m??|

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset005\Services\b0902390]
"ImagePath "= "\SystemRoot\System32\drivers\b0902390.sys "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2160)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-28 7:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 11:50

Pre-Run: 49,395,650,560 bytes free
Post-Run: 50,966,814,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
289 --- E O F --- 2009-04-24 11:55

 

I'm sorry, I should had said a new DDS log.


Let's continue

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select - Show hidden files and folders.
• Uncheck- Hide protected operating system files (recommended) option.
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\drivers\b0902390.sys
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
C:\27.tmp
C:\26.tmp
C:\25.tmp
C:\24.tmp
C:\23.tmp
C:\22.tmp
C:\21.tmp
C:\20.tmp
C:\1E.tmp
C:\1D.tmp
C:\1C.tmp
C:\1B.tmp
C:\1A.tmp
C:\15.tmp
C:\19.tmp
C:\18.tmp
C:\17.tmp
C:\E.tmp
C:\11.tmp
C:\14.tmp
C:\13.tmp
C:\12.tmp
C:\10.tmp
C:\F.tmp
C:\D.tmp
C:\C.tmp
C:\73.tmp
C:\72.tmp
C:\71.tmp
C:\70.tmp
C:\6F.tmp
C:\6E.tmp
C:\6D.tmp
C:\6C.tmp
C:\6B.tmp
C:\6A.tmp
C:\pdtivk.exe

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
File requested scanned
ComboFix.txt
Kaspersky log
New DDS log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.