Sorry if this is concise, I just spent an hour & a half writing a detailed description of my problem in detail, tried to submit, loaded attachments, and then POOF!!! Nothing. I lost all of it to cyberworld. I'm at my wits end, help ... please! I'm running windows xp sp 3 fully updated, 2 gb ram dual core, enclosed are attachments. Any and all help is appreciated, thank you.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Valued Customer at 3:05:09 on 2012-01-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1485 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Pogo Games\PGMTrusted.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Installed Apps\Portable Apps In Use\Everything-1.2.1.371\Everything-1.2.1.371.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\valued customer\application data\flashgetbho\FlashGetBHO.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\flashget3.exe" -minimize
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Download all links by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallurl.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgeturl.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\XDogcat.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amanda%20Rose%20-%20The%20Game%20of%20Time/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{3827C1F9-EE04-4867-B31F-6C5A08B8B8CC} : DhcpNameServer = 64.71.255.198
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\qcnbj9n0.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-1-24 28552]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-10-1 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-10-1 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-10-1 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-12-24 752128]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-10-1 12528]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-11-27 185896]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-12-24 3246040]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-4-14 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-4-14 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-3 1185016]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-10-1 256544]
R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2011-12-19 519888]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-22 29992]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-12-24 167968]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2011-6-18 482176]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-9-26 50728]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-6-18 193840]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-9-24 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-9-24 8456]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-10-7 45056]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2009-8-22 42280]
S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [2011-4-18 26368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-24 06:16:28 98992 ----a-w- c:\windows\system32\drivers\34970773.sys
2012-01-24 06:15:45 98992 ----a-w- c:\windows\system32\drivers\60218847.sys
2012-01-24 05:20:41 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-24 05:20:17 -------- d-----w- c:\program files\Panda Security
2012-01-23 13:08:14 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-01-23 13:08:11 -------- d-----w- c:\program files\Prevx
2012-01-23 13:08:02 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2012-01-22 19:35:58 -------- d-----w- c:\program files\Game Mill Entertainment
2012-01-22 05:15:04 -------- d-----w- c:\windows\system32\NtmsData
2012-01-21 20:42:25 -------- d-----w- c:\program files\Unlocker
2012-01-21 17:47:27 77312 ----a-w- c:\windows\system32\VISCDUNA.DLL
2012-01-21 17:47:26 78848 ----a-w- c:\windows\system32\VISCDRTL.DLL
2012-01-21 17:47:26 517120 ----a-w- c:\windows\system32\VISCDUN7.DLL
2012-01-21 17:47:26 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2012-01-21 17:47:26 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2012-01-21 17:47:26 152064 ----a-w- c:\windows\system32\VISCDUNR.DLL
2012-01-21 17:47:26 -------- d-----w- c:\program files\Visual CD
2012-01-19 04:51:10 -------- d-----w- c:\documents and settings\valued customer\application data\Wise Registry Cleaner
2012-01-18 06:51:12 279040 ----a-w- c:\windows\system32\XDogcat.dll
2012-01-18 06:42:11 -------- d-----w- c:\documents and settings\valued customer\local settings\application data\spek
2012-01-18 04:13:53 -------- d-----w- C:\Downloads
2012-01-17 10:49:43 -------- d-----w- c:\program files\CCleaner
2012-01-17 07:47:59 -------- d-----w- c:\program files\Daum
2012-01-17 07:21:07 -------- d-----w- c:\documents and settings\valued customer\application data\Free Download Manager
2012-01-17 07:21:00 -------- d-----w- c:\program files\Free Download Manager
2012-01-17 06:52:51 -------- d-----w- c:\program files\GRETECH
2012-01-17 04:21:14 -------- d-----w- c:\documents and settings\valued customer\application data\Malwarebytes
2012-01-17 04:21:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-17 04:21:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 04:21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-16 02:09:22 -------- d-----w- c:\program files\Research In Motion Limited
2012-01-16 00:48:39 256 ----a-w- c:\windows\system32\pool.bin
2012-01-16 00:48:33 -------- d-----w- c:\documents and settings\valued customer\application data\Research In Motion
2012-01-16 00:39:24 -------- d-----w- c:\program files\common files\Sonic Shared
2012-01-16 00:39:23 -------- d-----w- c:\program files\Roxio
2012-01-16 00:35:26 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2012-01-16 00:34:17 -------- d-----w- c:\program files\common files\Research In Motion
2012-01-16 00:34:10 -------- d-----w- c:\program files\Research In Motion
2012-01-15 06:40:53 -------- d-----w- c:\documents and settings\valued customer\application data\FlashgetSetup
2012-01-15 06:40:44 -------- d-----w- c:\documents and settings\valued customer\application data\FlashGetBHO
2012-01-15 06:40:40 -------- d-----w- c:\program files\FlashGet Network
2012-01-15 06:40:40 -------- d-----w- c:\documents and settings\valued customer\application data\FlashGet
2012-01-14 22:56:01 -------- d-----w- c:\program files\eSupport.com
2012-01-14 22:49:26 -------- d-----w- c:\program files\SoftLogica
2012-01-08 01:33:54 -------- d-----w- c:\program files\Sandboxie
2012-01-06 22:51:53 -------- d-----w- c:\program files\Windows Media Connect 2
2012-01-06 22:50:17 -------- d-----w- c:\windows\system32\LogFiles
2012-01-04 14:30:44 -------- d-----w- c:\program files\PowerDataRecovery
2012-01-02 06:04:54 -------- d-----r- C:\Sandbox
2011-12-29 02:31:07 -------- d--h--w- c:\documents and settings\all users\application data\PogoDGC
2011-12-29 02:30:38 -------- d-----w- c:\program files\Pogo Games
.
==================== Find3M ====================
.
2012-01-15 09:27:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-24 21:54:15 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-24 21:54:07 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-12-24 21:54:05 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-24 21:53:57 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-10 01:27:41 272 ----a-w- c:\windows\system32\msvcsv60.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2005-04-01 02:17:42 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 3:05:19.48 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Please just copy and paste the reports we ask for in lew of attaching them, its easier for us to analyse


Just give me a brief description of what your experiencing


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

Hi, first a brief description of problem and stuff already done prior to posting my first question. I got a message after visiting a site that my HD & Ram memory were failing, I eaasily found the culprit and removed it (2 randomly named exe's located in apps/data folder). I then noticed I couldn't safely remove usb drives/sticks and msconfig said I needed admin rights to change services (only 1 user on this comp). Starting getting redirected to bad sites thru ie and firefox, and then couldn't run tools such as malwarebytes and prevx. Avast still worked, though in blocking mal sites it always seemed to reference Xdogcat.dll, this seemed an odd named file. I finally loaded rkill which allowed me to run Kasperskys TDSSKill which found an infected mbr, which I allowed it to fix. Things SEEM, ok now, but I'm sort of wary, moreso because I lost use of avast (I havent reinstalled yet because I had created my initial scan log, and tried to keep with the READ BEFORE info). BTW, I;m sorry about the attachments rather than pasting into post, I must have missed that part, sorry. Anyways, thats where I'm at now, so here's the scan you requested. Almost forgot, I'm running a dual boot 2 xp pro, if that matters (the second is used only to help fix problems such as this when the need arises). Thank you in advance for any and all help, it's very much appreciated.


Scan log-

aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-26 03:01:02
-----------------------------
03:01:02.890 OS Version: Windows 5.1.2600 Service Pack 3
03:01:02.890 Number of processors: 2 586 0x170A
03:01:02.890 ComputerName: FRED UserName:
03:01:03.546 Initialize success
03:12:32.921 AVAST engine defs: 12012600
03:12:46.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:12:46.187 Disk 0 Vendor: TOSHIBA_MK8034GSX AH303B Size: 76319MB BusType: 3
03:12:46.203 Disk 0 MBR read successfully
03:12:46.203 Disk 0 MBR scan
03:12:46.234 Disk 0 Windows XP default MBR code
03:12:46.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20481 MB offset 63
03:12:46.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6149 MB offset 41945715
03:12:46.265 Disk 0 Partition - 00 0F Extended LBA 49685 MB offset 54540682
03:12:46.265 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14331 MB offset 54540745
03:12:46.265 Disk 0 Partition - 00 05 Extended 35353 MB offset 83891430
03:12:46.296 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 35353 MB offset 83891493
03:12:46.296 Disk 0 scanning sectors +156296385
03:12:46.343 Disk 0 scanning C:\WINDOWS\system32\drivers
03:12:58.015 Service scanning
03:12:59.250 Service SafeBoot C:\WINDOWS\System32\Drivers\SafeBoot.sys **LOCKED** 32
03:12:59.296 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
03:12:59.859 Modules scanning
03:13:13.046 Disk 0 trace - called modules:
03:13:13.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
03:13:13.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6df030]
03:13:13.062 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> [0x8a6e0c58]
03:13:13.062 5 hpdskflt.sys[ba3395ae] -> nt!IofCallDriver -> \Device\0000008a[0x8a7801f8]
03:13:13.062 7 ACPI.sys[b9e57620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6a9940]
03:13:13.781 AVAST engine scan C:\WINDOWS
03:13:17.921 AVAST engine scan C:\WINDOWS\system32
03:15:42.703 AVAST engine scan C:\WINDOWS\system32\drivers
03:15:56.031 AVAST engine scan C:\Documents and Settings\Valued Customer
03:17:07.562 AVAST engine scan C:\Documents and Settings\All Users
03:18:36.578 Scan finished successfully
03:33:57.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\MBR.dat"
03:33:57.593 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt"

Good Morning,

Can you post the log from TDSSKiller so I can see what it removed

Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.