iclaudia

Things seem to be working fine again now. Thank you!!

I'll try it!

Hi, I hate to keep bothering you, but since I installed Avira and ran a scan, I have not been able to shut my computer down or get the system to stand by -- I have to force quit. Could this be related to Avira or is it something different? Is there somewhere you can direct me to to get more information on what to do? thanks!

Thanks! I kept McAfee fairly up-to-date, so I was pretty puzzled when this got through. But I think I will install Avira and hopefully that will work better! Thank you again for all your help!

Thank you so much! I have one last question; I am pretty sure at least the Advanced Virus Remover came from my external hard drive after someone else used it. Is there a way I can scan and clean it without re-infecting my computer?

Uninstalled. Things seem to be running fine; I haven't noticed anything other than an exceptionally slow connection since we removed the Advanced Virus Remover -- that's the only reason I knew there was something on my computer to begin with, since it was spamming me with pop-ups. Is my computer clean now?

Thanks! Found it & submitted the file.

Is there a particular folder I should be looking in? Still can't find it. :/

Quick question: is c:\Qoobox\quarantine\recycler\S-1-5-21-0025996735-5120968924-051156838-8129\wmiprvse.vir the file I am supposed to be browsing my computer for and submitting? I can't seem to find it through the browse button.

Here is the log from ComboFix: ComboFix 09-09-14.02 - xxxxxx 09/15/2009 4:14.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1458 [GMT -4:00] Running from: c:\documents and settings\xxxxxxxxxxxi\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe c:\documents and settings\xxxxxxxx\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe c:\documents and settings\Guest\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\documents and settings\Guest\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Guest\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Guest\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Guest\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Guest\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Guest\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe c:\documents and settings\Guest\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe c:\recycler\S-1-5-21-0025996735-5120968924-051156838-8129 c:\recycler\S-1-5-21-0025996735-5120968924-051156838-8129\Desktop.ini c:\recycler\S-1-5-21-0025996735-5120968924-051156838-8129\wmiprvse.exe c:\recycler\S-1-5-21-9488421000-3496892518-879396818-2962 c:\windows\Installer\16221.msi c:\windows\Installer\95c25.msi c:\windows\kb913800.exe c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 ))))))))))))))))))))))))))))))) . 2009-09-12 13:02 . 2009-09-12 13:02 -------- d-----w- c:\program files\Trend Micro 2009-09-11 20:34 . 2009-09-11 20:34 -------- d-----w- c:\program files\FileASSASSIN 2009-09-10 04:01 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-08-30 07:07 . 2009-08-30 07:07 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-30 07:06 . 2009-08-30 07:06 -------- d-----w- c:\program files\MSBuild 2009-08-30 07:06 . 2009-08-30 07:06 -------- d-----w- c:\program files\Reference Assemblies 2009-08-30 07:05 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-30 07:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-30 07:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-30 07:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-30 07:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-30 07:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-30 07:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-30 07:05 . 2009-08-30 07:06 -------- d-----w- C:\e50c0524254a753fa7393d55e8c9 2009-08-28 16:48 . 2009-08-28 16:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage 2009-08-28 16:46 . 2009-08-28 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon 2009-08-23 13:27 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 14:28 . 2007-03-12 04:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-14 13:48 . 2007-03-12 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-14 13:48 . 2007-01-22 21:25 -------- d-----w- c:\documents and settings\xxxxxxx\Application Data\Lavasoft 2009-09-14 13:45 . 2007-01-09 17:01 -------- d-----w- c:\program files\Network Associates 2009-09-14 13:45 . 2007-01-09 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates 2009-09-14 13:09 . 2007-04-11 17:01 -------- d-----w- c:\documents and settings\xxxxxx\Application Data\Viewpoint 2009-09-14 13:09 . 2006-12-29 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-14 13:09 . 2006-12-29 03:15 -------- d-----w- c:\program files\Viewpoint 2009-09-11 17:49 . 2009-04-18 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-03 05:18 . 2007-11-05 01:16 -------- d-----w- c:\documents and settings\xxxxxxxx\Application Data\Skype 2009-09-03 01:16 . 2008-02-05 00:23 -------- d-----w- c:\documents and settings\xxxxxxxx\Application Data\skypePM 2009-09-02 17:39 . 2007-03-15 03:56 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-30 14:55 . 2006-09-19 22:05 66576 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-28 16:47 . 2006-09-19 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-28 16:46 . 2008-05-04 04:42 -------- d-----w- c:\program files\Amazon 2009-08-05 09:01 . 2006-03-16 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2006-03-16 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2006-03-16 04:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2006-03-16 04:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2006-03-16 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2006-03-16 04:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2006-03-16 04:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2006-03-16 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2006-03-16 04:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2006-03-16 04:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-18 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-18 1617920] "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952] S2 gupdate1c9c04fce12df64;Google Update Service (gupdate1c9c04fce12df64);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2009 2:02 PM 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] 2009-09-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-18 18:01] 2009-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 18:02] 2009-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 18:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://news.bbc.co.uk/ IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\xxxxxxxi\Application Data\Mozilla\Firefox\Profiles\z1afayq4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) Notify-WgaLogon - (no file) AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe AddRemove-{58535A90-1788-44f5-80BB-CFF62D9CE6D5} - c:\program files\HP\Digital Imaging\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}\setup\hpzscr01.exe -datfile hphscr13.dat ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-15 04:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ??? ]??????Y?@?????<?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2424) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\msdtc.exe c:\program files\Network Associates\Common Framework\Mctray.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\mqsvc.exe c:\program files\Network Associates\Common Framework\naPrdMgr.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\mqtgsvc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\dllhost.exe c:\windows\system32\HPZipm12.exe . ************************************************************************** . Completion time: 2009-09-15 4:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-15 08:23 Pre-Run: 23,753,809,920 bytes free Post-Run: 23,981,572,096 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 245 --- E O F --- 2009-09-10 19:59

ComboFix is scanning now.

I've managed to download everthing onto my neighbour's computer (and was able to get a blank CD from the same neighbour), but Avira won't burn onto the CD. This computer is running Vista; would that do anything to interfere with the disk? When I popped the CD in it took a minute to 'format' it... might the formatting have screwed it up for Avira?

I may not be able to get my hands on a blank CD -- is the Avira really strongly recommended or can I get around it with just mbam and combofix?

If the bandwidth is the problem, then unfortunately going to a different computer probably won't work, since everyone I live with is limited by the same Fair Access limit. I might try it, though, or at least ask around. Can't hurt!

Okay then. I will try later this evening as the internet usually works better then, and if that fails I'll download combofix and mbam after 2am and hope for the best.