BleepingComputer.com: Unknown virus effecting soundcard and display settings

I have run spybotSD, SUPERantiSpyware, Adaware, and Malwarebytes' several times. each time one or all of them find something wrong i "repair" it, restart and the computer is fine for 10 minutes then all Desktop icons flash and it goes from "windows XP" display to "windows clasic" at which time i no longer have sound on my computer. More recently i have been noticing that upon opening firefox (my preferred browser)it crashes once or twice on the homepage (google). Also crashes chrome. Any help would be greatly appreciated as i have been "just dealing with" this problem for several months now. BTW i have looked up and found similar problems with solutions but they have HJT logs associated with them and as i understand it; all logs are different. Here is my log:

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Master Cunnane at 10:51:44 on 2011-06-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.339 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Shop to Win 11: {67d688ec-87da-4a28-bfa5-c4db8be5c9ea} - c:\program files\shop to win 11\ShoppingBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\documents and settings\master cunnane\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
dRun: [YDZ1QVAGOJ] c:\windows\temp\Ib1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{E684EC70-4114-4220-B028-7F2054555D9C} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: itlntfy - itlnfw32.dll
AppInit_DLLs: c:\progra~1\google\google~4\goec62~1.dll c:\windows\system32\dalokuyu.dll johawato.dll c:\windows\system32\
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nulobiger - {daeea543-9cad-426b-918a-d45f6882c039} - No File
SSODL: wuteluzan - {6d3715dd-232d-4a1a-97cf-c0450aedde6b} - No File
STS: {daeea543-9cad-426b-918a-d45f6882c039} - No File
STS: {6d3715dd-232d-4a1a-97cf-c0450aedde6b} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli yetifeda.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\master cunnane\application data\mozilla\firefox\profiles\ytdc8gpz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2340962&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\master cunnane\application data\mozilla\firefox\profiles\ytdc8gpz.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - component: c:\documents and settings\master cunnane\application data\mozilla\firefox\profiles\ytdc8gpz.default\extensions\{c08852af-23f4-4a02-bd13-de702161fd44}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\master cunnane\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-27 64288]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-2-14 13696]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-22 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1355968]
S1 MpKsl08b9d9f1;MpKsl08b9d9f1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{96866d77-d23d-4f89-9848-eb8082156c71}\mpksl08b9d9f1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{96866d77-d23d-4f89-9848-eb8082156c71}\MpKsl08b9d9f1.sys [?]
S1 MpKsl964f4624;MpKsl964f4624;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{96866d77-d23d-4f89-9848-eb8082156c71}\mpksl964f4624.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{96866d77-d23d-4f89-9848-eb8082156c71}\MpKsl964f4624.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 itlperf;Intel CPU Perfermons;c:\windows\system32\svchost.exe -k itlsvc [2001-8-23 14336]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-22 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-8-29 10664]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-22 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-22 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-22 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S4 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2011-2-22 77824]
.
=============== Created Last 30 ================
.
2011-06-25 01:43:53 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-25 01:43:51 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-05 12:22:54 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-05 12:22:54 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-05 12:22:53 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-05 12:22:53 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-05 12:22:53 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-06-05 12:22:53 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-05 12:22:52 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-05 12:22:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-04 17:34:36 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-06-04 17:34:33 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
.
==================== Find3M ====================
.
2011-06-18 00:40:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-18 00:36:40 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 22:32:26 102912 --sha-r- c:\windows\system32\dswaveg.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200KS-00PFB0 rev.21.00M21 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EC75D9]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ecd970]; MOV EAX, [0x86ecd9ec]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86FA68F0]
3 CLASSPNP[0xF769BFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000069[0x86FA6280]
5 ACPI[0xF7532620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F82D98]
\Driver\atapi[0x86F71B08] -> IRP_MJ_CREATE -> 0x86EC75D9
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD3200KS-00PFB0_____________________21.00M21#5&20b92863&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86EC741F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:53:37.26 ===============

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• Please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:


Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.


• Double-Click on dds.scr and a command window will appear. This is normal.
  
• Shortly after two logs will appear:
  
  • DDS.txt
    
  • Attach.txt
  
  
• A window will open instructing you save & post the logs
  
• Save the logs to a convenient place such as your desktop
  
• Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

• Please Download Rootkit Unhooker Save it to your desktop.
  
• Now double-click on RKUnhookerLE.exe to run it.
  
• Click the Report tab, then click Scan.
  
• Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  
• Wait till the scanner has finished and then click File, Save Report.
  
• Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

In your next post I need the following


• .logs from DDS
  
• log from RKUnHooker
  
• let me know of any problems you may have had

Gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
  
• do you need more time?
  
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.