need help removing a rootkit virus

Im infected with a rootkit virus, as per your instructions in your prep guide i have ran Defogger, downloaded and ran DDS and saved LOG files to desktop. Could not run Gmer as it totally locks up my system so I am unable at present time to attach the GMER log file. Also located A file folder on my C drive that I believe may be part of my problem.
The file folder is marked as N_ and contains various files such as NirCmd.cfxxe, NircmdB, and many others with a cfxxe or cfx file exetention. There are also text files such as REGDO and REGDACL which seem to show changed registry keys and values. Any help with this issue is greatly apprieciated.

DDS (Ver_10-12-12.02) - NTFSx86
Run by William Saxton at 15:27:00.79 on Wed 12/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.537 [GMT -5:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\William Saxton\My Documents\DownLoads\radix_installer\radixgui.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\William Saxton\Desktop\Defogger.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\William Saxton\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://d:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1293462988688
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-12-27 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2010-12-27 135336]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-12-27 267944]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-12-27 61960]
S?4 SDTHelper;Helper driver for SDT-Tool;d:\documents and settings\william saxton\my documents\downloads\radix_installer\SDTHLPR.sys [2010-4-18 14873]
S3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [2010-12-28 13192]
S3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [2010-12-28 8456]

=============== Created Last 30 ================

2010-12-29 05:23:15 -------- d-----w- d:\docume~1\willia~1\applic~1\FRISK Software
2010-12-29 05:13:51 -------- d-----w- d:\docume~1\alluse~1\applic~1\FRISK Software
2010-12-29 03:14:58 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll
2010-12-29 03:13:52 3495784 ----a-w- d:\windows\system32\d3dx9_33.dll
2010-12-29 03:11:02 -------- d-----w- d:\windows\Logs
2010-12-29 02:53:38 -------- dc-h--w- d:\windows\ie8
2010-12-29 00:42:05 -------- d-----w- d:\program files\Hunting Unlimited 2011
2010-12-29 00:06:10 86408 ----a-w- d:\windows\system32\setupempdrv03.exe
2010-12-29 00:06:10 8456 ----a-w- d:\windows\system32\EuGdiDrv.sys
2010-12-29 00:06:10 2217088 ----a-w- d:\windows\system32\BootMan.exe
2010-12-29 00:06:10 14848 ----a-w- d:\windows\system32\EuEpmGdi.dll
2010-12-29 00:06:10 13192 ----a-w- d:\windows\system32\epmntdrv.sys
2010-12-29 00:05:39 -------- d-----w- d:\program files\EASEUS
2010-12-28 19:55:06 388096 ----a-r- d:\docume~1\willia~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-28 19:55:03 -------- d-----w- d:\program files\Trend Micro
2010-12-28 19:01:21 -------- d-----w- d:\docume~1\willia~1\applic~1\Auslogics
2010-12-28 19:00:59 -------- d-----w- d:\program files\Auslogics
2010-12-28 18:57:47 -------- d-----w- d:\program files\DAZ 3D
2010-12-28 18:57:25 -------- d-----w- d:\program files\DAZ
2010-12-28 02:29:48 -------- d-----w- d:\program files\CCleaner
2010-12-28 01:38:52 -------- d-----w- d:\docume~1\willia~1\applic~1\Malwarebytes
2010-12-28 01:38:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-12-28 01:38:34 -------- d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-28 01:38:28 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-12-28 01:38:28 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-12-28 00:12:10 -------- d-----w- d:\windows\pss
2010-12-27 23:21:37 -------- d-----w- d:\windows\Internet Logs
2010-12-27 21:45:08 -------- d-----w- D:\spoolerlogs
2010-12-27 21:27:30 -------- d-----w- d:\docume~1\alluse~1\applic~1\Comodo
2010-12-27 21:23:10 -------- d-----w- d:\program files\VS Revo Group
2010-12-27 20:49:53 -------- d-----w- d:\docume~1\willia~1\applic~1\CheckPoint
2010-12-27 20:49:02 -------- d-----w- d:\program files\Conduit
2010-12-27 20:49:02 -------- d-----w- d:\docume~1\willia~1\locals~1\applic~1\Conduit
2010-12-27 19:07:18 -------- d-----w- d:\windows\system32\NtmsData
2010-12-27 19:04:42 -------- d-----w- d:\docume~1\willia~1\applic~1\Avira
2010-12-27 19:00:02 61960 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2010-12-27 19:00:01 -------- d-----w- d:\program files\Avira
2010-12-27 19:00:01 -------- d-----w- d:\docume~1\alluse~1\applic~1\Avira
2010-12-27 18:48:30 -------- d-----w- d:\docume~1\alluse~1\applic~1\SecTaskMan
2010-12-27 18:32:02 23040 -c----w- d:\windows\system32\dllcache\fltmc.exe
2010-12-27 18:32:02 16896 -c----w- d:\windows\system32\dllcache\fltlib.dll
2010-12-27 18:32:02 128896 -c----w- d:\windows\system32\dllcache\fltmgr.sys
2010-12-27 17:54:10 -------- d-sh--w- d:\documents and settings\william saxton\PrivacIE
2010-12-27 17:52:56 -------- d-sh--w- d:\documents and settings\william saxton\IETldCache
2010-12-27 17:50:35 -------- d-----w- d:\windows\ie8updates
2010-12-27 17:45:17 599040 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2010-12-27 17:45:17 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2010-12-27 17:45:16 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2010-12-27 17:45:14 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2010-12-27 17:45:14 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2010-12-27 17:45:13 1985536 -c----w- d:\windows\system32\dllcache\iertutil.dll
2010-12-27 17:45:03 11076096 -c----w- d:\windows\system32\dllcache\ieframe.dll
2010-12-27 17:23:42 14640 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-12-27 17:22:32 -------- d-----w- d:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-12-27 17:22:23 232968 ----a-w- d:\windows\system32\nvdrsdb0.bin
2010-12-27 17:22:18 232968 ----a-w- d:\windows\system32\nvdrsdb1.bin
2010-12-27 17:22:18 1 ----a-w- d:\windows\system32\nvdrssel.bin
2010-12-27 17:21:48 -------- d-----w- d:\program files\NVIDIA Corporation
2010-12-27 16:35:06 -------- d-----w- d:\windows\system32\CatRoot_bak
2010-12-27 16:29:24 352640 -c----w- d:\windows\system32\dllcache\srv.sys
2010-12-27 16:29:20 3555328 -c----w- d:\windows\system32\dllcache\moviemk.exe
2010-12-27 16:29:02 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2010-12-27 16:28:41 331776 -c----w- d:\windows\system32\dllcache\msadce.dll
2010-12-27 16:28:23 454016 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2010-12-27 16:26:56 743936 -c----w- d:\windows\system32\dllcache\helpsvc.exe
2010-12-27 16:24:06 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2010-12-27 16:23:37 470528 -c----w- d:\windows\system32\dllcache\aclayers.dll
2010-12-27 16:22:27 655872 -c----w- d:\windows\system32\dllcache\mstscax.dll
2010-12-27 16:21:47 332800 -c----w- d:\windows\system32\dllcache\netapi32.dll
2010-12-27 16:21:42 1172480 -c----w- d:\windows\system32\dllcache\msxml3.dll
2010-12-27 16:20:21 215552 -c----w- d:\windows\system32\dllcache\wordpad.exe
2010-12-27 16:10:52 -------- d-----w- d:\windows\system32\PreInstall
2010-12-27 16:10:50 -------- d--h--w- d:\windows\$hf_mig$
2010-12-27 16:04:38 -------- d-----w- d:\windows\system32\wbem\AutoRecover
2010-12-27 16:04:10 -------- d-s---w- d:\windows\system32\Microsoft
2010-12-27 15:55:59 -------- d-----w- d:\windows\peernet
2010-12-27 15:55:57 -------- d-----w- d:\windows\provisioning
2010-12-27 15:53:31 -------- d-----w- d:\windows\ServicePackFiles
2010-12-27 15:48:03 -------- d-----w- d:\windows\system32\ReinstallBackups
2010-12-27 15:47:36 26144 ----a-w- d:\windows\system32\spupdsvc.exe
2010-12-27 15:43:39 -------- d-----w- d:\windows\EHome
2010-12-27 15:38:24 11776 ------w- d:\windows\system32\spnpinst.exe
2010-12-27 15:18:25 -------- d-----w- d:\windows\system32\bits
2010-12-27 15:18:03 8192 ------w- d:\windows\system32\bitsprx2.dll
2010-12-27 15:18:03 7168 ------w- d:\windows\system32\bitsprx3.dll
2010-12-27 15:18:03 438784 ------w- d:\windows\system32\xpob2res.dll
2010-12-27 15:18:03 352256 ----a-w- d:\windows\system32\winhttp.dll
2010-12-27 15:18:03 18944 ----a-w- d:\windows\system32\qmgrprxy.dll
2010-12-27 15:16:55 217816 ----a-w- d:\windows\system32\wuaucpl.cpl
2010-12-27 15:16:55 21728 ----a-w- d:\windows\system32\wucltui.dll.mui
2010-12-27 15:16:55 17632 ----a-w- d:\windows\system32\wuaueng.dll.mui
2010-12-27 15:16:55 15072 ----a-w- d:\windows\system32\wuaucpl.cpl.mui
2010-12-27 15:16:54 15064 ----a-w- d:\windows\system32\wuapi.dll.mui
2010-12-27 15:16:11 -------- d-sh--w- d:\documents and settings\william saxton\UserData
2010-12-27 15:14:26 61696 ----a-w- d:\windows\system32\drivers\ax88772.sys

==================== Find3M ====================


============= FINISH: 15:28:03.32 ===============

Hello Stuffed 1 ,



You tattled on yourself. These files :

NirCmd.cfxxe, NircmdB, and many others with a cfxxe or cfx file exetention

are all from ComboFix. You ran it on your own.....could you please post the report from it?

Thanks,
tea

Hey teacup thanks for your response, but now Im really at a loss . Ive never ran combo fix was always afraid it would make things worst then they are, without proper instructions on its use. Is there any way someone could remotely access my computer and run Combo Fix with a script to alter my settings to suit there needs. Ive been having some problems with my computer such as slow start-ups, and fire wall and antivirus being disabled. As an after thought I became so paraniod about N_ file (see my first post above) and what was contained in it that I reformatted my HD and did a clean install and reposted my logs, so someone could take a look at them to see if my drive is truely free and clean. Still waiting for a response on that post though, dont want to go any further until I know Im clean.

Thanks,
Post me with your thoughts on this!

Hello,

I'll close this topic and pick up your other one.