Solved Windows Security no internet, memory hog, new user account

[Resolved] Windows Security no internet, memory hog, new user account

Sunday (I believe) my 3 and 5 Year old were pounding away at the computer, they know little about computers honestly, they were pretending, I went to stop them and scold the for being rough on the computer and typing and clicking on random things, my wife stepped in and did the scolding for me and clicked on a window before I could get "no don't do that" out of my mouth.
After that my desktop picture went away replaced with a program calling itself Windows Security, which I clearly is not.
I hit the power button as quick as I could get to it so I could regroup, but when it powered back up the damage was done.
The system is so bogged down and pretty much any program I try to run I would get some sort of error.
I restarted the computer in Safe Mode and what do I see but an extra user account named Administrator that is password protected, the plot thickens.
Running in Safe Mode it still runs like **** with not internet connectivity, so I've pretty much unplugged my modem from this point on.
I ran Malwarebytes and Spybot and while it did delete a few things it pretty much comes up with the same things to delete everytime I run it.
So next time I started the computer when I had pressed F8 I selected to restore computer from previously working version (or something to that effect) where I was able to pick a date to restore to.
I selected two days before the known problems and the system did it's thing.
Next time it loaded windows in regular mode my icons where back, the background image was back and I could run programs again, howbeit still running very very slow.
I pluged up the modem and router and still no dice on the internet.
One other thing I noticed that really disturbed me at that point was that ANY picture file saved to the desktop, it's icon was semi-transparent, I clicked on a few of them and even went into My Pictures and they were all this way but I could still bring them up.

Yesterday at work I ran into this website and read a few peoples posts, it gave me hope.
So I signed up and printed out the list of things to do first, I downloaded the programs to my flash drive and last night I ran them all and saved the logs to my flash drive to post from my work computer today.

But during that process last night something even more disturbing happened, I ran all the programs in order, but after I ran TFC (temp file cleaner) all those pictures that were semi-transparent are now not longer on my desktop nor are there any photos in my My Pictures.
Panic set in, so I did two things:
I clicked on recently opened documents and clicked on a picture and it came up, ok, so that's good.
Then I went to my computer and looked the properties for my C: drive and it had the same 70 some gig used and 10 gig free that it has had for a while.
Then I thought, there is no way that the TFC program could have done away with them so quickly, that program only ran for a few mins and I have over 40 or 50 gig worth of pictures in question.

I went ahead and finished running the programs as suggested by this website and saved the logs which I will post now.

 

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/6/2011 1:58:22 AM
mbam-log-2011-05-06 (01-58-22).txt

Scan type: Quick scan
Objects scanned: 158253
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-06 01:15:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L090AVV207-0 rev.V23OA66A
Running: 2ys439ki.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\pfrdrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA4D80BD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA4D80A3D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA4DD8762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:124] 8A9D9E7A
Thread System [4:128] 8A9DC008

---- EOF - GMER 1.0.15 ----

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF798B000 dmload.sys
0xF7494000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF747C000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF745C000 fltmgr.sys
0xF744A000 sr.sys
0xF7647000 PxHelp20.sys
0xF7433000 KSecDD.sys
0xF7420000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF786A000 NDIS.sys
0xF7406000 Mup.sys
0xF7657000 agp440.sys
0xBA21B000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB90DF000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB90CB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7747000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB90A7000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF774F000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB8F6B000 \SystemRoot\system32\drivers\P16X.sys
0xB8F48000 \SystemRoot\system32\drivers\ks.sys
0xB8F24000 \SystemRoot\system32\drivers\portcls.sys
0xBA20B000 \SystemRoot\system32\drivers\drmk.sys
0xBA6E5000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xB8EFC000 \SystemRoot\System32\DRIVERS\e1000325.sys
0xF7757000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA1FB000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF775F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7767000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA1EB000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA6E1000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8EE8000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA1DB000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA1CB000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF776F000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xB8ECB000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xBA1BB000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB8EA2000 \SystemRoot\system32\drivers\windrvr6.sys
0xF7A97000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA1AB000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA6DD000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8E8B000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA790000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA780000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7777000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB8E7A000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA770000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF777F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7787000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8E4A000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA760000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79BD000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB8DEC000 \SystemRoot\System32\DRIVERS\update.sys
0xF778F000 \SystemRoot\System32\DRIVERS\omci.sys
0xF7937000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB9683000 \SystemRoot\System32\Drivers\dvd_2K.SYS
0xB9507000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76D7000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79E5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xABD8C000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB8400000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAA8B1000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xAA5DD000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xAA5DB000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF79CF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAA5DA000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D1000 \SystemRoot\System32\Drivers\Beep.SYS
0xAA891000 \SystemRoot\System32\drivers\vga.sys
0xF79D3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79D5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9404000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xA93CF000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xAA889000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAA881000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA938B000 \SystemRoot\System32\Drivers\UDFReadr.SYS
0xAAAC7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA9366000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA930D000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA5593000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA4EE7000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xA5583000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA5573000 \SystemRoot\system32\drivers\mvstdi5x.sys
0xA4EBF000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA5730000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA4E9D000 \SystemRoot\System32\drivers\afd.sys
0xA5563000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA4E72000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA4E02000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xA5533000 \SystemRoot\System32\Drivers\Fips.SYS
0xA4DB9000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA4D49000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF77EF000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA4D25000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA4D14000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA4CFC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xAABAC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xABE85000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77FF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA5AAB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF058000 \SystemRoot\System32\ati2cqag.dll
0xBF0D2000 \SystemRoot\System32\atikvmag.dll
0xBF140000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF466000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA6836000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA5513000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA601C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA2AAC000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA266F000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xA2632000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA796000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB2CC000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB9673000 \??\C:\WINDOWS\System32\drivers\AsfAlrt.sys
0xA2504000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xA2780000 \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS
0xA2414000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA231B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA2279000 \SystemRoot\System32\DRIVERS\srv.sys
0xA22DF000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xAC153000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xABDBC000 \??\C:\WINDOWS\System32\WNIPROT5.SYS
0xA1A8B000 \SystemRoot\system32\drivers\naiavf5x.sys
0xA2A30000 \??\C:\WINDOWS\system32\drivers\EntDrv51.sys
0xA1940000 \??\C:\DOCUME~1\Mike\LOCALS~1\Temp\pfrdrpow.sys
0xA1915000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
720 C:\WINDOWS\SYSTEM32\smss.exe
768 csrss.exe
800 C:\WINDOWS\SYSTEM32\winlogon.exe
844 C:\WINDOWS\SYSTEM32\services.exe
856 C:\WINDOWS\SYSTEM32\lsass.exe
1044 C:\WINDOWS\SYSTEM32\ati2evxx.exe
1064 C:\WINDOWS\SYSTEM32\svchost.exe
1128 svchost.exe
1208 C:\WINDOWS\SYSTEM32\svchost.exe
1244 C:\WINDOWS\SYSTEM32\svchost.exe
1280 C:\WINDOWS\SYSTEM32\ati2evxx.exe
1384 svchost.exe
1452 svchost.exe
1536 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1684 C:\WINDOWS\explorer.exe
1900 C:\Program Files\Network Associates\VirusScan\shstat.exe
1952 C:\Program Files\SelectRebates\SelectRebates.exe
1968 C:\Program Files\AVAST Software\Avast\AvastUI.exe
180 C:\WINDOWS\SYSTEM32\ctfmon.exe
192 C:\Program Files\Windows Media Player\wmpnscfg.exe
1668 C:\WINDOWS\SYSTEM32\spoolsv.exe
1892 svchost.exe
2136 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2176 C:\WINDOWS\SYSTEM32\aniServ.exe
2192 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2212 C:\Program Files\Intel\ASF Agent\ASFAgent.exe
2252 C:\Program Files\Bonjour\mDNSResponder.exe
2296 C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
2336 C:\WINDOWS\SYSTEM32\cisvc.exe
2348 C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
2416 C:\WINDOWS\SYSTEM32\svchost.exe
2456 C:\Program Files\Dell\OpenManage\Client\Iap.exe
2472 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2520 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdiserv.exe
2540 C:\WINDOWS\SYSTEM32\lxdicoms.exe
2572 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
2604 C:\Program Files\Network Associates\VirusScan\mcshield.exe
2640 C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
2672 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
2736 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2832 C:\WINDOWS\SYSTEM32\svchost.exe
2872 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2924 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
2952 wmpnetwk.exe
3072 C:\WINDOWS\SYSTEM32\wuauclt.exe
3144 wmiprvse.exe
3536 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
3552 C:\WINDOWS\SYSTEM32\wuauclt.exe
3840 C:\WINDOWS\SYSTEM32\wscntfy.exe
3996 naPrdMgr.exe
1872 alg.exe
1784 C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
392 C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
3832 C:\Documents and Settings\Mike\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: IC35L090AVV207-0, Rev: V23OA66A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Mike at 1:38:05.87 on Fri 05/06/2011
Internet Explorer: 8.0.6001.18702
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Spyware X-terminator Control Center] c:\progra~1\stomps~1\spywar~1\PPControl.exe
mRun: [CookiePatrol] c:\progra~1\stomps~1\spywar~1\CookiePatrol.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PPMemCheck] c:\progra~1\stomps~1\spywar~1\PPMemCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe "
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe "
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-explorer: <NO NAME> =
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} - hxxp://media.cdigix.com/Performer/downloads/PerformerSetup.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} - hxxp://198.99.241.129/eplayer/V3_1_0_0/acneplayer.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - hxxp://download.buddylinks.net/ShellInstaller.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\system32\srrst
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R? fsssvc;Windows Live Family Safety
R? HCW848NT;Hauppauge Win/TV
R? NPF;NetGroup Packet Filter Driver
R? ProtoWall;ProtoWall Network Service
S? ANISERVICE;Airgo Networks NIC Service
S? ASFAgent;ASF Agent
S? AsfAlrt;AsfAlrt
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? fssfltr;fssfltr
S? lxdi_device;lxdi_device
S? lxdiCATSCustConnectService;lxdiCATSCustConnectService
S? McAfeeFramework;McAfee Framework Service
S? McShield;Network Associates McShield
S? McTaskManager;Network Associates Task Manager
S? NaiAvFilter1;NaiAvFilter1
S? NaiAvTdi1;NaiAvTdi1
S? Viewpoint Manager Service;Viewpoint Manager Service
.
=============== Created Last 30 ================
.
2011-05-06 02:43:21 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-06 02:42:53 40112 ----a-w- c:\windows\avastSS.scr
2011-05-06 02:42:34 -------- d-----w- c:\program files\AVAST Software
2011-05-06 02:42:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-05 01:01:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-05 01:01:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-05 00:59:00 -------- d-----w- c:\program files\Lexmark 3500-4500 Series
2011-05-04 22:10:16 -------- d-----w- c:\program files\common files\PC Tools
2011-05-03 04:05:11 -------- d-----w- c:\docume~1\mike\applic~1\Malwarebytes
2011-05-03 04:05:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-03 04:04:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-03-29 03:57:31 1409 ----a-w- c:\windows\QTFont.for
2011-03-21 03:11:51 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 1:46:05.53 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/11/2003 2:31:39 PM
System Uptime: 5/6/2011 1:08:47 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0H1487
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 10.07 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin Wireless Pre-N Notebook Network Card
Device ID: PCI\VEN_17CB&DEV_0001&SUBSYS_000117CB&REV_01\5&7491D9E&0&0050F0
Manufacturer: Belkin
Name: Belkin Wireless Pre-N Notebook Network Card
PNP Device ID: PCI\VEN_17CB&DEV_0001&SUBSYS_000117CB&REV_01\5&7491D9E&0&0050F0
Service: Airgo
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
==== System Restore Points ===================
.
RP1879: 2/4/2011 11:51:18 AM - System Checkpoint
RP1880: 2/6/2011 1:11:55 PM - System Checkpoint
RP1881: 2/7/2011 8:07:31 PM - System Checkpoint
RP1882: 2/9/2011 8:42:48 PM - System Checkpoint
RP1883: 2/10/2011 8:49:52 PM - System Checkpoint
RP1884: 2/12/2011 12:39:21 AM - System Checkpoint
RP1885: 2/13/2011 6:37:00 PM - System Checkpoint
RP1886: 2/16/2011 11:56:46 AM - System Checkpoint
RP1887: 2/17/2011 9:01:00 PM - System Checkpoint
RP1888: 2/19/2011 1:52:13 AM - System Checkpoint
RP1889: 2/20/2011 2:23:59 AM - System Checkpoint
RP1890: 2/21/2011 2:48:37 AM - System Checkpoint
RP1891: 2/22/2011 8:18:17 AM - System Checkpoint
RP1892: 2/24/2011 12:48:04 PM - System Checkpoint
RP1893: 2/25/2011 4:14:04 PM - System Checkpoint
RP1894: 2/28/2011 7:24:03 PM - System Checkpoint
RP1895: 3/3/2011 9:41:24 AM - System Checkpoint
RP1896: 3/4/2011 10:41:35 AM - System Checkpoint
RP1897: 3/5/2011 11:39:47 AM - System Checkpoint
RP1898: 3/6/2011 6:19:58 PM - System Checkpoint
RP1899: 3/7/2011 6:46:05 PM - System Checkpoint
RP1900: 3/8/2011 7:28:46 PM - System Checkpoint
RP1901: 3/10/2011 11:16:37 AM - System Checkpoint
RP1902: 3/11/2011 10:59:55 PM - System Checkpoint
RP1903: 3/13/2011 5:41:42 PM - System Checkpoint
RP1904: 3/14/2011 10:45:20 PM - System Checkpoint
RP1905: 3/15/2011 10:54:52 PM - System Checkpoint
RP1906: 3/17/2011 8:35:13 AM - System Checkpoint
RP1907: 3/18/2011 8:35:25 AM - System Checkpoint
RP1908: 3/19/2011 9:40:32 PM - System Checkpoint
RP1909: 3/23/2011 2:40:42 PM - System Checkpoint
RP1910: 3/24/2011 6:02:14 PM - System Checkpoint
RP1911: 3/28/2011 8:33:38 PM - System Checkpoint
RP1912: 3/30/2011 11:08:16 AM - System Checkpoint
RP1913: 3/31/2011 11:38:58 AM - System Checkpoint
RP1914: 4/2/2011 11:18:06 PM - System Checkpoint
RP1915: 4/4/2011 9:33:44 AM - System Checkpoint
RP1916: 4/6/2011 5:47:45 PM - System Checkpoint
RP1917: 4/7/2011 9:38:39 PM - Software Distribution Service 3.0
RP1918: 4/8/2011 9:55:34 PM - System Checkpoint
RP1919: 4/10/2011 12:24:00 AM - System Checkpoint
RP1920: 4/11/2011 8:49:42 PM - System Checkpoint
RP1921: 4/12/2011 10:57:37 PM - System Checkpoint
RP1922: 4/14/2011 10:34:40 PM - Software Distribution Service 3.0
RP1923: 4/16/2011 6:07:06 PM - System Checkpoint
RP1924: 4/17/2011 6:32:49 PM - System Checkpoint
RP1925: 4/18/2011 9:36:09 PM - System Checkpoint
RP1926: 4/21/2011 10:20:05 PM - System Checkpoint
RP1927: 4/21/2011 11:02:29 PM - Software Distribution Service 3.0
RP1928: 4/22/2011 11:57:56 PM - System Checkpoint
RP1929: 4/24/2011 6:57:59 PM - System Checkpoint
RP1930: 4/25/2011 9:32:47 PM - System Checkpoint
RP1931: 4/26/2011 10:56:18 PM - System Checkpoint
RP1932: 4/28/2011 4:27:27 PM - System Checkpoint
RP1933: 4/29/2011 10:20:14 PM - System Checkpoint
RP1934: 4/30/2011 10:36:57 PM - System Checkpoint
RP1935: 5/3/2011 5:01:24 AM - System Checkpoint
RP1936: 5/4/2011 8:58:10 PM - Restore Operation
RP1937: 5/5/2011 10:42:34 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
.
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 8.1.0
Adobe Shockwave Player
Airgo Subsystem Software
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
avast! Free Antivirus
Belkin Wireless Client Utility
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCScore
Cda Product Service - shared component
Choice Guard
Coupon Printer for Windows
Dell Solution Center
Dell TrueMobile 2300 Wireless Broadband Router Control Utility
dj_sf_software_req
DVD Shrink 3.2
DVDSentry
Easy CD Creator 5 Basic
EPSON Printer Software
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Hauppauge WinTV NT4/Win2000 Drivers
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HP Deskjet Printer Driver Software 9.0
HP Drive Key Boot Utility
HP USB Disk Storage Format Tool
igLoader 2,0,0,2
Intel (R) Pro Alerting Agent
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Java 2 Runtime Environment Standard Edition v1.3.1
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Kazaa Media Desktop 2.5.1
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Lexmark 3500-4500 Series
LightScribe 1.8.13.1
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Visio Professional 2003
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Journal Viewer
Move Networks Media Player for Internet Explorer
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MyPublisher BookMaker
Nero 7 Essentials
neroxml
netbrdg
Notifier
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OfotoXMI
OMCI
PowerDVD
PSXCOPY2000
QuickTime
Roxio Easy Media Creator 7 Basic DVD Edition
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Segoe UI
setup (Remove only)
SFR
SHASTA
ShopAtHome.com Toolbar
SKIN0001
Skins
SKINXSDK
SolidWorks 2001
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
staticcr
Toolbox
tooltips
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VBA (2720)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Walmart Photo Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinISO 5.3
WinPcap 3.0
WinRAR archiver
WIRELESS
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
5/6/2011 12:45:23 AM, error: Service Control Manager [7034] - The lxdiCATSCustConnectService service terminated unexpectedly. It has done this 1 time(s).
5/6/2011 12:45:23 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 1 time(s).
5/6/2011 12:45:23 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
5/6/2011 12:45:23 AM, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
5/6/2011 12:45:23 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/6/2011 12:45:23 AM, error: Service Control Manager [7034] - The ASF Agent service terminated unexpectedly. It has done this 1 time(s).
5/6/2011 12:45:23 AM, error: Service Control Manager [7034] - The Airgo Networks NIC Service service terminated unexpectedly. It has done this 1 time(s).
5/6/2011 12:45:23 AM, error: Service Control Manager [7034] - The Adobe Active File Monitor V4 service terminated unexpectedly. It has done this 1 time(s).
5/6/2011 12:45:23 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2011 12:45:22 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
5/4/2011 7:45:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp Fips intelppm IPSec MRxSmb NaiAvTdi1 NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
5/4/2011 7:40:37 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The system cannot find the file specified.
5/4/2011 7:40:37 PM, error: Service Control Manager [7000] - The PC Tools Auxiliary Service service failed to start due to the following error: The system cannot find the file specified.
5/4/2011 6:16:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/4/2011 6:10:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/3/2011 12:18:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp Fips intelppm
5/3/2011 12:17:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/3/2011 12:04:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service NMIndexingService with arguments " " in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
5/3/2011 1:46:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
5/3/2011 1:07:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/2/2011 11:57:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp Fips intelppm IPSec MRxSmb NaiAvTdi1 NetBIOS NetBT RasAcd Rdbss Tcpip
5/2/2011 11:57:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2011 11:57:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2011 11:57:07 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2011 11:57:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2011 11:57:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2011 11:57:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2011 11:57:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2011 6:15:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Indexing Service service to connect.
5/1/2011 6:15:11 PM, error: Service Control Manager [7000] - The Indexing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/1/2011 1:36:46 PM, error: Print [6161] - The document Microsoft Word - Document1 owned by Mike failed to print on printer Lexmark 3500-4500 Series. Data type: LEMF. Size of the spool file in bytes: 65028. Number of bytes printed: 65028. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RAGE557. Win32 error code returned by the print processor: 0 (0x0).
4/29/2011 9:57:15 PM, error: Print [6161] - The document Flash owned by Mike failed to print on printer Lexmark 3500-4500 Series. Data type: LEMF. Size of the spool file in bytes: 3147296. Number of bytes printed: 3147296. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RAGE557. Win32 error code returned by the print processor: 0 (0x0).
4/29/2011 9:51:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService service to connect.
4/29/2011 9:51:54 PM, error: Service Control Manager [7000] - The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

working on it tonight and i will let you know, this means a lot to me, thank you

 

thank you so much again, got swept away in mothers day weekend, will run and get the log tonight

 

ComboFix 11-05-09.02 - Mike 05/10/2011 0:45.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1707 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mike\WINDOWS
c:\program files\INSTALL.LOG
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\desktop
c:\windows\Readme.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-06 05:49 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 02:43 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-06 02:43 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-06 02:43 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-06 02:43 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-06 02:43 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-06 02:43 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-06 02:43 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-06 02:43 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-06 02:42 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-06 02:42 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-06 02:42 . 2011-05-06 02:42 -------- d-----w- c:\program files\AVAST Software
2011-05-06 02:42 . 2011-05-06 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-05 01:01 . 2011-05-05 01:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-05 00:59 . 2011-05-05 01:00 -------- d-----w- c:\program files\Lexmark 3500-4500 Series
2011-05-04 22:10 . 2011-05-05 01:00 -------- d-----w- c:\program files\Common Files\PC Tools
2011-05-03 04:05 . 2011-05-03 04:05 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2011-05-03 04:05 . 2011-05-03 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-03 04:04 . 2011-05-06 05:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 01:57 . 2011-04-30 01:57 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 03:57 . 2011-03-29 03:57 1409 ----a-w- c:\windows\QTFont.for
2011-03-21 03:11 . 2010-12-29 18:54 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ShStatEXE "= "c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"lxdimon.exe "= "c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon "= "c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\AceBIT\\WISE-FTP\\wise_ftp.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\WINDOWS\\SYSTEM32\\lxdicoms.exe "=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe "=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe "=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe "=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdipswx.exe "=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxditime.exe "=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdijswx.exe "=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdiwbgw.exe "=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [5/5/2011 10:43 PM 441176]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/5/2011 10:43 PM 307288]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\SYSTEM32\DRIVERS\mvstdi5x.sys [8/10/2006 9:38 PM 58464]
R2 ANISERVICE;Airgo Networks NIC Service;c:\windows\SYSTEM32\aniServ.exe [8/11/2004 12:00 PM 143360]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2/10/2003 5:52 AM 114688]
R2 AsfAlrt;AsfAlrt;c:\windows\SYSTEM32\DRIVERS\Asfalrt.sys [12/18/2002 5:31 AM 36064]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/5/2011 10:43 PM 19544]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdiserv.exe [8/7/2010 12:38 AM 99248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:14 PM 24652]
S3 HCW848NT;Hauppauge Win/TV;c:\windows\SYSTEM32\DRIVERS\hcw848nt.sys [3/5/2006 12:52 PM 140440]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 17:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} - hxxp://media.cdigix.com/Performer/downloads/PerformerSetup.cab
DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} - hxxp://198.99.241.129/eplayer/V3_1_0_0/acneplayer.cab
DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Spyware X-terminator Control Center - c:\progra~1\STOMPS~1\SPYWAR~1\PPControl.exe
HKLM-Run-CookiePatrol - c:\progra~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
HKLM-Run-PPMemCheck - c:\progra~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
AddRemove-NVIDIA Display Driver - c:\windows\System32\nvudisp.exe
AddRemove-PSXCOPY2000 - c:\program files\PSXSoft\PSXCOPY2000\DeIsL1.isu
AddRemove-setup - c:\windows\rundll32.exe
AddRemove-SolidWorks 2001 - c:\program files\SolidWorks\DeIsL1.isu
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 00:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\WININET.dll
c:\windows\system32\EntApi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\drivers\CDAC11BA.EXE
c:\windows\System32\CTsvcCDA.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxdicoms.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2011-05-10 01:10:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-10 05:10
.
Pre-Run: 12,748,214,272 bytes free
Post-Run: 10,410,164,224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E22D1FAF74296BD5D2A450F426116A35

 

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 05/10/2011 at 1:33:31.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 05/10/2011 at 1:33:44.

 

I will check tonight and let you know, but I still can't see any of my pictures

 

here is a quote from my first post:

'One other thing I noticed that really disturbed me at that point was that ANY picture file saved to the desktop, it's icon was semi-transparent, I clicked on a few of them and even went into My Pictures and they were all this way but I could still bring them up.

Yesterday at work I ran into this website and read a few peoples posts, it gave me hope.
So I signed up and printed out the list of things to do first, I downloaded the programs to my flash drive and last night I ran them all and saved the logs to my flash drive to post from my work computer today.

But during that process last night something even more disturbing happened, I ran all the programs in order, but after I ran TFC (temp file cleaner) all those pictures that were semi-transparent are now not longer on my desktop nor are there any photos in my My Pictures.
Panic set in, so I did two things:
I clicked on recently opened documents and clicked on a picture and it came up, ok, so that's good.
Then I went to my computer and looked the properties for my C: drive and it had the same 70 some gig used and 10 gig free that it has had for a while.
Then I thought, there is no way that the TFC program could have done away with them so quickly, that program only ran for a few mins and I have over 40 or 50 gig worth of pictures in question.

I went ahead and finished running the programs as suggested by this website and saved the logs which I will post now. '

at this point my internet is back working and my computer seems to be running much better but there is still a user account for Administrator and under My Documents where all my pictures were there is a folder for My Shapes and My Webs but not pictures in fact I can't find any pictures on any of my computer but there is no more free space than before, did this Administrator account take over them???

I am actually posting from the computer in question.

 

Great, I putted around with the wife last night and was able to figure out some of the visible folders contents were marked as hidden, was able to undo and recover most all pictures, still might be some out there, i will run unhide tonight