I am very happy to have found this forum and hope to find some answers to the problem I'm now having.

My computer has Windows XP Media Edition w/ service pack 2 and IE7. The computer is 1 yr old and never had any trouble of any kind before. Spyware and virus protection was installed and used. I have a bit of computer skill but this is beyond me.

Last night I was online and while doing a simple search I guess I opened a site that I shouldn't have. My computer flashed a warning that my computer was infected with spyware and immediately turned itself off. It then tried to restart, getting only as far as the Windows XP screen before turning off and starting the process again. I tried to start it back up several times with no luck and went to bed. This morning I was able to get it started in safe mode and noticed I no longer have any internet access (broadband or dialup). I booted the computer and it started normally this time (and every time since). The only problem is:

- My task bar is hidden and can not be seen (auto hide is unchecked) unless I'm in safe mode
- I get a message that my "Task manager has been disabled"
- I still have no internet access (broadband or dialup)
- None of my help files will work
- I can cut or copy but not paste files
- Under "User Accounts" in the control panel there is nothing listed
- Non of my virus or firewall protection works or will even start up
- Internet Explorer will not open and if it does it immediately closes
- I tried to get online through my old AOL dialup connection and received the following message: "The computer's modem is being blocked from connecting" (the modem properties state that it is working correctly)
- There are network adapters listed in the system but it will not find them when I click on network Connections folder. A message box opens stating "The Network Connections folder was unable to retrieve the list of network adapters on your machine. Please make sure the Network Connections service is enabled and running."

Others errors and messages that have popped up at vrious times since this problem started include:

* "Could not start telephony service on local computer"
* "Error 1068: The dependency service or group failed to start"
* "Error 711 configuration error"
* "Error 5 access denied"
* "An error using COM/OLE occurs. Please check the installation of COM on your computer." (when trying to burn a backup disk)
* "The memory could not be "read"" (as my desktop loads)
* "~tmp0374.exe - Application error. The instruction at 0x00405377 referenced memory @ oxoooooooo" (shows up just after the above message on start up)

Those are just a few of the problems I jotted down. Since I have no internet access now on that computer it makes it difficult to download any fixes. I also can't move files but was able to get Dr Web run from a SD disk uploaded from my older (but working) computer. It found a number of trojans and other spyware and adware. I followed the instructions, deleted or "cured" the files, booted the computer and still have the same problem.

I have also downloaded HJT onto the SD disk and have run it. I was able to save the log it made to my handy SD disk and will put it in a seperate post, just after this one. I did nothing with the HJT except run the report log, not wanting to make a mistake and make the problem worse.

Does anyone have any ideas? A message pops up from my unseen taskbar saying that Windows has found that my computer is infected with spyware and to "click here to download updates to fix it" but I can't get online since it isn't recognizing the network adapters and there seems to be a problem with the telephony. I also don't know how to get the updates using my older, working computer so that I can possibly get them to work on the infected computer.

Any help is greatly appreciated. Thanks in advance!

Sue

Here is the HJL log I just made on my infected computer:

Logfile of HijackThis v1.99.1
Scan saved at 9:56:44 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
c:\Program Files\PestPatrol\ppcontrol.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\wz533\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O3 - Toolbar: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123358120\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: ChaCha Search - file://C:\Documents and Settings\Owner\Application Data\CHACHATOOLBAR\SelectedContextSearch_ChaCha Search.htm
O8 - Extra context menu item: ChaCha Search with guide - file://C:\Documents and Settings\Owner\Application Data\CHACHATOOLBAR\SelectedContextSearch_ChaCha Search with guide.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [url]http://www.ipix.com/viewers/ipixx.cab[/url]
O16 - DPF: {2513AB48-1AEF-4E55-8329-927FF97C9DCE} (ExpressView Class) - [url]http://216.142.118.75:9999/plugin/MrSID_BPI.cab[/url]
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [url]http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url]http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab[/url]
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - [url]http://mediaplayer.walmart.com/installer/install.cab[/url]
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - [url]http://data6.archives.ca/mrsidi_cab/MrSIDI.cab[/url]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [url]http://72.240.51.211/activex/AxisCamControl.cab[/url]
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - [url]http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/donotuse/couponsbar.cab[/url]
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - [url]http://cdn.digitalcity.com/video/kdx.cab[/url]
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MHN - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Program Files\Common Files\System\MAPI\1033\~tmp0374.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

I am at work and do not have my tools available, so I will have to post back later when I get home... Meanwhile, if you manage to get online, DO NOT click on that popup to install the protection for that "spyware"... it is quite likely that is just another part of the infection...

If you look at a number of the other posts in this forum, you will see instructions for downloading and running Option 1 of SmitfraudFix... if you can download that with your working computer and run it on the disabled one, post the log back here...

It would be a good idea to only run the disabled compute in Safe Mode with NO internet access until you get some of this cleaned up...

Also, run this if you can:

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thank you so much for your help! I was able to get the smartfraudfix downloaded onto my san disk and then run on my infected computer. I am running the SDFix now and will post that report when it is done. Here is the report from the smartfraudfix:

SmitFraudFix v2.141

Scan done at 14:44:44.70, Thu 02/08/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Here is the SDFix report. Is it normal that this is susch a small report? The others all seem so long so I wasn't sure if it worked. I'm now giong to run a new HJT report and will post it in a few minutes.


SDFix: Version 1.63

Thu 02/08/2007 - 14:49:40.01

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft IE Updater

Path:
C:\Program Files\Common Files\System\MAPI\1033\~tmp0374.exe /start

Microsoft IE Updater Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File

This is the new HJT report:

Logfile of HijackThis v1.99.1
Scan saved at 3:14:58 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wz4450\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O3 - Toolbar: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123358120\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [url]http://www.ipix.com/viewers/ipixx.cab[/url]
O16 - DPF: {2513AB48-1AEF-4E55-8329-927FF97C9DCE} (ExpressView Class) - [url]http://216.142.118.75:9999/plugin/MrSID_BPI.cab[/url]
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [url]http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url]http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab[/url]
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - [url]http://mediaplayer.walmart.com/installer/install.cab[/url]
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - [url]http://data6.archives.ca/mrsidi_cab/MrSIDI.cab[/url]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [url]http://72.240.51.211/activex/AxisCamControl.cab[/url]
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - [url]http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/donotuse/couponsbar.cab[/url]
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - [url]http://cdn.digitalcity.com/video/kdx.cab[/url]

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MHN - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

Looks like I was wrong... Try this scan instead...

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

Here is the combofix log:

"Administrator" - 07-02-08 19:59:52 Service Pack 2
ComboFix 07-02-07 - Running from: "H:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\vxg3am1et3.exe
C:\WINDOWS\system32\update62523833.exe
C:\WINDOWS\system32\vx.tll
C:\Documents and Settings\All Users\Documents\Settings


((((((((((((((((((((((((((((((( Files Created from 2007-01-08 to 2007-02-08 ))))))))))))))))))))))))))))))))))


2007-02-08 15:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-08 14:47 <DIR> d-------- C:\SDFix
2007-02-08 14:44 3,956 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-08 11:24 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\Google
2007-02-07 21:32 <DIR> d-------- C:\Program Files\PestPatrol
2007-02-07 20:13 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-02-07 16:58 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\CHACHATOOLBAR
2007-02-07 16:48 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\Viewpoint
2007-02-07 16:45 0 --a------ C:\DOCUME~1\Sue\Application Data\Install.dat
2007-02-07 16:43 1,310,720 --ah----- C:\DOCUME~1\Sue\NTUSER.DAT
2007-02-07 16:43 <DIR> d-------- C:\DOCUME~1\Sue\WINDOWS
2007-02-07 16:43 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\You've Got Pictures Screensaver
2007-02-07 16:43 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\Sun
2007-02-07 16:43 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\SampleView
2007-02-07 16:43 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\McAfee
2007-02-07 16:43 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\Help
2007-02-07 16:43 <DIR> d-------- C:\DOCUME~1\Sue\Application Data\AOL
2007-02-07 16:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-07 14:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Viewpoint
2007-02-07 12:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-02-07 10:17 <DIR> d-------- C:\20070702_101440_Owner Feb 2007
2007-02-07 10:14 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Ahead
2007-02-07 09:35 60,377 --a------ C:\WINDOWS\system32\vcodec.exe
2007-02-07 09:35 <DIR> d-------- C:\Program Files\Video ActiveX Object
2007-02-07 02:12 0 --a------ C:\DOCUME~1\Owner\Application Data\Install.dat
2007-02-07 02:11 43,598 --a------ C:\WINDOWS\system32\update77526596.exe
2007-02-07 02:11 40,960 --a------ C:\WINDOWS\system32\update13428241.exe
2007-02-07 02:11 38,400 --a------ C:\WINDOWS\system32\update00822631.exe
2007-01-13 21:24 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Viewpoint
2007-01-13 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-12 14:42 <DIR> d-------- C:\Program Files\chachatoolbar
2007-01-12 14:42 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\chachatoolbar
2007-01-12 14:41 799,088 --a------ C:\Program Files\InstallChaChaToolbar.exe
2007-01-08 16:02 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-01-08 15:46 <DIR> d-------- C:\Program Files\Sierra


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-02-07 16:44 -------- d-------- C:\Program Files\web publish
2007-02-07 15:34 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-07 15:02 -------- d---s---- C:\DOCUME~1\ADMINI~1\Application Data\microsoft
2007-02-07 14:41 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\aol
2007-02-03 00:06 -------- d-------- C:\Program Files\family tree legends
2007-01-29 23:40 -------- d-------- C:\Program Files\mozilla thunderbird
2007-01-08 16:19 -------- d--h----- C:\Program Files\installshield installation information
2006-12-27 09:29 -------- d-------- C:\Program Files\wal-mart music downloads store
2006-12-27 09:29 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-26 21:05 -------- d-------- C:\Program Files\tunebite
2006-12-26 18:22 525240 --a------ C:\Program Files\lame3.97.zip
2006-12-26 10:53 -------- d-------- C:\Program Files\yahoo!
2006-12-26 10:53 -------- d-------- C:\Program Files\illiminable
2006-12-26 10:53 -------- d-------- C:\Program Files\Common Files\surething shared
2006-12-26 10:49 372272 --a------ C:\Program Files\ymjsetup_22.exe
2006-12-26 10:35 24820 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-12-26 10:35 -------- d-------- C:\Program Files\java
2006-12-26 09:44 -------- d-------- C:\Program Files\scanlogic
2006-12-25 23:11 -------- d-------- C:\Program Files\itunes
2006-12-25 23:11 -------- d-------- C:\Program Files\ipod
2006-12-25 23:10 -------- d-------- C:\Program Files\quicktime
2006-12-25 23:08 -------- d-------- C:\Program Files\apple software update
2006-12-25 23:07 36808256 --a------ C:\Program Files\itunessetup.exe
2006-12-24 13:52 -------- d-------- C:\Program Files\virtual earth 3d
2006-12-24 13:20 520976 --a------ C:\Program Files\earth3d setup.exe
2006-12-17 12:58 75292 --ah----- C:\WINDOWS\system32\mlfcache.dat
2006-12-13 11:03 -------- d-------- C:\Program Files\Common Files\aol
2006-12-13 11:02 -------- d-------- C:\Program Files\america online 9.0a
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 13:13 3473984 --a------ C:\Program Files\sftpmsi.exe
2006-12-05 13:18 4 --ah----- C:\WINDOWS\uccspecb.sys
2006-11-26 12:48 4999 --a------ C:\Program Files\uninstal.log
2006-11-26 12:48 4766 --a------ C:\Program Files\setuplog.txt
2006-11-26 12:46 4826763 --a------ C:\Program Files\centranssetup.exe
2006-11-26 08:38 132920 --a------ C:\Program Files\mypointstoolbarinstaller25.exe
2006-11-22 19:17 58368 --a------ C:\Program Files\mfinstall.exe
2006-11-16 17:18 14879120 --a------ C:\Program Files\googleearthwin.exe
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CHotkey"="zHotkey.exe"
"SoundMan"="SOUNDMAN.EXE"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53, 54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1123358120\\ee\\AOLSoftware.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PestPatrol Control Center"="C:\\Program Files\\PestPatrol\\PPControl.exe"
"PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"SDFix"="C:\\SDFix\\RunThis.bat /second"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"OOBEDDDemise"="cmd /x /c erase C:\\WINDOWS\\System32\\oobe\\msoobe.exe"
"SDFix"="C:\\SDFix\\RunThis.bat /second"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
@=""
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"System"="C:\\WINDOWS\\system32\\kernels88.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73, 6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65 ,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73, 6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74 ,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job


************************************************** ******************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
[url]http://www.gmer.net[/url]

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
OOBEDDDemise = cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe??????r???????? ???????C?w?????????????????????t??P$?????????????? i?wis???????????H???????????????????????????*&?|l????&?|??-w?????????????????????????????????????P??????????? ???`??????????????|?&?|?????&?|B%?|???????????????????|?$?|??????-wC

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

************************************************** ******************

Completion time: 07-02-08 20:06:18

That cleaned up some, but you still have a pile of garbage on there... See if you can download these, install on the disabled computer and run them... For the first one, please post whatever log it gives you:

http://info.prevx.com/downloadremove.asp

This one will allow full cleaning until Feb 15, so let it clean what it finds...

Try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...
DO NOT post the upper window which contains everything that was scanned...

http://www.mwti.net/products/mwav/mwav.asp

I tried to run the prevx scan and unfortunately get a message that I need an internet connection to be able to run a scan.

I was successful with the MWavScan and the log report would have taken up three replys so as you suggested I'm posting just what starts with "file". If you need more I can split the report up into three pieces, just let me know. I REALLY appreciate you trying to help me out, thanks so much!

File C:\\WINDOWS\\system32\\svchost.bak infected by "Trojan.Win32.Crypt.g" Virus! Action Taken: No Action Taken.\par
File C:\\WINDOWS\\system32\\update00822631.exe infected by "Trojan.Win32.Crypt.g" Virus! Action Taken: No Action Taken.\par
File C:\\WINDOWS\\system32\\update13428241.exe infected by "Trojan.Win32.Crypt.g" Virus! Action Taken: No Action Taken.\par
File C:\\WINDOWS\\system32\\update77526596.exe infected by "Trojan-Downloader.Win32.Small.dwc" Virus! Action Taken: No Action Taken.\par
File C:\\WINDOWS\\system32\\vcodec.exe infected by "Trojan-Downloader.Win32.Zlob.bio" Virus! Action Taken: No Action Taken.\par
\f1\fs20\par
}

I am not sure why you didn't let MWav clean what it found... Please run it again and let it clean...

Oops, I must have mis-understood you, sorry. I will do that right now and then post the new report.

File C:\\WINDOWS\\system32\\svchost.bak//PE_Patch.UPX//UPX infected by "Trojan.Win32.Crypt.g" Virus! Action Taken: File Deleted.\par
File C:\\WINDOWS\\system32\\update00822631.exe infected by "Trojan.Win32.Crypt.g" Virus! Action Taken: File Deleted.\par
File C:\\WINDOWS\\system32\\update13428241.exe infected by "Trojan.Win32.Crypt.g" Virus! Action Taken: File Deleted.\par
File C:\\WINDOWS\\system32\\update77526596.exe infected by "Trojan-Downloader.Win32.Small.dwc" Virus! Action Taken: File Deleted.\par
File C:\\WINDOWS\\system32\\vcodec.exe//PE_Patch.UPX//UPX//stream//data0006 infected by "Trojan-Downloader.Win32.Zlob.bio" Virus! Action Taken: File Deleted.\par
\f1\fs20\par
}

I'm running a new HJT log now and will post it shortly

Logfile of HijackThis v1.99.1
Scan saved at 5:30:03 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wz31d2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O3 - Toolbar: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123358120\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2513AB48-1AEF-4E55-8329-927FF97C9DCE} (ExpressView Class) - http://216.142.118.75:9999/plugin/MrSID_BPI.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archives.ca/mrsidi_cab/MrSIDI.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://72.240.51.211/activex/AxisCamControl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/donotuse/couponsbar.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

It looks like you are getting there... Run this one more program, then boot to Normal Mode and see if you can get online and run Prevx... Also, please move HJT to a permanent folder... You will have some HJT fixes to do and it needs to be in a permanent folder or you risk losing backups...

Run this (it has a different name now, but I think you can still get it here):

Download the Hoster Here (http://www.funkytoad.com/download/hoster.zip) and unzip it to your desktop.
Next, open the Hoster
Make sure that the "make hosts writable?" button in the upper right corner is checked
Now, click on 'back up Host files'
then click on 'Restore orginal host files'
Finally, close the hoster


Post a fresh HJT log when you finish... Post the Prevx log if you can get it done...

I ran the Hoster and then another HJT. I also moved the HJT to my desktop (it wouldn't let me do that when I first started with the problem).

Logfile of HijackThis v1.99.1
Scan saved at 7:18:54 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O3 - Toolbar: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123358120\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [url]http://www.ipix.com/viewers/ipixx.cab[/url]
O16 - DPF: {2513AB48-1AEF-4E55-8329-927FF97C9DCE} (ExpressView Class) - [url]http://216.142.118.75:9999/plugin/MrSID_BPI.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url]http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab[/url]
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - [url]http://mediaplayer.walmart.com/installer/install.cab[/url]
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - [url]http://data6.archives.ca/mrsidi_cab/MrSIDI.cab[/url]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [url]http://72.240.51.211/activex/AxisCamControl.cab[/url]
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - [url]http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/donotuse/couponsbar.cab[/url]
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - [url]http://cdn.digitalcity.com/video/kdx.cab[/url]
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I rebooted to normal and still have all the same problems I mentioned in my first post, although the desktop came up much faster. I cannot get to the internet, none of the internet and network wizards will come up to make the connection and IE only flashes when I try to open it. I rebooted back to safe mode. I still can't run the Prevx.

Okay... Try some HJT fixes... I don't think this will fix it, but maybe it will help a bit:

Open a HJT scan and put checks by:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

I could not find any reliable info on this program, so I suggest you fix these and uninstall the program in Add or Remove Programs since your system is fried...

O2 - BHO: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL
O3 - Toolbar: ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\PROGRA~1\CHACHA~1\CHACHA~1.DLL

Close all open windows except HJT and press Fix checked...

Open your Start Menu, Run and paste this, then run it:

sc delete PrismXL

Find and delete this folder:

C:\Program Files\Common Files\New Boundary

Have you activated your copy of WinXP??

Reboot into Normal Mode and try the internet again... See if you can run a HJT log in Normal Mode and post that back here... Disconnect from the internet if you are unable to connect and run Prevx...

I have a few less error messages come up but still can't get online, or many or the other problems I was having. Still can't run the Prevx. Here is the latest HJT after doing everything you mentioned:

Logfile of HijackThis v1.99.1
Scan saved at 9:31:19 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123358120\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2513AB48-1AEF-4E55-8329-927FF97C9DCE} (ExpressView Class) - http://216.142.118.75:9999/plugin/MrSID_BPI.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archives.ca/mrsidi_cab/MrSIDI.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://72.240.51.211/activex/AxisCamControl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/donotuse/couponsbar.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Did you run this log in Normal Mode??

What error messages are you getting?? Please write them down and post them here...

Have you activated WinXP?? Please answer my questions since I can't help unless I know what is going on...

I am running out of clues... please run another ComboFix scan and post that log...

Yes I ran the HJT in normal mode.

I'm not sure what you mean by activating Win XP? I bought this computer 1 yr ago (new) and registered it if that is what you mean. I forgot to answer that in my last post, sorry.

When I log on I get this message:
Multimedia card reader
Resource is not enough

Since I couldn't connect via my cable broadband I tried to use my dialup and received the following:
Phone & modem can not be opened.
You may have a problem starting telephony service

I tried to connect to the internet through my old AOL service and received this message:
Computer's modem is being blocked from connecting

When I try to open my firewall I get this:
Due to an unidentified problem, Windows cannot display firewall settings

When I try to use my Nero CD burner I get this message:
An error using COM/OLE occurs. Please check the installation of COM on your computer.

When I try to open the Network Connections folder there is nothing listed (although they are there in the system file) and I get this: Network connections can not be found.

The Network Connection Wizard and Internet Connection Wizard do not open.

Additionally, my IE only flashes quickly when I try to open it.

My Norton Security does not open.

When I go to USERS in the control panel there is nothing but a blank page that comes up.

I cannot drag and drop or paste any files, programs, etc.

And that is all I have recently come across since running the programs you suggested. From what I can tell all my other programs work.

I will run the cambofix in the morning and post that log. I need to get everyone to bed right now.

Thanks again for any insight!

Well in addition to any lingering malware problems you have several missing or damaged system files. I'm not sure what to tell you to do at this point...you may not be able to fix everything without fixing the problems, but at the same time you may not be able to fix the malware without fixing the system files first...

I agree with mjc... If we can't nail this down soon, it may be best to simply wipe, reformat and reinstall... I suspect the corrupt system files are the main problem now, but it is hard to say until I see the ComboFix log...

Below is the combofix log (split into 3 posts incase you need the whole thing). I was starting to think along the same lines, that I may need to re-format/re-install. My father suggested installing a new hard drive along side the problem one so that I don't loose access to some of the files on it. Do you think this would work, or would whatever attacked the computer infect the new hard drive? Whether I re-install or set up a new hard drive how can I make sure this doesn't happen again? I had a firewall and anti-virus protection that was set to automatically update itself. All I did was open a very benign looking webpage about chinchillas during a search.

Once again, thanks for the help...even if I can't get this fixed.

"Owner" - 07-02-10 9:58:29 Service Pack 2
ComboFix 07-02-08.2 - Running from: "H:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\Application Data\Install.dat
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\REGEDIT.com
C:\WINDOWS\logo1_.exe


((((((((((((((((((((((((((((((( Files Created from 2002-09-07 to 2002/10/2007 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2012/26/2006 10:35 AM 24820 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2012/26/2005 02:50 PM 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2012/15/2006 08:24 PM 13952 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
2012/01/2005 12:14 PM 123488 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2011/16/2006 11:44 AM 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2011/16/2006 11:44 AM 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2011/15/2004 07:41 PM 36804 --a------ C:\WINDOWS\system32\drivers\Sunkfilt.sys
2010/13/2006 05:23 AM 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2010/03/2006 12:21 PM 36528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2010/03/2006 12:21 PM 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010/03/2006 12:21 PM 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2009/29/2004 05:28 PM 134912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2009/25/2003 04:00 PM 25211 --a------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2009/25/2003 04:00 PM 174530 --a------ C:\WINDOWS\system32\drivers\ov519vid.sys
2009/19/2006 03:44 PM 15664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2009/18/2006 11:54 AM 16640 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2009/14/1998 08:41 AM 285216 --a------ C:\WINDOWS\system32\drivers\Onsio.sys
2008/21/2006 04:14 AM 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2008/17/2001 12:48 PM 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008/17/2001 11:07 PM 56960 --a------ C:\WINDOWS\system32\drivers\aic78xx.sys
2008/17/2001 11:07 PM 55168 --a------ C:\WINDOWS\system32\drivers\aic78u2.sys
2008/17/2001 11:07 PM 5504 --a------ C:\WINDOWS\system32\drivers\perc2hib.sys
2008/17/2001 11:07 PM 32640 --a------ C:\WINDOWS\system32\drivers\symc8xx.sys
2008/17/2001 11:07 PM 30688 --a------ C:\WINDOWS\system32\drivers\sym_u3.sys
2008/17/2001 11:07 PM 28384 --a------ C:\WINDOWS\system32\drivers\sym_hi.sys
2008/17/2001 11:07 PM 27296 --a------ C:\WINDOWS\system32\drivers\perc2.sys
2008/17/2001 11:07 PM 25952 --a------ C:\WINDOWS\system32\drivers\hpn.sys
2008/17/2001 11:07 PM 20192 --a------ C:\WINDOWS\system32\drivers\dpti2o.sys
2008/17/2001 11:07 PM 19072 --a------ C:\WINDOWS\system32\drivers\sparrow.sys
2008/17/2001 11:07 PM 16256 --a------ C:\WINDOWS\system32\drivers\symc810.sys
2008/17/2001 11:07 PM 101888 --a------ C:\WINDOWS\system32\drivers\adpu160m.sys
2008/17/2001 10:58 PM 35840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008/17/2001 10:52 PM 7680 --a------ C:\WINDOWS\system32\drivers\cd20xrnt.sys
2008/17/2001 10:52 PM 49024 --a------ C:\WINDOWS\system32\drivers\ql1280.sys
2008/17/2001 10:52 PM 45312 --a------ C:\WINDOWS\system32\drivers\ql12160.sys
2008/17/2001 10:52 PM 40448 --a------ C:\WINDOWS\system32\drivers\ql1240.sys
2008/17/2001 10:52 PM 40320 --a------ C:\WINDOWS\system32\drivers\ql1080.sys
2008/17/2001 10:52 PM 36736 --a------ C:\WINDOWS\system32\drivers\ultra.sys
2008/17/2001 10:52 PM 33152 --a------ C:\WINDOWS\system32\drivers\ql10wnt.sys
2008/17/2001 10:52 PM 26496 --a------ C:\WINDOWS\system32\drivers\asc.sys
2008/17/2001 10:52 PM 23552 --a------ C:\WINDOWS\system32\drivers\ABP480N5.SYS
2008/17/2001 10:52 PM 22400 --a------ C:\WINDOWS\system32\drivers\asc3350p.sys
2008/17/2001 10:52 PM 179584 --a------ C:\WINDOWS\system32\drivers\dac2w2k.sys
2008/17/2001 10:52 PM 17280 --a------ C:\WINDOWS\system32\drivers\mraid35x.sys
2008/17/2001 10:52 PM 16000 --a------ C:\WINDOWS\system32\drivers\ini910u.sys
2008/17/2001 10:52 PM 14976 --a------ C:\WINDOWS\system32\drivers\cpqarray.sys
2008/17/2001 10:52 PM 14720 --a------ C:\WINDOWS\system32\drivers\dac960nt.sys
2008/17/2001 10:52 PM 13952 --a------ C:\WINDOWS\system32\drivers\cbidf2k.sys
2008/17/2001 10:52 PM 12800 --a------ C:\WINDOWS\system32\drivers\aha154x.sys
2008/17/2001 10:52 PM 125056 --a------ C:\WINDOWS\system32\drivers\ftdisk.sys
2008/17/2001 10:52 PM 12032 --a------ C:\WINDOWS\system32\drivers\amsint.sys
2008/17/2001 10:51 PM 6656 --a------ C:\WINDOWS\system32\drivers\cmdide.sys
2008/17/2001 10:51 PM 5248 --a------ C:\WINDOWS\system32\drivers\aliide.sys
2008/17/2001 10:51 PM 4992 --a------ C:\WINDOWS\system32\drivers\toside.sys
2008/17/2001 10:51 PM 14848 --a------ C:\WINDOWS\system32\drivers\asc3550.sys
2008/17/2001 04:03 PM 4736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2008/17/2001 04:00 PM 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008/17/2001 03:59 PM 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008/17/2001 03:51 PM 3328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2008/17/2001 03:49 PM 19968 --a------ C:\WINDOWS\system32\drivers\mxnic.sys
2008/17/2001 03:46 PM 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008/17/2001 01:02 PM 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008/16/2006 04:37 AM 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008/14/2006 05:34 AM 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2008/10/2004 12:45 PM 11008 --a------ C:\WINDOWS\system32\drivers\mhndrv.sys
2008/10/2004 02:00 PM 96256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys
2008/10/2004 02:00 PM 9600 --a------ C:\WINDOWS\system32\drivers\ndistapi.sys
2008/10/2004 02:00 PM 92032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys
2008/10/2004 02:00 PM 91776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2008/10/2004 02:00 PM 88448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008/10/2004 02:00 PM 8832 --a------ C:\WINDOWS\system32\drivers\rasacd.sys
2008/10/2004 02:00 PM 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2008/10/2004 02:00 PM 799744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2008/10/2004 02:00 PM 79744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2008/10/2004 02:00 PM 7936 --a------ C:\WINDOWS\system32\drivers\fs_rec.sys
2008/10/2004 02:00 PM 7680 --a------ C:\WINDOWS\system32\drivers\mcd.sys
2008/10/2004 02:00 PM 74752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2008/10/2004 02:00 PM 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2008/10/2004 02:00 PM 72960 --a------ C:\WINDOWS\system32\drivers\mqac.sys
2008/10/2004 02:00 PM 71552 --a------ C:\WINDOWS\system32\drivers\bridge.sys
2008/10/2004 02:00 PM 71040 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2008/10/2004 02:00 PM 69120 --a------ C:\WINDOWS\system32\drivers\psched.sys
2008/10/2004 02:00 PM 6784 --a------ C:\WINDOWS\system32\drivers\parvdm.sys
2008/10/2004 02:00 PM 67584 --a------ C:\WINDOWS\system32\drivers\sdbus.sys
2008/10/2004 02:00 PM 66176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2008/10/2004 02:00 PM 64896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2008/10/2004 02:00 PM 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2008/10/2004 02:00 PM 63744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys
2008/10/2004 02:00 PM 63232 --a------ C:\WINDOWS\system32\drivers\nwlnknb.sys
2008/10/2004 02:00 PM 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2008/10/2004 02:00 PM 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2008/10/2004 02:00 PM 59904 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys
2008/10/2004 02:00 PM 5888 --a------ C:\WINDOWS\system32\drivers\rootmdm.sys

2008/10/2004 02:00 PM 5888 --a------ C:\WINDOWS\system32\drivers\dmload.sys
2008/10/2004 02:00 PM 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2008/10/2004 02:00 PM 574592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2008/10/2004 02:00 PM 55936 --a------ C:\WINDOWS\system32\drivers\nwlnkspx.sys
2008/10/2004 02:00 PM 55936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys
2008/10/2004 02:00 PM 52736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008/10/2004 02:00 PM 52352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2008/10/2004 02:00 PM 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2008/10/2004 02:00 PM 51328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys
2008/10/2004 02:00 PM 49664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys
2008/10/2004 02:00 PM 49536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2008/10/2004 02:00 PM 48384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys
2008/10/2004 02:00 PM 4352 --a------ C:\WINDOWS\system32\drivers\wmilib.sys
2008/10/2004 02:00 PM 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2008/10/2004 02:00 PM 42240 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys
2008/10/2004 02:00 PM 4224 --a------ C:\WINDOWS\system32\drivers\rdpcdd.sys
2008/10/2004 02:00 PM 4224 --a------ C:\WINDOWS\system32\drivers\mnmdd.sys
2008/10/2004 02:00 PM 4224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008/10/2004 02:00 PM 41856 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2008/10/2004 02:00 PM 41472 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys
2008/10/2004 02:00 PM 40320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2008/10/2004 02:00 PM 38016 --a------ C:\WINDOWS\system32\drivers\ndproxy.sys
2008/10/2004 02:00 PM 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2008/10/2004 02:00 PM 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2008/10/2004 02:00 PM 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2008/10/2004 02:00 PM 36352 --a------ C:\WINDOWS\system32\drivers\disk.sys
2008/10/2004 02:00 PM 36096 --a------ C:\WINDOWS\system32\drivers\intelppm.sys
2008/10/2004 02:00 PM 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2008/10/2004 02:00 PM 352256 --a------ C:\WINDOWS\system32\drivers\atmuni.sys
2008/10/2004 02:00 PM 35072 --a------ C:\WINDOWS\system32\drivers\msgpc.sys
2008/10/2004 02:00 PM 34944 --a------ C:\WINDOWS\system32\drivers\fips.sys
2008/10/2004 02:00 PM 34560 --a------ C:\WINDOWS\system32\drivers\wanarp.sys
2008/10/2004 02:00 PM 34560 --a------ C:\WINDOWS\system32\drivers\netbios.sys
2008/10/2004 02:00 PM 3456 --a------ C:\WINDOWS\system32\drivers\oprghdlr.sys
2008/10/2004 02:00 PM 34432 --a------ C:\WINDOWS\system32\drivers\rawwan.sys
2008/10/2004 02:00 PM 3328 --a------ C:\WINDOWS\system32\drivers\dxgthk.sys
2008/10/2004 02:00 PM 32896 --a------ C:\WINDOWS\system32\drivers\ipfltdrv.sys
2008/10/2004 02:00 PM 32512 --a------ C:\WINDOWS\system32\drivers\nwlnkfwd.sys
2008/10/2004 02:00 PM 31360 --a------ C:\WINDOWS\system32\drivers\atmepvc.sys
2008/10/2004 02:00 PM 30848 --a------ C:\WINDOWS\system32\drivers\npfs.sys
2008/10/2004 02:00 PM 30080 --a------ C:\WINDOWS\system32\drivers\rndismp.sys
2008/10/2004 02:00 PM 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2008/10/2004 02:00 PM 2944 --a------ C:\WINDOWS\system32\drivers\null.sys
2008/10/2004 02:00 PM 29056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2008/10/2004 02:00 PM 27392 --a------ C:\WINDOWS\system32\drivers\fdc.sys
2008/10/2004 02:00 PM 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2008/10/2004 02:00 PM 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2008/10/2004 02:00 PM 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2008/10/2004 02:00 PM 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2008/10/2004 02:00 PM 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2008/10/2004 02:00 PM 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2008/10/2004 02:00 PM 20992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2008/10/2004 02:00 PM 20992 --a------ C:\WINDOWS\system32\drivers\ipinip.sys
2008/10/2004 02:00 PM 209408 --a------ C:\WINDOWS\system32\drivers\update.sys
2008/10/2004 02:00 PM 20480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
2008/10/2004 02:00 PM 19072 --a------ C:\WINDOWS\system32\drivers\msfs.sys
2008/10/2004 02:00 PM 187776 --a------ C:\WINDOWS\system32\drivers\acpi.sys
2008/10/2004 02:00 PM 18688 --a------ C:\WINDOWS\system32\drivers\partmgr.sys
2008/10/2004 02:00 PM 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2008/10/2004 02:00 PM 18560 --a------ C:\WINDOWS\system32\drivers\tdi.sys
2008/10/2004 02:00 PM 182912 --a------ C:\WINDOWS\system32\drivers\ndis.sys
2008/10/2004 02:00 PM 181248 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2008/10/2004 02:00 PM 17792 --a------ C:\WINDOWS\system32\drivers\ptilink.sys
2008/10/2004 02:00 PM 16512 --a------ C:\WINDOWS\system32\drivers\raspti.sys
2008/10/2004 02:00 PM 162816 --a------ C:\WINDOWS\system32\drivers\netbt.sys
2008/10/2004 02:00 PM 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2008/10/2004 02:00 PM 15488 --a------ C:\WINDOWS\system32\drivers\serenum.sys
2008/10/2004 02:00 PM 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2008/10/2004 02:00 PM 153344 --a------ C:\WINDOWS\system32\drivers\dmio.sys
2008/10/2004 02:00 PM 14976 --a------ C:\WINDOWS\system32\drivers\tape.sys
2008/10/2004 02:00 PM 14592 --a------ C:\WINDOWS\system32\drivers\smclib.sys
2008/10/2004 02:00 PM 143360 --a------ C:\WINDOWS\system32\drivers\fastfat.sys
2008/10/2004 02:00 PM 14336 --a------ C:\WINDOWS\system32\drivers\asyncmac.sys
2008/10/2004 02:00 PM 14208 --a------ C:\WINDOWS\system32\drivers\diskdump.sys
2008/10/2004 02:00 PM 138496 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008/10/2004 02:00 PM 12928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2008/10/2004 02:00 PM 12672 --a------ C:\WINDOWS\system32\drivers\usb8023.sys
2008/10/2004 02:00 PM 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2008/10/2004 02:00 PM 12416 --a------ C:\WINDOWS\system32\drivers\nwlnkflt.sys
2008/10/2004 02:00 PM 12160 --a------ C:\WINDOWS\system32\drivers\fsvga.sys
2008/10/2004 02:00 PM 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2008/10/2004 02:00 PM 12032 --a------ C:\WINDOWS\system32\drivers\ws2ifsl.sys
2008/10/2004 02:00 PM 12032 --a------ C:\WINDOWS\system32\drivers\riodrv.sys
2008/10/2004 02:00 PM 12032 --a------ C:\WINDOWS\system32\drivers\rio8drv.sys
2008/10/2004 02:00 PM 12032 --a------ C:\WINDOWS\system32\drivers\nikedrv.sys
2008/10/2004 02:00 PM 119936 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys
2008/10/2004 02:00 PM 11776 --a------ C:\WINDOWS\system32\drivers\cpqdap01.sys
2008/10/2004 02:00 PM 11648 --a------ C:\WINDOWS\system32\drivers\acpiec.sys
2008/10/2004 02:00 PM 11392 --a------ C:\WINDOWS\system32\drivers\sfloppy.sys
2008/10/2004 02:00 PM 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008/10/2004 02:00 PM 11136 --a------ C:\WINDOWS\system32\drivers\sffdisk.sys
2008/10/2004 02:00 PM 107904 --a------ C:\WINDOWS\system32\drivers\mup.sys
2008/10/2004 02:00 PM 10496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2008/10/2004 02:00 PM 10240 --a------ C:\WINDOWS\system32\drivers\sffp_sd.sys
2008/06/2005 02:56 PM 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2008/04/2004 12:59 AM 95360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2008/04/2004 12:59 AM 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008/04/2004 12:59 AM 25088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2008/04/2004 12:58 AM 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008/04/2004 12:58 AM 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008/04/2004 12:58 AM 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008/04/2004 12:29 AM 1897408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008/04/2004 10:01 AM 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008/04/2004 08:07 AM 68224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2008/04/2004 08:07 AM 44928 --a------ C:\WINDOWS\system32\drivers\AGPCPQ.SYS
2008/04/2004 08:07 AM 43008 --a------ C:\WINDOWS\system32\drivers\AMDAGP.SYS
2008/04/2004 08:07 AM 42752 --a------ C:\WINDOWS\system32\drivers\ALIM1541.SYS
2008/04/2004 08:07 AM 42368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2008/04/2004 08:07 AM 42240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008/04/2004 08:07 AM 41088 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2008/04/2004 08:01 AM 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008/04/2004 08:00 AM 8192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2008/04/2004 08:00 AM 18560 --a------ C:\WINDOWS\system32\drivers\i2omp.sys
2008/04/2004 07:59 AM 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008/04/2004 07:59 AM 5376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2008/04/2004 07:58 AM 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2008/04/2004 07:58 AM 24576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008/04/2004 07:58 AM 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008/04/2004 01:15 AM 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008/04/2004 01:10 AM 61056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008/04/2004 01:10 AM 53248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008/04/2004 01:08 AM 57600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008/04/2004 01:08 AM 26624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008/04/2004 01:08 AM 17024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008/04/2004 01:08 AM 142976 --a------ C:\WINDOWS\system32\drivers\usbport.sys

2008/04/2004 01:07 AM 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008/04/2004 01:07 AM 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008/03/2004 11:15 PM 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008/03/2004 11:15 PM 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2008/03/2004 11:08 PM 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008/03/2004 11:08 PM 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2008/03/2004 11:01 PM 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008/03/2004 10:58 PM 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008/03/2004 10:10 PM 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008/03/2004 10:10 PM 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008/03/2004 10:10 PM 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008/03/2004 10:10 PM 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008/03/2004 10:10 PM 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008/03/2004 10:10 PM 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008/03/2004 10:08 PM 36224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2008/03/2004 10:08 PM 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008/03/2004 10:08 PM 24960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2008/03/2004 10:07 PM 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008/03/2004 09:58 PM 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008/03/2004 09:58 PM 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008/01/1998 12:00 PM 60928 --a------ C:\WINDOWS\system32\drivers\Smplscsi.sys
2007/13/2006 03:48 AM 202240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2006/17/2004 05:56 PM 220032 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2006/17/2004 05:55 PM 685056 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2006/17/2004 05:55 PM 1041536 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2006/14/2006 04:00 AM 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006/14/2006 03:47 AM 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006/14/2006 03:47 AM 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006/09/2005 11:09 PM 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2005/13/2004 10:54 PM 5600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2005/13/2004 10:54 PM 44384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2005/13/2004 10:54 PM 21440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2005/13/2004 10:54 PM 14720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2005/13/2004 10:54 PM 10144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2005/05/2006 04:47 AM 174592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2005/05/2006 04:41 AM 453120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2004/20/2006 06:51 AM 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2004/19/2005 12:40 PM 2317504 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2004/14/2004 01:14 AM 70144 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2004/05/2005 11:17 AM 267192 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2004/05/2005 11:17 AM 17976 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2004/05/2005 11:16 AM 47192 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2004/05/2005 11:16 AM 36984 --a------ C:\WINDOWS\system32\drivers\symids.sys
2004/05/2005 11:16 AM 173208 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2004/05/2005 11:16 AM 11512 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2003/17/2004 02:04 PM 13059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2003/16/2006 07:33 PM 262784 --a------ C:\WINDOWS\system32\drivers\http.sys
2003/15/2005 12:54 PM 1032192 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CHotkey"="zHotkey.exe"
"SoundMan"="SOUNDMAN.EXE"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53, 54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1123358120\\ee\\AOLSoftware.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PestPatrol Control Center"="C:\\Program Files\\PestPatrol\\PPControl.exe"
"PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"OOBEDDDemise"="cmd /x /c erase C:\\WINDOWS\\System32\\oobe\\msoobe.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
@=""
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"System"="C:\\WINDOWS\\system32\\kernels88.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73, 6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65 ,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73, 6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74 ,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job


************************************************** ******************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
[url]http://www.gmer.net[/url]

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
OOBEDDDemise = cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe??????r???????? ???????C?w?????????????????????t??P$?????????????? i?wis???????????H???????????????????????????*&?|l????&?|??-w?????????????????????????????????????P??????????? ???`??????????????|?&?|?????&?|B%?|???????????????????|?$?|??????-wC

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

************************************************** ******************

Completion time: Sat 02/10/2007 10:10:32
C:\ComboFix2.txt ... 02/08/2007 08:06 PM

A quick look suggests that you may be clean, but that your Windows install is just too corrupted by the malware to function properly... Try this, clean up one item in HJT and then do a Repair Install... If that doesn't work, it may be necessary to wipe, reformat and reinstall... If the drive is clean and just corrupt, you can do the procedure you noted safely... However, since we can't be sure the computer is clean, it may infect the new drive...

I will give you some ideas about maintaining security once we get to that point...

Please open a HJT scan and put a check by:

O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe

Close all open windows except HJT and press Fix checked...

Go here for instructions on doing a Repair Install...

http://www.michaelstevenstech.com/XPrepairinstall.htm

I did that 1 HJT fix and read through the repair install instructions. After reading the instr. I was very afraid of losing a couple of pictures and some work I had done this week since I was not able to move files, back up, or burn them onto a CD. After thinking on it a bit I tried to zip them to my San disk and it worked! :D It will take me a few hours to get everything moved to the working computer since my largest San Disk is only 128 mbs. I figure I might as well get everything off while I can incase there is a problem with the last back up I did 2 weeks ago. I will then run the repair if I can (I only have a XP recovery disk that came with the computer) but if I can get what I want off the computer then I won't mind wiping and reinstalling it if I can't use the repair, or it doesn't work.

Thanks again! I will be back later on to let you know how it went.

The Repair Install is usually pretty safe, but if you don't have original XP disks, it can be difficult or impossible to do with Recovery disks... Let me know what happens...

Also, did you try burning a CD?? If you can do so, in Safe Mode, you can backup a lot quicker... Either way, be very careful to scan the backups before putting them on a new install...