Need some Help. Major Issues

Question

Dowloaded a song. Then Boom. Major Problems. My desktop will not even come up. I have to CTRL ALT DEL to pull up programs. Was able to download Adaware. Ran it twice. Still cant get desktop to come up. I have an external drive to back things up, but cant find file and folders. They were all on my desktop. Anywho, any help would be appreciated. bobsullender@gmail.com

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:00 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25833ebdb5e486697720/netzip/RdxIE601.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.netministry.com/controlpanel/XUpload.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 5769 bytes

bamajim · Answer

Sleber1

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Sleber1 · Answer

My desktop would not even come up.  I did paste the combofix program in the desktop folder via the CTRL ALT DEL function.  I was able to run the program from there.  It seems to have fixed the desktop issue. Let me know what you think.  Iappreciate your help.  Here is the LOG:   ComboFix 08-02-22 - wwww 2008-02-21 20:45:26.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.80 [GMT -6:00]Running from: C:\Documents and Settings\wwww\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). C:\Documents and Settings\LocalService\Application Data\NetMonC:\Documents and Settings\LocalService\Application Data\NetMon\domains.txtC:\Documents and Settings\LocalService\Application Data\NetMon\log.txtC:\Program Files\WindowsUpdate\sudaliv89104.dllC:\Temp\1cbC:\Temp\1cb\syscheck.logC:\Temp\isgTi19C:\Temp\isgTi19\lPig.logC:\WINDOWS\Fonts\a.zipC:\WINDOWS\mrofinu1000106.exeC:\WINDOWS\mrofinu1188.exeC:\WINDOWS\system32\a1C:\WINDOWS\system32\ddcabaw.dllC:\WINDOWS\system32\hkkkj.iniC:\WINDOWS\system32\hkkkj.ini2C:\WINDOWS\system32\jkkkh.dllC:\WINDOWS\system32
Gpxx18C:\WINDOWS\system32
Gpxx18
Gpxx182328.exeC:\WINDOWS\system32\p9C:\WINDOWS\system32\p9\liopud89104.exeC:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\v6C:\WINDOWS\system32\w11C:\WINDOWS\system32\w11\hiba3133.exeC:\WINDOWS\uninstall_nmon.vbsC:\WINDOWS\Fonts\' .(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))) .-------\LEGACY_CMDSERVICE-------\LEGACY_NETWORK_MONITOR (((((((((((((((((((((((((   Files Created from 2008-01-22 to 2008-02-22  ))))))))))))))))))))))))))))))). 2008-02-19 20:35 . 2008-02-19 20:35   d-------- C:\Documents and Settings\Guest\Application Data\PC Suite 2008-02-19 20:35 . 2008-02-19 20:35   d-------- C:\Documents and Settings\Guest\Application Data\InstallShield 2008-02-19 15:22 . 2008-02-19 15:22   d-------- C:\Documents and Settings\wwww\Application Data\Research In Motion 2008-02-19 15:19 . 2008-02-19 15:20   d-------- C:\Documents and Settings\wwww\Application Data\PC Suite 2008-02-19 15:19 . 2008-02-19 15:19   d-------- C:\Documents and Settings\wwww\Application Data\InstallShield 2008-02-18 13:51 . 2008-02-18 13:51   d-------- C:\Documents and Settings\wwww\Application Data\AdobeUM 2008-02-18 11:15 . 2008-02-18 11:15   d-------- C:\Documents and Settings\wwww\Application Data\Template 2008-02-17 20:50 . 2008-02-17 20:50   d-------- C:\WINDOWS\system32\Dell 2008-02-17 19:31 . 2008-02-17 19:31   d-------- C:\Program Files\Trend Micro 2008-02-17 18:23 . 2008-02-17 18:23   d-------- C:\Program Files\Dell 2008-02-17 17:50 . 2008-02-17 17:50 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-02-17 16:44 . 2008-02-17 16:44   d-------- C:\Program Files\Lavasoft 2008-02-17 16:44 . 2008-02-17 16:46   d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-17 16:11 . 2008-02-17 16:11   d-------- C:\Documents and Settings\wwww\Application Data\Yahoo! 2008-02-17 15:26 . 2008-02-17 15:26 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-02-17 15:25 . 2008-02-17 15:25   d-------- C:\Documents and Settings\All Users\Application Data\Rabio 2008-02-17 15:24 . 2008-02-17 17:06   d--hs---- C:\WINDOWS\Qm9iIFN1bGxlbmRlcg 2008-02-14 20:19 . 2008-02-17 15:47   d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-02-09 19:31 . 2004-08-04 02:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-02-09 19:31 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-18 03:57 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-02-17 23:51 --------- d-----w C:\Program Files\Windows Media Connect 22008-02-17 23:51 --------- d-----w C:\Program Files\Modem Helper2008-02-17 23:51 --------- d-----w C:\Program Files\Microsoft Works2008-02-17 23:51 --------- d-----w C:\Program Files\Microsoft LifeCam2008-02-17 22:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2008-02-12 18:33 --------- d-----w C:\Program Files\Dl_cats2008-01-05 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio2008-01-05 16:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Roxio2008-01-05 16:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio2008-01-05 16:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Research In Motion2008-01-05 16:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield2008-01-05 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic2008-01-05 15:58 --------- d-----w C:\Program Files\Common Files\Sonic Shared2008-01-05 15:56 --------- d-----w C:\Program Files\Common Files\Roxio Shared2008-01-05 15:55 --------- d-----w C:\Program Files\Roxio2008-01-05 15:43 --------- d-----w C:\Program Files\Common Files\Research In Motion2008-01-05 15:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop2008-01-05 15:42 --------- d-----w C:\Program Files\Research In Motion2008-01-03 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion2008-01-03 16:42 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\yahoo!2008-01-01 23:15 --------- d-----w C:\Program Files\CONEXANT2008-01-01 22:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel2007-12-31 22:38 --------- d-----w C:\Program Files\Comcast2007-12-31 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft2007-12-31 22:28 --------- d-----w C:\Program Files\support.com2007-12-31 22:28 --------- d-----w C:\Program Files\Common Files\SupportSoft2007-11-07 02:45 93,784 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT2007-01-30 23:53 3,820,104 ----a-w C:\Documents and Settings\Administrator\gosetup.exe2007-01-30 18:16 722,176 ----a-w C:\Documents and Settings\Administrator\gotomypc_428.exe2006-08-23 16:03 0 ---h--w C:\Program Files\AppUpdate.log2005-07-29 22:24 472 --sha-r C:\WINDOWS\Qm9iIFN1bGxlbmRlcg\kA62KIhYv3U5vAl5w0.vbs. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AECB71CE-0A0C-4B8E-FFB1-B8286854446E}]   C:\Program Files\MSN\qujaxiq805.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 01:56 15360]'Yahoo! Pager'='C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe' [2006-08-09 14:41 4617720]'PcSync'='C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe' [2006-04-11 16:52 1409024]'MsnMsgr'='C:\Program Files\MSN Messenger\msnmsgr.exe' [2007-01-19 12:54 5674352]'ISUSPM'='C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe' [2006-09-11 04:40 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2004-02-10 10:55 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2004-02-10 10:51 118784]'Microsoft Works Update Detection'='C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe' [2001-08-15 23:41 28738]'SunJavaUpdateSched'='C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe' [2005-11-10 12:03 36975]'SynTPLpr'='C:\Program Files\Synaptics\SynTP\SynTPLpr.exe' [2003-08-15 11:38 110592]'SynTPEnh'='C:\Program Files\Synaptics\SynTP\SynTPEnh.exe' [2003-08-15 11:37 618496]'WorksFUD'='C:\Program Files\Microsoft Works\wkfud.exe' [2001-10-04 19:34 24576]'VX3000'='C:\WINDOWS\vVX3000.exe' [2006-06-29 17:55 707376]'TkBellExe'='C:\Program Files\Common Files\Real\Update_OBealsched.exe' [2007-04-11 16:19 185896]'SmartDefrag'='C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe' [2007-07-27 20:39 3647656]'RoxWatchTray'='C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe' [2007-03-26 07:07 228088]'QuickTime Task'='C:\Program Files\QuickTime\qttask.exe' [2006-09-06 08:17 282624]'PCSuiteTrayApplication'='C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe' [2006-04-26 07:29 237568]'Microsoft Works Portfolio'='C:\Program Files\Microsoft Works\WksSb.exe' [2001-08-22 16:52 331830]'LifeCam'='C:\Program Files\Microsoft LifeCam\LifeExp.exe' [2006-06-29 17:54 269104]'iTunesHelper'='C:\Program Files\iTunes\iTunesHelper.exe' [ ]'ISUSScheduler'='C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' [2006-09-11 04:40 86960]'ISUSPM Startup'='C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe' [2006-09-11 04:40 218032]'GoToMyPC'='C:\Program Files\Citrix\GoToMyPC\g2svc.exe' [ ]'eFax 4.2'='C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe' [2006-07-14 14:36 107008]'dlccmon.exe'='C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe' [2005-07-22 14:03 425984]'ddoctorv2'='C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe' [2007-04-19 14:21 198184]'DLCCCATS'='C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll' [2005-06-07 13:38 69632] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe [2005-09-23 21:05:26 29696]Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 10:23:10 1404928]eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-10-19 11:08:48 612352]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-06 18:06:54 24633]NETGEAR WG511v2 Wireless Assistant.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2006-07-24 10:25:19 2238] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]'NoResolveSearch'= 1 (0x1) R2 MSCamSvc;MSCamSvc;'C:\Program Files\Microsoft LifeCam\MSCamSvc.exe' [2006-06-29 17:54]S3 bepprldr;BCL easyPDF SDK Loader;C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe [2005-11-11 22:03] .Contents of the 'Scheduled Tasks' folder'2008-02-19 16:50:00 C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1162918049.job'- C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe:-I'2008-02-22 03:04:59 C:\WINDOWS\Tasks\SmartDefrag.job'- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe.************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-21 21:04:07Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exeC:\Program Files\NETGEAR\WG511v2\wlancfg5.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\dlcccoms.exe.**************************************************************************.Completion time: 2008-02-21 21:10:32 - machine was rebootedComboFix-quarantined-files.txt  2008-02-22 03:10:23.2008-02-14 14:20:44 --- E O F ---

bamajim · Answer

Sleber1 Good work 1. Open NotePad (not wordpad). Copy and paste the following into Notepad File::C:\WINDOWS\system32\vbzip10.dllC:\Program Files\MSN\qujaxiq805.dllRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AECB71CE-0A0C-4B8E-FFB1-B8286854446E}] Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop Using the Image as a reference, drag CFScript into ComboFix.exe You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply 2. Rerun Hijackthis and post a freesh Hijackthis log as well Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

Sleber1 · Answer

And here is the new Hijack This log you requested..... Thanks again   Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:55:33 PM, on 2/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\vVX3000.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell Photo AIO Printer 924\dlccmon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\dlcccoms.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\NETGEAR\WG511v2\wlancfg5.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32
otepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] 'C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE' -quietO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\msnmsgr.exe' /backgroundO4 - HKCU\..\Run: [ISUSPM] 'C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe' -schedulerO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = ?O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cabO16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25833ebdb5e486697720/netzip/RdxIE601.cabO16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cabO16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.netministry.com/controlpanel/XUpload.ocxO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exeO23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe --End of file - 6793 bytes

Sleber1 · Answer

I guess Roll Tide is in order??? Thanks for all the help..... Here is the Combo Fix log after your instructions:

ComboFix 08-02-22 - wwww 2008-02-22 19:44:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.58 [GMT -6:00]
Running from: C:\Documents and Settings\wwww\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\wwww\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\MSN\qujaxiq805.dll
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 07:22 . 2008-02-22 07:22

d-------- C:\WINDOWS\LastGood
2008-02-22 07:22 . 2008-02-22 07:22 d-------- C:\OEMSettings
2008-02-22 07:22 . 2006-12-04 11:38 265,856 --a------ C:\WINDOWS\system32\drivers\WG511v2.sys
2008-02-22 07:21 . 2008-02-22 07:21 d-------- C:\Program Files\NETGEAR
2008-02-19 20:35 . 2008-02-19 20:35 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite
2008-02-19 20:35 . 2008-02-19 20:35 d-------- C:\Documents and Settings\Guest\Application Data\InstallShield
2008-02-19 15:22 . 2008-02-19 15:22 d-------- C:\Documents and Settings\wwww\Application Data\Research In Motion
2008-02-19 15:19 . 2008-02-19 15:20 d-------- C:\Documents and Settings\wwww\Application Data\PC Suite
2008-02-19 15:19 . 2008-02-19 15:19 d-------- C:\Documents and Settings\wwww\Application Data\InstallShield
2008-02-18 13:51 . 2008-02-18 13:51 d-------- C:\Documents and Settings\wwww\Application Data\AdobeUM
2008-02-18 11:15 . 2008-02-18 11:15 d-------- C:\Documents and Settings\wwww\Application Data\Template
2008-02-17 20:50 . 2008-02-17 20:50 d-------- C:\WINDOWS\system32\Dell
2008-02-17 19:31 . 2008-02-17 19:31 d-------- C:\Program Files\Trend Micro
2008-02-17 18:23 . 2008-02-17 18:23 d-------- C:\Program Files\Dell
2008-02-17 17:50 . 2008-02-17 17:50 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-17 16:44 . 2008-02-17 16:44 d-------- C:\Program Files\Lavasoft
2008-02-17 16:44 . 2008-02-17 16:46 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 16:11 . 2008-02-17 16:11 d-------- C:\Documents and Settings\wwww\Application Data\Yahoo!
2008-02-17 15:25 . 2008-02-17 15:25 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-17 15:24 . 2008-02-17 17:06 d--hs---- C:\WINDOWS\Qm9iIFN1bGxlbmRlcg
2008-02-14 20:19 . 2008-02-17 15:47 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-09 19:31 . 2004-08-04 02:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-09 19:31 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 13:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 13:09 --------- d-----w C:\Program Files\Libronix DLS
2008-02-22 13:07 --------- d-----w C:\Program Files\IObit
2008-02-22 13:06 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-02-17 23:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-17 23:51 --------- d-----w C:\Program Files\Modem Helper
2008-02-17 23:51 --------- d-----w C:\Program Files\Microsoft Works
2008-02-17 22:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 21:26 278,546 ----a-w C:\WINDOWS\Fonts\Setup.exe
2008-02-12 18:33 --------- d-----w C:\Program Files\Dl_cats
2008-01-05 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-05 16:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Roxio
2008-01-05 16:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-01-05 16:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-01-05 16:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-05 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-05 15:58 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-05 15:56 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-05 15:55 --------- d-----w C:\Program Files\Roxio
2008-01-05 15:43 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-01-05 15:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
2008-01-05 15:42 --------- d-----w C:\Program Files\Research In Motion
2008-01-03 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 16:42 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-01-01 23:15 --------- d-----w C:\Program Files\CONEXANT
2008-01-01 22:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel
2007-12-31 22:38 --------- d-----w C:\Program Files\Comcast
2007-12-31 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-31 22:28 --------- d-----w C:\Program Files\support.com
2007-12-31 22:28 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-07 02:45 93,784 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-01-30 23:53 3,820,104 ----a-w C:\Documents and Settings\Administrator\gosetup.exe
2007-01-30 18:16 722,176 ----a-w C:\Documents and Settings\Administrator\gotomypc_428.exe
2006-12-04 17:38 53,248 ----a-w C:\WINDOWS\inf\WG511v2\snetcfg .exe
2006-12-04 17:38 265,984 ----a-w C:\WINDOWS\inf\WG511v2\WG511v2XP.sys
2006-12-04 17:38 265,856 ----a-w C:\WINDOWS\inf\WG511v2\WG511v2.sys
2006-12-04 17:38 249,856 ----a-w C:\WINDOWS\inf\WG511v2\InsDrvlh.exe
2006-12-04 17:38 212,992 ----a-w C:\WINDOWS\inf\WG511v2\CopyWHQLDriver.exe
2006-12-04 17:38 21,376 ----a-w C:\WINDOWS\inf\WG511v2\wlndis51.sys
2006-08-23 16:03 0 ---h--w C:\Program Files\AppUpdate.log
2005-07-29 22:24 472 --sha-r C:\WINDOWS\Qm9iIFN1bGxlbmRlcg\kA62KIhYv3U5vAl5w0.vbs
.


----a-w            53,248 2006-12-04 17:38:30  C:\WINDOWS\inf\WG511v2\snetcfg .exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-08-09 14:41 4617720]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 16:52 1409024]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-10-19 11:08:48 612352]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-06 18:06:54 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

S3 bepprldr;BCL easyPDF SDK Loader;C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe [2005-11-11 22:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc2bd8c1-8a18-11dc-858c-000fb54c0792}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 16:50:00 C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1162918049.job"
- C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 19:48:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-22 19:50:51
ComboFix-quarantined-files.txt 2008-02-23 01:50:34
ComboFix2.txt 2008-02-22 03:10:33
.
2008-02-14 14:20:44 --- E O F ---

bamajim · Answer

Sleber1 You are most welcome I guess Roll Tide is in order??? That would be correct Let's take one more look Please perform an Ewido Online Malware Scan When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download. Click on Start Scan. after the scan completes i twill produce a log for you, copy and paste the results of that scan as a reply to this thread If any infections are found, (After you save the logfile), Click on Remove Infections. Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

Sleber1 · Answer

Here is the Fresh Hijackthis log you requested.....

Thanks again for all your help. I'm slippin up to Oxford, MS to watch the Rebs and Tide. I might give a small Roll Tide for you before the game tomorrow....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:42 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25833ebdb5e486697720/netzip/RdxIE601.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.netministry.com/controlpanel/XUpload.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 6388 bytes

bamajim · Answer

Sleber1

Good luck on your game.

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Disable and Enable System Restore

Lets create a clean System Restore point
the instructions are here

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of
Java Runtime Environment (JRE) 6.u4.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the " Download" button to the right.
Check the box that says: " Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.

Update your Anti Virus Software

Use and maintain a Firewall There is a list HERE

All of which are free

Download and install SiteHound by Firetrust for protection against malicious websites.

Pick the version that matches your browser

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basis

To a disc or a USB key, not your Hardrive

You may want to read this article" So how did I get infected in the first place" by Tony Klein

surf safe

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Virus & Spyware

Need some Help. Major Issues

Was this post helpful?