Solve : Cannot open any program from desktop icons or open files from – InterviewSolution

InterviewSolution

1.	Solve : Cannot open any program from desktop icons or open files from jump drive...VIRUS?
Answer» And here is my most recent hijackthis log and I ran it while the Roxio Media Manager was trying to install in hopes hijackthis would give you something to work with.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:15:33 PM, on 11/23/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\RUN: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [realtray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [isusscheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [isuspm startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [intelwireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [hotkeyscmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [dvdlauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [dell quickset] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [act! preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning O4 - HKLM\..\Run: [pcmservice] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [isuspm] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [dellsupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [picasa media detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [searching] Search from the Address bar O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227318588125 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing) O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing) O23 - Service: McAfee PROXY Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing) O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10333 bytes Please let me know what you come up with.....And lastly here is the ComboFix.txt.......... ComboFix 08-11-22.02 - Kris Maurer 2008-11-23 10:44:00.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.73 [GMT -5:00] Running from: c:\documents and settings\Kris Maurer\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kris Maurer\Desktop\CFScript.txt FILE :: c:\windows\system32\bszip.dll c:\windows\system32\fnts~1\wucrtupd.exe . ((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 ))))))))))))))))))))))))))))))) . 2008-11-22 16:51 . c:\windows\LastGood.Tmp 2008-11-21 21:35 . 2008-11-21 21:35d--------c:\windows\system32\scripting 2008-11-21 21:35 . 2008-11-21 21:35d--------c:\windows\system32\en 2008-11-21 21:35 . 2008-11-21 21:35d--------c:\windows\system32\bits 2008-11-21 21:35 . 2008-11-21 21:35d--------c:\windows\l2schemas 2008-11-21 21:33 . 2008-11-21 21:36d--------c:\windows\ServicePackFiles 2008-11-21 21:25 . 2008-11-21 21:25d--------c:\windows\EHome 2008-11-21 21:22 . 2008-08-14 05:04138,496-----c---c:\windows\system32\dllcache\afd.sys 2008-11-21 21:20 . 2008-04-13 19:12712,704---------c:\windows\system32\windowscodecs.dll 2008-11-21 21:20 . 2008-04-13 19:12346,112---------c:\windows\system32\windowscodecsext.dll 2008-11-21 21:20 . 2008-04-13 19:12276,992---------c:\windows\system32\wmphoto.dll 2008-11-21 21:20 . 2008-04-13 19:1269,120---------c:\windows\system32\wlanapi.dll 2008-11-21 21:18 . 2008-04-13 19:111,888,992---------c:\windows\system32\ati3duag.dll 2008-11-21 21:17 . 2008-06-13 06:05272,128-----c---c:\windows\system32\dllcache\bthport.sys 2008-11-21 21:08 . 2008-09-15 07:121,846,400-----c---c:\windows\system32\dllcache\win32k.sys 2008-11-21 21:08 . 2008-09-08 05:41333,824-----c---c:\windows\system32\dllcache\srv.sys 2008-11-21 20:57 . 2008-08-14 05:112,189,184-----c---c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-21 20:57 . 2008-08-14 05:092,145,280-----c---c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-21 20:57 . 2008-08-14 04:332,066,048-----c---c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-21 20:57 . 2008-08-14 04:332,023,936-----c---c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-21 20:56 . 2008-10-24 06:21455,296-----c---c:\windows\system32\dllcache\mrxsmb.sys 2008-11-21 20:54 . 2008-09-04 12:151,106,944-----c---c:\windows\system32\dllcache\msxml3.dll 2008-11-21 20:54 . 2008-04-11 14:04691,712-----c---c:\windows\system32\dllcache\inetcomm.dll 2008-11-21 20:54 . 2008-10-15 11:34337,408-----c---c:\windows\system32\dllcache\netapi32.dll 2008-11-21 20:54 . 2008-05-01 09:33331,776-----c---c:\windows\system32\dllcache\msadce.dll 2008-11-21 18:32 . 2008-11-21 18:32d--------C:\VundoFix Backups 2008-11-20 22:36 . 2008-11-20 22:36d--------c:\program files\Malwarebytes' Anti-Malware 2008-11-20 22:36 . 2008-10-22 16:1038,496--a------c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-20 22:36 . 2008-10-22 16:1015,504--a------c:\windows\system32\drivers\mbam.sys 2008-11-20 22:31 . 2008-11-20 22:31d--------c:\program files\Trend Micro 2008-11-20 21:29 . 2008-11-20 21:29d--------c:\documents and settings\Kris Maurer\Application Data\Malwarebytes 2008-11-20 21:29 . 2008-11-20 21:29d--------c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-20 16:58 . 2008-11-20 16:58d--------c:\documents and settings\Kris Maurer\DoctorWeb 2008-11-20 16:51 . 2005-02-15 15:02163,840--a------c:\windows\system32\igfxres.dll 2008-11-20 16:43 . 2008-04-13 19:11156,672--a--c---c:\windows\system32\dllcache\winzm.ime 2008-11-20 16:43 . 2008-04-13 19:11156,672--a--c---c:\windows\system32\dllcache\winsp.ime 2008-11-20 16:43 . 2008-04-13 19:11156,672--a--c---c:\windows\system32\dllcache\winpy.ime 2008-11-20 16:43 . 2008-04-13 19:1165,536--a--c---c:\windows\system32\dllcache\winime.ime 2008-11-20 16:43 . 2004-08-12 09:1028,288--a--c---c:\windows\system32\dllcache\xjis.nls 2008-11-20 16:41 . 2004-08-12 08:581,875,968--a--c---c:\windows\system32\dllcache\msir3jp.lex 2008-11-20 16:40 . 2008-04-13 19:0913,463,552--a--c---c:\windows\system32\dllcache\hwxjpn.dll 2008-11-20 16:39 . 2004-08-12 08:56195,618--a--c---c:\windows\system32\dllcache\c_10002.nls 2008-11-20 16:36 . 2008-11-20 16:36749-rah-----c:\windows\WindowsShell.Manifest 2008-11-20 16:36 . 2008-11-20 16:36749-rah-----c:\windows\system32\wuaucpl.cpl.manifest 2008-11-20 16:36 . 2008-11-20 16:36749-rah-----c:\windows\system32\sapi.cpl.manifest 2008-11-20 16:36 . 2008-11-20 16:36749-rah-----c:\windows\system32\ncpa.cpl.manifest 2008-11-20 16:36 . 2008-11-20 16:36488-rah-----c:\windows\system32\logonui.exe.manifest 2008-11-20 16:35 . 2004-08-12 08:5816,384--a--c---c:\windows\system32\dllcache\isignup.exe 2008-11-20 16:22 . 2004-08-12 09:0624,661--a------c:\windows\system32\spxcoins.dll 2008-11-20 16:22 . 2004-08-12 09:0624,661--a--c---c:\windows\system32\dllcache\spxcoins.dll 2008-11-20 16:22 . 2004-08-12 08:5813,312--a------c:\windows\system32\irclass.dll 2008-11-20 16:22 . 2004-08-12 08:5813,312--a--c---c:\windows\system32\dllcache\irclass.dll 2008-11-20 16:21 . 2004-08-12 09:061,042,903--a--c---c:\windows\system32\dllcache\SP2.CAT 2008-11-20 16:21 . 2004-08-12 09:02797,189--a--c---c:\windows\system32\dllcache\NT5IIS.CAT 2008-11-20 16:21 . 2004-08-12 08:59399,645--a--c---c:\windows\system32\dllcache\MAPIMIG.CAT 2008-11-20 16:21 . 2004-08-12 09:0137,484--a--c---c:\windows\system32\dllcache\MW770.CAT 2008-11-20 16:21 . 2004-08-12 08:5713,472--a--c---c:\windows\system32\dllcache\HPCRDP.CAT 2008-11-20 16:21 . 2004-08-12 08:578,574--a--c---c:\windows\system32\dllcache\IASNT4.CAT 2008-11-20 16:21 . 2004-08-12 09:117,710--a--c---c:\windows\system32\dllcache\OEMBIOS.CAT 2008-11-20 16:21 . 2004-08-12 09:097,334--a--c---c:\windows\system32\dllcache\wmerrenu.cat 2008-11-20 11:08 . 2008-11-20 11:08d--------c:\windows\dell 2008-11-20 11:08 . 2008-11-20 21:18527,921,152--a------c:\windows\MEMORY.DMP 2008-11-20 10:15 . 2008-11-20 12:15d--------c:\program files\CleanUp! 2008-11-19 15:53 . 2008-11-19 15:53d--------c:\documents and settings\Administrator\Application Data\InstallShield 2008-11-14 16:56 . 2008-11-20 22:49d--------c:\program files\Common Files\Wise Installation Wizard 2008-11-14 16:53 . 2008-11-20 16:254,128--a------C:\INFCACHE.1 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-21 23:28---------d-----wc:\documents and settings\All Users\Application Data\Google Updater 2008-11-15 03:55---------d-----wc:\program files\Common Files\Scanner 2008-11-15 02:38---------d-----wc:\program files\Windows Media Connect 2 2008-10-24 11:21455,296----a-wc:\windows\system32\drivers\mrxsmb.sys 2008-05-04 00:0456--sh--rc:\windows\system32\42F52BF3EA.sys . ((((((((((((((((((((((((((((( [emailprotected]_11.09.34.87 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-22 16:21:4932,768----a-rc:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe - 2007-07-31 00:19:46203,096-c--a-wc:\windows\system32\dllcache\wuweb.dll + 2008-07-19 03:09:44205,000-c--a-wc:\windows\system32\dllcache\wuweb.dll - 2008-11-22 15:50:441,786--sha-wc:\windows\system32\KGyGaAvL.sys + 2008-11-23 15:49:331,786--sha-wc:\windows\system32\KGyGaAvL.sys - 2007-05-08 19:03:041,275,392----a-wc:\windows\system32\msxml4.dll + 2008-09-30 21:43:341,286,152----a-wc:\windows\system32\msxml4.dll - 2007-07-31 00:19:46203,096----a-wc:\windows\system32\wuweb.dll + 2008-07-19 03:09:44205,000----a-wc:\windows\system32\wuweb.dll + 2008-11-23 15:48:3516,384----atwc:\windows\temp\Perflib_Perfdata_584.dat + 2008-09-30 21:42:081,286,152----a-wc:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-09-30 21:45:1291,656----a-wc:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 68856] "isuspm"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "dellsupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568] "sunjavaupdatesched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] "realtray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-07 26112] "quicktime task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-07-13 169264] "ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952] "isusscheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "isuspm startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032] "intelwireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648] "hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976] "dvdlauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "dell quickset"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "act! preloader"="c:\program files\ACT\ACT for Windows\Act8.exe" [2006-04-05 1015808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-07 24576] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Yahoo! Autosync.lnk backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs] --------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcmservice] --a------ 2004-04-11 20:15 290816 c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picasa media detector] --a------ 2008-02-25 20:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RoxWatch9"=2 (0x2) "RoxLiveShare9"=2 (0x2) "Roxio Upnp Server 9"=2 (0x2) "Roxio UPnP Renderer 9"=3 (0x3) "MSK80Service"=2 (0x2) "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"= "%windir%\\system32\\sessmgr.exe"= R2 Maxtor Sync Service;Maxtor Service;"c:\program files\Maxtor\Sync\SyncServices.exe" [2007-07-13 156976] R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 [] R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-11-02 24652] S1 8a0dfb28;8a0dfb28;c:\windows\system32\drivers\8a0dfb28.sys [] S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 [] . Contents of the 'Scheduled Tasks' folder 2008-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-07-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [] 2007-10-18 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 10:48:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(980) c:\program files\Intel\Wireless\Bin\LgNotify.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\msiexec.exe c:\program files\Apoint\ApntEx.exe c:\windows\system32\msiexec.exe c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe . ********************************************************************** . Completion time: 2008-11-23 10:57:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-23 15:57:05 ComboFix2.txt 2008-11-22 16:10:45 Pre-Run: 17,798,598,656 bytes free Post-Run: 17,781,473,280 bytes free 226--- E O F ---2008-11-22 16:21:50 Well, everything appears to check out. You will, of course, want to run regular virus scans, but there are no longer any obvious signs of infection. As for this Roxio installer...it's a bit hard to say exactly what is going on. Your logs show traces of Roxio existing in some form and it looks like you either had Roxio installed at one point or you stopped it in the middle of installation (probably the latter). I could be wrong, but it's possible that your registry is confusing the computer and making it want to install Roxio. For starters, let's try disabling the InstallShield updater from running at startup, as well as the Roxio entries in your log. Scan with HijackThis (without a log) and place checkmarks next to these entries: O4 - HKLM\..\Run: [isusscheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [isuspm startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [isuspm] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing) Close all other windows and click Fix Checked. While you're at it, check C:\Program Files and C:\Program Files\Common Files** for any Roxio folders. If you find them, delete them. You should then download CCleaner (without the Yahoo! toolbar) and use it to clean out files and broken registry entries. You may even want to open up the Windows search function and perform a search (you may need to view hidden files and folders) for "roxio" and delete everything related to the program. If you're uncertain, leave it alone. Keep in mind that I'm assuming you are not using any Roxio products, which is why I'm having you delete everything related. Once you've done everything, restart and cross your fingers. If the problem persists, you may want to CONTACT Roxio. There are viruses that will try to run the installer, but I've never seen one that acts quite like this, so I suspect that it isn't malicious.CBMatt, All looks good and computer is back to normal operation. Your help has been AWSOME and I will be in touch soon, I have a friends computer to work on around Christmas and I sounds like it is in similar shape Thanks again, C-TrainGreat, I'm glad to hear that things are running SMOOTHLY again. And I'll be happy to help you out with the other computer if you need me. Take care.

Discussion

No Comment Found

Related InterviewSolutions