Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Desktop settings are frozen. Help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Desktop settings are frozen. Help.

Unread postby eriedel » February 5th, 2008, 12:41 am

We were having a lot of pop ups and slowing. Our Dell computer is set up so that each member of the family has his/her own desktop and user settings. My husband's desktop has become corrupted and we cannot change the desktop settings. Though his is the only one.

We did notice the other day that two icons installed themselves on each user's desktop - Help & support and Windows Update. I looked at the properties of these two icons and found that they refer to a website - "http://www.storageprotector.com/clean" with some other text that I can neither copy nor edit.

I discovered this forum yesterday and got combofix.exe and hijackthis.exe based on other threads that I read.

I hope you can help us.

Thanks,
Eileen Riedel

Here are my logs:

ComboFix 08-02.05.3 - Eileen Riedel 2008-02-04 20:01:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.542 [GMT -8:00]
Running from: C:\Documents and Settings\Eileen Riedel\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\knnienno.dll
C:\Documents and Settings\Ashley Riedel\Application Data\SpyGuardPro
C:\Documents and Settings\Ashley Riedel\Application Data\SpyGuardPro\Logs\threats.log
C:\Documents and Settings\Ashley Riedel\Application Data\SpyGuardPro\Logs\update.log
C:\Documents and Settings\Ashley Riedel\ResErrors.log
C:\Documents and Settings\Matthew Riedel\Application Data\install.dat
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\ppatch~1\??pPatch\
C:\Program Files\crosof~1.net
C:\Program Files\Hotbar
C:\Program Files\McAfee\SpamKiller\MskDetct.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\SpyGuardPro
C:\WINDOWS\system32\bbuigrkv.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dfhdbtcj.dll
C:\WINDOWS\system32\fvqvqtqh.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeby.exe
C:\WINDOWS\system32\gnvbnyru.dll
C:\WINDOWS\system32\hqtqvqvf.ini
C:\WINDOWS\system32\jmjrqtbo.ini
C:\WINDOWS\system32\knnienno.dll
C:\WINDOWS\system32\knnienno.dllbox
C:\WINDOWS\system32\kpcjnvxk.ini
C:\WINDOWS\system32\kxvnjcpk.dll
C:\WINDOWS\system32\lrygahgu.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pxxabuxa.dll
C:\WINDOWS\system32\rglorupm.dll
C:\WINDOWS\system32\sjvwrxys.dll
C:\WINDOWS\system32\sjvwrxys.dllbox
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini2

.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-04 19:51 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-04 00:00 . 2008-02-04 00:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-03 20:59 . 2008-02-03 20:59 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-02-03 20:53 . 2004-08-10 04:13 73,728 --a--c--- C:\WINDOWS\system32\dllcache\ehresja.dll
2008-02-03 20:53 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresko.dll
2008-02-03 20:53 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresfr.dll
2008-02-03 20:53 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresde.dll
2008-02-03 20:53 . 2004-08-10 04:13 61,440 --a--c--- C:\WINDOWS\system32\dllcache\ehreschs.dll
2008-02-03 20:51 . 2004-08-10 03:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-03 20:50 . 2004-08-10 03:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-03 20:48 . 2008-02-03 20:48 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-03 20:38 . 2004-08-10 03:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-02-03 20:38 . 2004-08-10 03:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-02-03 20:35 . 2008-02-03 20:35 <DIR> d-------- C:\Program Files\Sigmatel
2008-02-03 20:35 . 2005-03-22 21:20 339,968 --a------ C:\WINDOWS\stsystra.exe
2008-02-03 20:35 . 2005-03-22 02:22 143,441 --a------ C:\WINDOWS\system32\stac97.cpl
2008-02-03 20:35 . 2005-03-22 02:20 90,112 --a------ C:\WINDOWS\system32\stacapi.dll
2008-02-03 12:16 . 2008-02-03 12:16 <DIR> d-------- C:\WINDOWS\dell
2008-01-30 22:09 . 2008-01-30 22:09 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-01-30 20:46 . 2008-01-30 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno
2008-01-30 20:45 . 2008-01-30 20:45 <DIR> d-------- C:\Program Files\Winferno
2008-01-30 20:45 . 2006-10-09 12:28 835,584 --a------ C:\WINDOWS\system32\WINCTL4.OCX
2008-01-30 20:45 . 2006-10-09 13:06 495,616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL
2008-01-30 20:45 . 2006-05-17 08:40 393,216 --a------ C:\WINDOWS\system32\WINLCTL5.DLL
2008-01-30 19:35 . 2008-01-30 19:48 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-28 21:50 . 2008-01-28 22:05 <DIR> d-------- C:\Program Files\dbar
2008-01-28 08:05 . 2008-01-28 08:05 294 --ahs---- C:\WINDOWS\system32\ciwjmbwf.tmp
2008-01-28 08:05 . 2008-01-28 08:05 294 --ahs---- C:\WINDOWS\system32\ciwjmbwf.ini
2008-01-26 17:58 . 2008-01-26 17:59 <DIR> d-------- C:\Program Files\Print Workshop 2004
2008-01-26 17:57 . 2008-01-26 17:57 61 --a------ C:\WINDOWS\PrintWorkShop2004.ini
2008-01-19 17:59 . 2008-01-19 17:59 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-19 15:51 . 2008-01-19 15:51 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 15:51 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-19 15:43 . 2008-01-21 16:50 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-18 22:54 . 2008-01-18 22:54 <DIR> d-------- C:\Documents and Settings\Eileen Riedel\Application Data\iWinArcade
2008-01-12 14:48 . 2008-01-12 14:48 <DIR> d-------- C:\Documents and Settings\Evan Riedel\Application Data\Mattel
2008-01-06 14:27 . 2008-01-06 14:27 <DIR> d-------- C:\Documents and Settings\Evan Riedel\Saved Games
2008-01-06 14:25 . 2008-01-06 14:25 <DIR> d-------- C:\Documents and Settings\Evan Riedel\Application Data\iWin
2008-01-05 14:13 . 2008-01-19 23:02 <DIR> d-------- C:\Documents and Settings\Eileen Riedel\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 03:59 --------- d-----w C:\Program Files\Dl_cats
2008-02-05 03:58 --------- d-----w C:\Documents and Settings\Eileen Riedel\Application Data\SiteAdvisor
2008-02-04 07:53 --------- d-----w C:\Program Files\SiteAdvisor
2008-02-04 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-04 05:01 --------- d-----w C:\Program Files\Dell Photo AIO Printer 942
2008-01-31 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-31 03:47 --------- d-----w C:\Program Files\Coupons
2008-01-30 04:08 --------- d-----w C:\Documents and Settings\Evan Riedel\Application Data\SiteAdvisor
2008-01-29 07:39 --------- d-----w C:\Documents and Settings\Matthew Riedel\Application Data\SiteAdvisor
2008-01-28 17:51 --------- d-----w C:\Documents and Settings\Ashley Riedel\Application Data\SiteAdvisor
2008-01-27 01:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 02:09 --------- d-----w C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-01-26 01:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-21 23:31 --------- d-----w C:\Program Files\McAfee
2008-01-21 23:27 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-21 23:23 --------- d-----w C:\Program Files\Hasbro Interactive
2008-01-21 23:22 --------- d-----w C:\Program Files\Electronic Arts
2008-01-21 23:20 --------- d-----w C:\Program Files\GameHouse
2008-01-21 23:19 --------- d-----w C:\Program Files\Google
2008-01-21 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-20 21:15 --------- d-----w C:\Program Files\QuickTime
2008-01-20 07:32 --------- d-----w C:\Program Files\DellSupport
2008-01-19 06:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games
2008-01-02 19:11 --------- d-----w C:\Documents and Settings\Eileen Riedel\Application Data\iWin
2008-01-02 19:09 --------- d-----w C:\Documents and Settings\Eileen Riedel\Application Data\Media Center Programs
2007-12-31 02:47 --------- d-----w C:\Documents and Settings\Ashley Riedel\Application Data\Mattel
2007-12-31 01:46 --------- d-----w C:\Documents and Settings\Eileen Riedel\Application Data\Mattel
2007-12-31 01:45 --------- d-----w C:\Program Files\Mattel
2007-12-31 01:39 --------- d-----w C:\Documents and Settings\Ashley Riedel\Application Data\InstallShield
2007-12-29 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-12-29 21:24 --------- d-----w C:\Program Files\Dell Support Center
2007-12-29 21:24 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-12-29 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-15 06:21 --------- d-----w C:\Program Files\SSI
2007-12-15 04:39 --------- d-----w C:\Program Files\EA SPORTS
2007-12-06 07:00 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2007-12-06 06:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-06 06:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-06 06:56 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-06 06:55 --------- d-----w C:\Program Files\McAfee.com
2007-12-06 06:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-06 06:36 --------- d-----w C:\Program Files\PcTools
2007-12-06 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-06 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-12-06 06:14 --------- d-----w C:\Program Files\Dell
2007-12-06 05:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
.
Code: Select all
<pre>
----a-w            63,712 2008-01-20 01:59:09  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w            39,792 2008-01-20 01:59:10  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           221,184 2008-01-20 02:01:13  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           151,597 2008-01-20 01:59:16  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            16,384 2008-01-20 01:59:22  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w            68,856 2008-01-20 01:59:42  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            24,576 2008-01-20 01:59:24  C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray .exe
----a-w         1,111,552 2008-02-05 03:25:33  C:\Program Files\McAfee\SpamKiller\MskDetct .exe
----a-w           582,992 2008-01-21 02:01:25  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         1,694,208 2008-01-20 01:59:43  C:\Program Files\Messenger\msmsgs .exe
----a-w            53,248 2008-01-20 01:59:06  C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe
----a-w           135,168 2008-01-20 01:59:08  C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
----a-w           192,512 2008-01-20 01:59:08  C:\Program Files\Qwest\QuickCare\bin\sprtcmd .exe
----a-w            36,640 2008-01-20 01:59:21  C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w            15,360 2008-01-20 01:59:37  C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [ ]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [ ]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [ ]
"dbar_starter"="C:\Documents and Settings\Gregory Riedel\Application Data\Deskbar_{BBFCAE98-C35B-476b-8E4E-F55877D05649}\starter.exe" [ ]
"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [ ]
"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 21:20 339968 C:\WINDOWS\stsystra.exe]
"DLBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 18:47 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 03:00 53760 C:\WINDOWS\system32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-10 02:00 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhgde]
jkkhgde.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-08-05 18:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bm]
C:\Program Files\Common Files\SpyGuardPro\bm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a--c--- 2003-09-17 07:43 57344 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-05 22:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2005-02-23 13:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 01:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ELNKProxy]
C:\WINDOWS\surfmonkey\smproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
--a------ 2004-07-29 13:55 139264 C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2007-08-18 03:12 394576 C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a--c--- 2004-06-10 13:51 60928 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a--c--- 2004-11-11 07:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-28 22:39 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-08-08 12:37 204845 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2003-11-19 14:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugac]
C:\PROGRA~1\COMMON~1\SPYGUA~1\ugac.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-10 22:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 03:00]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-07-07 00:16:17 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 09:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-02-04 04:56:53 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 20:12:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGEN~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-02-04 20:16:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-05 04:16:04
.
2008-02-04 08:50:13 --- E O F ---


HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:15 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGEN~1.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/m ... earch.html
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Gregory Riedel\Application Data\Deskbar_{BBFCAE98-C35B-476b-8E4E-F55877D05649}\starter.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v ... b31267.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/pl ... taller.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O20 - Winlogon Notify: jkkhgde - jkkhgde.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O24 - Desktop Component 1: (no name) - https://exmail.oregonstate.edu/exchange ... f?attach=1

--
End of file - 10251 bytes
eriedel
Active Member
 
Posts: 3
Joined: February 4th, 2008, 2:15 pm
Advertisement
Register to Remove

Re: Desktop settings are frozen. Help.

Unread postby Simon V. » February 6th, 2008, 7:24 am

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

Your Java software is out of date. Follow these instructions to update it:

  • Go to Start and click on Control Panel, then double-click on Add or Remove Programs.
  • Search for previously installed versions of Java (J2SE Runtime Environment), and remove it. It should have this icon next to it: Image
  • Then download and install Java Runtime Environment (JRE) 6 Update 4.

Step 2

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

Code: Select all
File::

C:\WINDOWS\system32\ciwjmbwf.tmp
C:\WINDOWS\system32\ciwjmbwf.ini

Folder::

C:\WINDOWS\system32\nGpxx01

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhgde]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ELNKProxy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

RenV::

----a-w            63,712 2008-01-20 01:59:09  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w            39,792 2008-01-20 01:59:10  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           221,184 2008-01-20 02:01:13  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           151,597 2008-01-20 01:59:16  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            16,384 2008-01-20 01:59:22  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w            68,856 2008-01-20 01:59:42  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            24,576 2008-01-20 01:59:24  C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray .exe
----a-w         1,111,552 2008-02-05 03:25:33  C:\Program Files\McAfee\SpamKiller\MskDetct .exe
----a-w           582,992 2008-01-21 02:01:25  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         1,694,208 2008-01-20 01:59:43  C:\Program Files\Messenger\msmsgs .exe
----a-w            53,248 2008-01-20 01:59:06  C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe
----a-w           135,168 2008-01-20 01:59:08  C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
----a-w           192,512 2008-01-20 01:59:08  C:\Program Files\Qwest\QuickCare\bin\sprtcmd .exe
----a-w            36,640 2008-01-20 01:59:21  C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w            15,360 2008-01-20 01:59:37  C:\WINDOWS\system32\ctfmon .exe


Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Image

Referring to the picture above, drag CFScript into ComboFix.exe.
It will create a log. Be sure to save it to a convenient location.

Step 3

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:

    • Click on the Malwarebytes' Anti-Malware icon to launch the program.
    • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open.

Step 4

In your next reply, please post:

  • the Combofix log (C:\Combofix.txt)
  • the Malwarebytes' Anti-Malware reoprt
  • a new HijackThis log
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Desktop settings are frozen. Help.

Unread postby eriedel » February 6th, 2008, 11:44 pm

When I did the Combofix on the new CFScript.txt file, a couple of program installations failed - including the Microsoft Office service pack. I have never been able to get this to install. Don't know why.


Here's the Combofix log:

ComboFix 08-02.05.3 - Gregory Riedel 2008-02-06 19:17:51.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT -8:00]
Running from: C:\Documents and Settings\Gregory Riedel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gregory Riedel\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\ciwjmbwf.ini
C:\WINDOWS\system32\ciwjmbwf.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ciwjmbwf.ini
C:\WINDOWS\system32\ciwjmbwf.tmp
C:\WINDOWS\system32\nGpxx01

.
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 19:15 . 2008-02-06 19:15 <DIR> d-------- C:\Program Files\Java
2008-02-06 19:15 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-06 19:13 . 2008-02-06 19:13 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-06 19:11 . 2008-02-06 19:11 <DIR> d-------- C:\Program Files\Sun
2008-02-05 17:17 . 2008-02-05 20:10 <DIR> d-------- C:\Documents and Settings\Gregory Riedel\SecurityScans
2008-02-05 17:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-05 17:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-04 21:50 . 2008-02-04 21:50 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-02-04 21:37 . 2004-08-10 03:00 388,608 --a------ C:\kmd.exe
2008-02-04 20:25 . 2008-02-04 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-04 19:51 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-04 00:00 . 2008-02-04 00:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-03 20:59 . 2008-02-03 20:59 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-02-03 20:53 . 2004-08-10 04:13 73,728 --a--c--- C:\WINDOWS\system32\dllcache\ehresja.dll
2008-02-03 20:53 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresko.dll
2008-02-03 20:53 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresfr.dll
2008-02-03 20:53 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresde.dll
2008-02-03 20:53 . 2004-08-10 04:13 61,440 --a--c--- C:\WINDOWS\system32\dllcache\ehreschs.dll
2008-02-03 20:51 . 2004-08-10 03:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-03 20:50 . 2004-08-10 03:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-03 20:48 . 2008-02-03 20:48 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-03 20:48 . 2008-02-03 20:48 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-03 20:38 . 2004-08-10 03:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-02-03 20:38 . 2004-08-10 03:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-02-03 20:35 . 2008-02-03 20:35 <DIR> d-------- C:\Program Files\Sigmatel
2008-02-03 20:35 . 2005-03-22 21:20 339,968 --a------ C:\WINDOWS\stsystra.exe
2008-02-03 20:35 . 2005-03-22 02:22 143,441 --a------ C:\WINDOWS\system32\stac97.cpl
2008-02-03 20:35 . 2005-03-22 02:20 90,112 --a------ C:\WINDOWS\system32\stacapi.dll
2008-02-03 12:16 . 2008-02-03 12:16 <DIR> d-------- C:\WINDOWS\dell
2008-01-30 22:09 . 2008-01-30 22:09 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-01-30 20:46 . 2008-01-30 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno
2008-01-30 20:45 . 2008-01-30 20:45 <DIR> d-------- C:\Program Files\Winferno
2008-01-30 20:45 . 2006-10-09 12:28 835,584 --a------ C:\WINDOWS\system32\WINCTL4.OCX
2008-01-30 20:45 . 2006-10-09 13:06 495,616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL
2008-01-30 20:45 . 2006-05-17 08:40 393,216 --a------ C:\WINDOWS\system32\WINLCTL5.DLL
2008-01-30 19:35 . 2008-01-30 19:48 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-28 21:50 . 2008-01-28 22:05 <DIR> d-------- C:\Program Files\dbar
2008-01-26 17:58 . 2008-01-26 17:59 <DIR> d-------- C:\Program Files\Print Workshop 2004
2008-01-26 17:57 . 2008-01-26 17:57 61 --a------ C:\WINDOWS\PrintWorkShop2004.ini
2008-01-25 22:07 . 2008-01-25 22:07 <DIR> d-------- C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft
2008-01-19 15:51 . 2008-01-19 15:51 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 15:51 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-12 14:48 . 2008-01-12 14:48 <DIR> d-------- C:\Documents and Settings\Evan Riedel\Application Data\Mattel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-07 03:13 --------- d-----w C:\Documents and Settings\Gregory Riedel\Application Data\SiteAdvisor
2008-02-07 02:11 --------- d-----w C:\Documents and Settings\Ashley Riedel\Application Data\SiteAdvisor
2008-02-06 05:11 --------- d-----w C:\Program Files\Dl_cats
2008-02-04 07:53 --------- d-----w C:\Program Files\SiteAdvisor
2008-02-04 05:01 --------- d-----w C:\Program Files\Dell Photo AIO Printer 942
2008-01-31 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-31 03:47 --------- d-----w C:\Program Files\Coupons
2008-01-30 04:08 --------- d-----w C:\Documents and Settings\Evan Riedel\Application Data\SiteAdvisor
2008-01-29 07:39 --------- d-----w C:\Documents and Settings\Matthew Riedel\Application Data\SiteAdvisor
2008-01-27 01:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 02:09 --------- d-----w C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-01-26 01:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-21 23:31 --------- d-----w C:\Program Files\McAfee
2008-01-21 23:27 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-21 23:23 --------- d-----w C:\Program Files\Hasbro Interactive
2008-01-21 23:22 --------- d-----w C:\Program Files\Electronic Arts
2008-01-21 23:20 --------- d-----w C:\Program Files\GameHouse
2008-01-21 23:19 --------- d-----w C:\Program Files\Google
2008-01-21 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-20 21:15 --------- d-----w C:\Program Files\QuickTime
2008-01-20 07:32 --------- d-----w C:\Program Files\DellSupport
2008-01-19 06:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games
2008-01-06 22:25 --------- d-----w C:\Documents and Settings\Evan Riedel\Application Data\iWin
2008-01-01 04:41 --------- d-----w C:\Documents and Settings\Gregory Riedel\Application Data\Mattel
2007-12-31 02:47 --------- d-----w C:\Documents and Settings\Ashley Riedel\Application Data\Mattel
2007-12-31 01:45 --------- d-----w C:\Program Files\Mattel
2007-12-31 01:39 --------- d-----w C:\Documents and Settings\Ashley Riedel\Application Data\InstallShield
2007-12-29 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-12-29 21:24 --------- d-----w C:\Program Files\Dell Support Center
2007-12-29 21:24 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-12-29 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-15 06:21 --------- d-----w C:\Program Files\SSI
2007-12-15 04:39 --------- d-----w C:\Program Files\EA SPORTS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-19 17:59 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-19 17:59 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Uaol"="C:\PROGRA~1\COMMON~1\PPATCH~1\svchost.exe" [ ]
"Isyqvcgf"="C:\Program Files\??crosoft.NET\?canregw.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" [ ]
"WinUpdater"="C:\Program Files\winvi\update.exe" [ ]
"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2008-01-19 17:59 192512]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-01-19 18:01 221184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-19 17:59 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-01-20 18:01 582992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 17:59 151597]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" [2008-02-04 19:25 1111552]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2008-01-19 17:59 36640]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-01-19 17:59 16384]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2008-01-19 17:59 24576]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [ ]
"dbar_starter"="C:\Documents and Settings\Gregory Riedel\Application Data\Deskbar_{BBFCAE98-C35B-476b-8E4E-F55877D05649}\starter.exe" [ ]
"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [ ]
"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 21:20 339968 C:\WINDOWS\stsystra.exe]
"DLBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 18:47 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 03:00 53760 C:\WINDOWS\system32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-10 02:00 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-08-05 18:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bm]
C:\Program Files\Common Files\SpyGuardPro\bm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a--c--- 2003-09-17 07:43 57344 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-05 22:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2005-02-23 13:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 01:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
--a------ 2004-07-29 13:55 139264 C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2007-08-18 03:12 394576 C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a--c--- 2004-06-10 13:51 60928 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a--c--- 2004-11-11 07:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-28 22:39 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-08-08 12:37 204845 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugac]
C:\PROGRA~1\COMMON~1\SPYGUA~1\ugac.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-10 22:00 90112 C:\WINDOWS\UpdReg.EXE

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 03:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fb32349-6201-11da-8247-00123fac1c93}]
\Shell\AutoRun\command - K:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-07-07 00:16:17 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 09:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-02-07 02:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 19:22:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-02-06 19:27:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 03:27:19
ComboFix2.txt 2008-02-07 02:49:44
ComboFix3.txt 2008-02-05 05:28:14
ComboFix4.txt 2008-02-05 04:16:08
.
2008-02-06 06:43:33 --- E O F ---



Heres the malwarebytes log

Malwarebytes' Anti-Malware 1.02
Database version: 323

Scan type: Quick Scan
Objects scanned: 31653
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50 (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\1201588892.reg (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\backup.bin (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\ExcludeList.aro (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\results.aro (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups\00000001.rmb (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups\00000001.rmi (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
c:\documents and settings\Matthew Riedel\favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\Ashley Riedel\favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gregory Riedel\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.


And the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:44 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Gregory Riedel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iglide.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Gregory Riedel\Application Data\Deskbar_{BBFCAE98-C35B-476b-8E4E-F55877D05649}\starter.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\PPATCH~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Isyqvcgf] "C:\Program Files\??crosoft.NET\?canregw.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2190899281
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v ... b31267.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/pl ... taller.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11151 bytes
eriedel
Active Member
 
Posts: 3
Joined: February 4th, 2008, 2:15 pm

Re: Desktop settings are frozen. Help.

Unread postby Simon V. » February 7th, 2008, 7:41 am

Hi :)

Open HijackThis, perform a scan and put a check next to the following items (if present):

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\PPATCH~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Isyqvcgf] "C:\Program Files\??crosoft.NET\?canregw.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present <-- Only fix this line if you or your administrator haven't set any restrictions to Internet Explorer.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <-- Only fix this line if you or your administrator haven't set any restrictions to Internet Explorer.

Close all programs except HijackThis and click on Fix checked.

In your next reply, please let me know how your computer is currently running.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Desktop settings are frozen. Help.

Unread postby eriedel » February 8th, 2008, 1:48 am

Hi Simon,

My computer is running much faster and the desktop properties are changable again and I don't have anymore popups.

Windows Update, however, does not work. All custom and express installations fail. It seems I have to download and install each update individually. I installed Microsof Baseline Security Analyzer and installed most of the updates from that.

Unfortunately, there are two updates that start to install and fail. One is the Office2003 SP3 update. The other is the Security Update for Microsoft .NET Framework, Version 1.0 Service Pack 3 (KB930494).

When I try to install Office 2003 SP3 I get the following errors:

Error 2908 - An internal error has occured ({A1FE0698-609D-400F-BF10-F52238DD675})
There are three options: Abort, Retry, Ignore. If I press ignore, I get another error 2908, but with different numbers/letters in the brackets. If I keep pressing "Ignore", it starts to install, but then puts up a final error:

Error 1935 and my only option is to back out of the installation.

With the Microsoft .NET Framework service pack, it gets halfway through the installation and says there was an error and reverses the installation.

Do you have any idea what would cause these problems?

Thanks,
Eileen
eriedel
Active Member
 
Posts: 3
Joined: February 4th, 2008, 2:15 pm

Re: Desktop settings are frozen. Help.

Unread postby Simon V. » February 8th, 2008, 4:56 am

Hi :)

Windows Update, however, does not work.

I'm afraid that Windows Update problems aren't my cup of tea. There are forums that specialize in general computer problems that will probably be able to help you. You can ask help at the WhatTheTech forums: http://forums.whatthetech.com/Microsoft ... _f119.html

First register and post like you did here, explaining your problem (do not post a HijackThis log, as your malware issues should be resolved), add a link to this topic as well. There are some excellent people over there that will be able to help you better than I can.

I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Desktop settings are frozen. Help.

Unread postby Gary R » February 12th, 2008, 3:47 pm

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware