Cannot open any program from desktop icons or open files from jump drive...VIRUS

[C-Train]

And here is my most recent hijackthis log and I ran it while the Roxio Media Manager was trying to install in hopes hijackthis would give you something to work with....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:33 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [realtray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [isusscheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [intelwireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hotkeyscmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dvdlauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dell quickset] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [act! preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [pcmservice] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [isuspm] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [dellsupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [picasa media detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [searching] Search from the Address bar
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227318588125
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10333 bytes


Please let me know what you come up with.....

[C-Train]

And lastly here is the ComboFix.txt..........

ComboFix 08-11-22.02 - Kris Maurer 2008-11-23 10:44:00.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.73 [GMT -5:00]
Running from: c:\documents and settings\Kris Maurer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kris Maurer\Desktop\CFScript.txt

FILE ::
c:\windows\system32\bszip.dll
c:\windows\system32\fnts~1\wucrtupd.exe
.

(((((((((((((((((((((((((   Files Created from 2008-10-23 to 2008-11-23  )))))))))))))))))))))))))))))))
.

2008-11-22 16:51 .    <DIR>      c:\windows\LastGood.Tmp
2008-11-21 21:35 . 2008-11-21 21:35   <DIR>   d--------   c:\windows\system32\scripting
2008-11-21 21:35 . 2008-11-21 21:35   <DIR>   d--------   c:\windows\system32\en
2008-11-21 21:35 . 2008-11-21 21:35   <DIR>   d--------   c:\windows\system32\bits
2008-11-21 21:35 . 2008-11-21 21:35   <DIR>   d--------   c:\windows\l2schemas
2008-11-21 21:33 . 2008-11-21 21:36   <DIR>   d--------   c:\windows\ServicePackFiles
2008-11-21 21:25 . 2008-11-21 21:25   <DIR>   d--------   c:\windows\EHome
2008-11-21 21:22 . 2008-08-14 05:04   138,496   -----c---   c:\windows\system32\dllcache\afd.sys
2008-11-21 21:20 . 2008-04-13 19:12   712,704   ---------   c:\windows\system32\windowscodecs.dll
2008-11-21 21:20 . 2008-04-13 19:12   346,112   ---------   c:\windows\system32\windowscodecsext.dll
2008-11-21 21:20 . 2008-04-13 19:12   276,992   ---------   c:\windows\system32\wmphoto.dll
2008-11-21 21:20 . 2008-04-13 19:12   69,120   ---------   c:\windows\system32\wlanapi.dll
2008-11-21 21:18 . 2008-04-13 19:11   1,888,992   ---------   c:\windows\system32\ati3duag.dll
2008-11-21 21:17 . 2008-06-13 06:05   272,128   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-11-21 21:08 . 2008-09-15 07:12   1,846,400   -----c---   c:\windows\system32\dllcache\win32k.sys
2008-11-21 21:08 . 2008-09-08 05:41   333,824   -----c---   c:\windows\system32\dllcache\srv.sys
2008-11-21 20:57 . 2008-08-14 05:11   2,189,184   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-21 20:57 . 2008-08-14 05:09   2,145,280   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-21 20:57 . 2008-08-14 04:33   2,066,048   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-21 20:57 . 2008-08-14 04:33   2,023,936   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-21 20:56 . 2008-10-24 06:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-21 20:54 . 2008-09-04 12:15   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-11-21 20:54 . 2008-04-11 14:04   691,712   -----c---   c:\windows\system32\dllcache\inetcomm.dll
2008-11-21 20:54 . 2008-10-15 11:34   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-11-21 20:54 . 2008-05-01 09:33   331,776   -----c---   c:\windows\system32\dllcache\msadce.dll
2008-11-21 18:32 . 2008-11-21 18:32   <DIR>   d--------   C:\VundoFix Backups
2008-11-20 22:36 . 2008-11-20 22:36   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-11-20 22:36 . 2008-10-22 16:10   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-20 22:36 . 2008-10-22 16:10   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-11-20 22:31 . 2008-11-20 22:31   <DIR>   d--------   c:\program files\Trend Micro
2008-11-20 21:29 . 2008-11-20 21:29   <DIR>   d--------   c:\documents and settings\Kris Maurer\Application Data\Malwarebytes
2008-11-20 21:29 . 2008-11-20 21:29   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-20 16:58 . 2008-11-20 16:58   <DIR>   d--------   c:\documents and settings\Kris Maurer\DoctorWeb
2008-11-20 16:51 . 2005-02-15 15:02   163,840   --a------   c:\windows\system32\igfxres.dll
2008-11-20 16:43 . 2008-04-13 19:11   156,672   --a--c---   c:\windows\system32\dllcache\winzm.ime
2008-11-20 16:43 . 2008-04-13 19:11   156,672   --a--c---   c:\windows\system32\dllcache\winsp.ime
2008-11-20 16:43 . 2008-04-13 19:11   156,672   --a--c---   c:\windows\system32\dllcache\winpy.ime
2008-11-20 16:43 . 2008-04-13 19:11   65,536   --a--c---   c:\windows\system32\dllcache\winime.ime
2008-11-20 16:43 . 2004-08-12 09:10   28,288   --a--c---   c:\windows\system32\dllcache\xjis.nls
2008-11-20 16:41 . 2004-08-12 08:58   1,875,968   --a--c---   c:\windows\system32\dllcache\msir3jp.lex
2008-11-20 16:40 . 2008-04-13 19:09   13,463,552   --a--c---   c:\windows\system32\dllcache\hwxjpn.dll
2008-11-20 16:39 . 2004-08-12 08:56   195,618   --a--c---   c:\windows\system32\dllcache\c_10002.nls
2008-11-20 16:36 . 2008-11-20 16:36   749   -rah-----   c:\windows\WindowsShell.Manifest
2008-11-20 16:36 . 2008-11-20 16:36   749   -rah-----   c:\windows\system32\wuaucpl.cpl.manifest
2008-11-20 16:36 . 2008-11-20 16:36   749   -rah-----   c:\windows\system32\sapi.cpl.manifest
2008-11-20 16:36 . 2008-11-20 16:36   749   -rah-----   c:\windows\system32\ncpa.cpl.manifest
2008-11-20 16:36 . 2008-11-20 16:36   488   -rah-----   c:\windows\system32\logonui.exe.manifest
2008-11-20 16:35 . 2004-08-12 08:58   16,384   --a--c---   c:\windows\system32\dllcache\isignup.exe
2008-11-20 16:22 . 2004-08-12 09:06   24,661   --a------   c:\windows\system32\spxcoins.dll
2008-11-20 16:22 . 2004-08-12 09:06   24,661   --a--c---   c:\windows\system32\dllcache\spxcoins.dll
2008-11-20 16:22 . 2004-08-12 08:58   13,312   --a------   c:\windows\system32\irclass.dll
2008-11-20 16:22 . 2004-08-12 08:58   13,312   --a--c---   c:\windows\system32\dllcache\irclass.dll
2008-11-20 16:21 . 2004-08-12 09:06   1,042,903   --a--c---   c:\windows\system32\dllcache\SP2.CAT
2008-11-20 16:21 . 2004-08-12 09:02   797,189   --a--c---   c:\windows\system32\dllcache\NT5IIS.CAT
2008-11-20 16:21 . 2004-08-12 08:59   399,645   --a--c---   c:\windows\system32\dllcache\MAPIMIG.CAT
2008-11-20 16:21 . 2004-08-12 09:01   37,484   --a--c---   c:\windows\system32\dllcache\MW770.CAT
2008-11-20 16:21 . 2004-08-12 08:57   13,472   --a--c---   c:\windows\system32\dllcache\HPCRDP.CAT
2008-11-20 16:21 . 2004-08-12 08:57   8,574   --a--c---   c:\windows\system32\dllcache\IASNT4.CAT
2008-11-20 16:21 . 2004-08-12 09:11   7,710   --a--c---   c:\windows\system32\dllcache\OEMBIOS.CAT
2008-11-20 16:21 . 2004-08-12 09:09   7,334   --a--c---   c:\windows\system32\dllcache\wmerrenu.cat
2008-11-20 11:08 . 2008-11-20 11:08   <DIR>   d--------   c:\windows\dell
2008-11-20 11:08 . 2008-11-20 21:18   527,921,152   --a------   c:\windows\MEMORY.DMP
2008-11-20 10:15 . 2008-11-20 12:15   <DIR>   d--------   c:\program files\CleanUp!
2008-11-19 15:53 . 2008-11-19 15:53   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\InstallShield
2008-11-14 16:56 . 2008-11-20 22:49   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-11-14 16:53 . 2008-11-20 16:25   4,128   --a------   C:\INFCACHE.1

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 23:28   ---------   d-----w   c:\documents and settings\All Users\Application Data\Google Updater
2008-11-15 03:55   ---------   d-----w   c:\program files\Common Files\Scanner
2008-11-15 02:38   ---------   d-----w   c:\program files\Windows Media Connect 2
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-05-04 00:04   56   --sh--r   c:\windows\system32\42F52BF3EA.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-11-22_11.09.34.87   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-22 16:21:49   32,768   ----a-r   c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2007-07-31 00:19:46   203,096   -c--a-w   c:\windows\system32\dllcache\wuweb.dll
+ 2008-07-19 03:09:44   205,000   -c--a-w   c:\windows\system32\dllcache\wuweb.dll
- 2008-11-22 15:50:44   1,786   --sha-w   c:\windows\system32\KGyGaAvL.sys
+ 2008-11-23 15:49:33   1,786   --sha-w   c:\windows\system32\KGyGaAvL.sys
- 2007-05-08 19:03:04   1,275,392   ----a-w   c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
- 2007-07-31 00:19:46   203,096   ----a-w   c:\windows\system32\wuweb.dll
+ 2008-07-19 03:09:44   205,000   ----a-w   c:\windows\system32\wuweb.dll
+ 2008-11-23 15:48:35   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_584.dat
+ 2008-09-30 21:42:08   1,286,152   ----a-w   c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12   91,656   ----a-w   c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 68856]
"isuspm"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"dellsupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"sunjavaupdatesched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"realtray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-07 26112]
"quicktime task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-07-13 169264]
"ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"isusscheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"isuspm startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"intelwireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"dvdlauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"dell quickset"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"act! preloader"="c:\program files\ACT\ACT for Windows\Act8.exe" [2006-04-05 1015808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-07 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Yahoo! Autosync.lnk
backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcmservice]
--a------ 2004-04-11 20:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picasa media detector]
--a------ 2008-02-25 20:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 Maxtor Sync Service;Maxtor Service;"c:\program files\Maxtor\Sync\SyncServices.exe" [2007-07-13 156976]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-11-02 24652]
S1 8a0dfb28;8a0dfb28;c:\windows\system32\drivers\8a0dfb28.sys []
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 []
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe []

2007-10-18 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 10:48:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
.
**************************************************************************
.
Completion time: 2008-11-23 10:57:36 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-23 15:57:05
ComboFix2.txt  2008-11-22 16:10:45

Pre-Run: 17,798,598,656 bytes free
Post-Run: 17,781,473,280 bytes free

226   --- E O F ---   2008-11-22 16:21:50

[CBMatt]

Well, everything appears to check out.  You will, of course, want to run regular virus scans, but there are no longer any obvious signs of infection.  As for this Roxio installer...it's a bit hard to say exactly what is going on.  Your logs show traces of Roxio existing in some form and it looks like you either had Roxio installed at one point or you stopped it in the middle of installation (probably the latter).  I could be wrong, but it's possible that your registry is confusing the computer and making it want to install Roxio.  For starters, let's try disabling the InstallShield updater from running at startup, as well as the Roxio entries in your log.  Scan with HijackThis (without a log) and place checkmarks next to these entries:

O4 - HKLM\..\Run: [isusscheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [isuspm] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)

Close all other windows and click Fix Checked.  While you're at it, check C:\Program Files and C:\Program Files\Common Files for any Roxio folders.  If you find them, delete them.  You should then download CCleaner (without the Yahoo! toolbar) and use it to clean out files and broken registry entries.

You may even want to open up the Windows search function and perform a search (you may need to view hidden files and folders) for "roxio" and delete everything related to the program.  If you're uncertain, leave it alone.  Keep in mind that I'm assuming you are not using any Roxio products, which is why I'm having you delete everything related.

Once you've done everything, restart and cross your fingers.  If the problem persists, you may want to contact Roxio.  There are viruses that will try to run the installer, but I've never seen one that acts quite like this, so I suspect that it isn't malicious.

[C-Train]

CBMatt,

All looks good and computer is back to normal operation.  Your help has been awsome and I will be in touch soon, I have a friends computer to work on around Christmas and I sounds like it is in similar shape

Thanks again,

C-Train

[CBMatt]

Great, I'm glad to hear that things are running smoothly again.  And I'll be happy to help you out with the other computer if you need me.  Take care.