Tommybsgirl

Last week, I was experiencing problems with my DSL where I wasn't able to keep a connection for more than 2 minutes at a time. After shutting down and trying to reboot, my desktop came back up with no icons and no taskbar. I was able to go into Task Manager and run explorer.exe and regain the desktop icons and taskbar. The Verizon rep. came to repair the DSL and unfortunately shut down the computer. We weren't able to get the desktop back. He reinstalled Windows XP with the SP1. I have tried to download SP2 and 3 and I only receive the following error message(s). iesetup.exe - Entry Point not found and then below it it reads "The procedure entry point decodepointer could not be located in the dynamic link library KERNAL32.dll. The same message appears under a pop up error message titled Ybrowser.exe and also AXWINframe.window:ybrowser.exe. Please not too terribly technical. I know enough to get by and I can make my way through this, but I'm not on your level. I ran a scan and detected a trojan called Spy-Agent.bw!mem. I tried to go into McAfee's site (which I have a subscription for) and download the instructions for removal, but I guess the virus won't allow me to click on some links on the page. It just doesn't respond. Thanks for any input and advice.

Here are the results of the scan:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 20:03:39.67 on Fri 07/17/2009
Internet Explorer: 6.0.2800.1106

============== Pseudo HJT Report ===============

uStart Page = hxxp://verizon.my.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://verizon.my.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = https://verizon.edit.client.yahoo.com/verizon/run_once
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
mWinlogon: userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\progra~1\yahoo!\common\YIeTagBm.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
EB: Verizon Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [Sonic RecordNow!]
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeper.exe" /0
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE
mRun: [VerizonServicepoint.exe] c:\program files\verizon\servicepoint\VerizonServicepoint.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [BearShare] "c:\program files\bearshare\BearShare.exe" /pause
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-us\local\search.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158423452921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5433/mcfscan.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/verizonyahoo/TrueInstallVerizonYahoo.exe
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-13 20:43 <DIR> --d----- c:\windows\system32\Dell
2009-07-13 13:09 674,816 ac------ c:\windows\system32\dllcache\sxs.dll
2009-07-13 13:09 82,432 ac------ c:\windows\system32\dllcache\fldrclnr.dll
2009-07-13 13:09 674,816 a------- c:\windows\system32\sxs.dll
2009-07-13 13:09 82,432 a------- c:\windows\system32\fldrclnr.dll
2009-07-11 08:17 17,408 ac------ c:\windows\system32\dllcache\qmgrprxy.dll
2009-07-11 08:17 17,408 a------- c:\windows\system32\qmgrprxy.dll
2009-07-11 08:17 7,680 -c------ c:\windows\system32\dllcache\bitsprx2.dll
2009-07-11 08:17 7,168 -c------ c:\windows\system32\dllcache\bitsprx3.dll
2009-07-11 08:17 361,984 ac------ c:\windows\system32\dllcache\qmgr.dll
2009-07-11 08:17 331,776 ac------ c:\windows\system32\dllcache\winhttp.dll
2009-07-11 08:17 331,776 a------- c:\windows\system32\winhttp.dll
2009-07-11 08:08 <DIR> --d----- C:\DECCHECK
2009-07-11 07:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-07-10 19:14 444 a------- c:\windows\system32\d3d8caps.dat
2009-07-10 19:11 155,648 a------- c:\windows\system32\igfxres.dll
2009-07-10 19:05 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-07-10 18:47 150,016 ac------ c:\windows\system32\dllcache\winzm.ime
2009-07-10 18:45 229,439 ac------ c:\windows\system32\dllcache\multibox.dll
2009-07-10 18:44 108,827 ac------ c:\windows\system32\dllcache\hanja.lex
2009-07-10 18:43 2,134,528 ac------ c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-07-10 18:34 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-07-10 18:33 24,576 ac------ c:\windows\system32\dllcache\msader15.dll
2009-07-10 18:32 272,896 ac------ c:\windows\system32\dllcache\pinball.exe
2009-07-10 18:31 1,172,992 ac------ c:\windows\system32\dllcache\comsvcs.dll
2009-07-10 18:30 5,888 a------- c:\windows\system32\drivers\splitter.sys
2009-07-10 18:30 50,048 a------- c:\windows\system32\drivers\DMusic.sys
2009-07-10 18:30 24,960 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-10 18:29 14,208 a------- c:\windows\system32\drivers\usbscan.sys
2009-07-10 18:29 56,576 a------- c:\windows\system32\drivers\redbook.sys
2009-07-10 18:27 38,024 a------- c:\windows\system32\drivers\termdd.sys
2009-07-10 18:24 1,086,182 a----r-- c:\windows\SETD7.tmp
2009-07-07 14:39 <DIR> --dsh--- c:\windows\system32\twain_32
2009-07-07 14:38 67,584 a------- c:\windows\system32\AC.tmp
2009-06-18 22:57 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-07-10 18:33 22,720 a------- c:\windows\system32\emptyregdb.dat
2008-01-01 15:19 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-12-17 13:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121720081218\index.dat
2009-03-02 09:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030220090303\index.dat

============= FINISH: 20:10:16.09 ===============

Attached Files

Attach.zip (2.3 KB, 1 views)

Tommybsgirl

Am I still doing something wrong? I don't know how to post this for a reply. Thanks.