Sorry, I didn't get to finish this last night.
Your ISP is AT&T, is that right?
Malware can get in the System Restore points, but that would have shown up probably in SAS. I will take you through a troubleshooting for that later.
Credits to kritius:
P2P Warning!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Napster, RoxLiveShare,
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
I'd like you to read the Guidelines for P2P Programs (
http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs
HERE.
I would recommend that you uninstall Napster and RoxiLiveShare, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
Please disable this service while we're cleaning:
Start> Run> services.msc> right click on RoxLiveShare> Properties> change Startup type to Disable> Stop the Service.
Take the following off of Startup:
Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK processes for both Napster and Roxio> Apply> OK> Reboot> NOTE: Ignore the nag message that comes up and close it after checking 'don't show this message again.' Stay in Selective Startup.
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
You have a Linksys router:
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
But the Active X Object file is either not loading or missing:
This is what you have:
[/b]O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}[/b]
This is what it should be:
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) -
http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
(Personal System Administrator Control)
I suggest you reconfigure the router.
I note you are using Yahoo DSL, but there are still AOL dial-up files being loaded. They should be removed.
Please disable TeaTimer as previously requested, then do a full system scan with McAfee (update before the scan) Save the log and attach it to next reply.
Listing of HP entries usually found on Startup: NONE need to start on boot and can be started manually as needed:
http://www.sysinfo.org/startuplist.php?letter=H&filter=&count=50&offset=150
(there are 2 pgs. of entries!)
HP\Digital Imaging
Smart Web Printing
hpswp_printenhancer.dll
Smart Web Printing\hpswp_BHO.dll
HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update\HPWuSchd2.exe
Taskbar Utility] hpztsb08.exe
Digital Imaging\bin\hpqSRMon.exe>> Related to HP digital imaging products. Unsure as to what it does.
Digital Imaging\bin\hpqtra08.exe>> hp digital imaging monitor>> can be started manually
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\YS561401.CAB
[0] Archive type: CAB (Microsoft)
--> F345_spcplui.dll.>>>>
harrythompson.com >> ringtones, wallpapers, games, and java apps in your Sprint Nextel or Boost Mobile Iden phone.
This, like 3D cursors, wallpaper for desktop and backgrounds can be a source for malware. Considering removing it.
DAEMON Tools Virtual Drive Manager could not be opened for the scan. This is configured to be the very first driver to load when system starts; may cause instability.Consider removing.
I am not seeing the source of the redirect. I was hoping SDFix would be enough.
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Screen shots:
http://www.geekstogo.com/forum/Otscanit-log-sent-here-other-post-t192642.html
Rescan with HJT when through and attach new log and Combofix report.