Iexplore.exe virus? Please HELP!

tharp68 · #1 5th Jan 2009, 21:31

I belivev I have the iexplore.exe virus on my computer. I have read and followed the instructions in the "Malware Removal Guide-Please Read Before Posting". Here are the logs requested. Any and all help will be appreciated.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/05/2009 at 10:52 PM
Application Version : 4.24.1004
Core Rules Database Version : 3696
Trace Rules Database Version: 1672
Scan type : Complete Scan
Total Scan Time : 01:18:28
Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 7000
Registry threats detected : 9
File items scanned : 77979
File threats detected : 13
Unclassified.Unknown Origin
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
Adware.Tracking Cookie
C:\Documents and Settings\Todd\Cookies\todd@doubleclick[1].txt
C:\Documents and Settings\Todd\Cookies\todd@tribalfusion[2].txt
C:\Documents and Settings\Todd\Cookies\todd@advertising[1].txt
Rogue.Component/Trace
HKLM\Software\Microsoft\30878094
HKLM\Software\Microsoft\30878094#30878094
HKLM\Software\Microsoft\30878094#Version
HKLM\Software\Microsoft\30878094#30872d14
HKLM\Software\Microsoft\30878094#308744f1
HKU\S-1-5-21-1512146236-750592805-3958468914-1006\Software\Microsoft\CS41275
HKU\S-1-5-21-1512146236-750592805-3958468914-1006\Software\Microsoft\FIAS4018
Malware.Installer-Pkg/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Malwarebytes' Anti-Malware 1.32
Database version: 1621
Windows 5.1.2600 Service Pack 3
1/5/2009 11:06:33 PM
mbam-log-2009-01-05 (23-06-33).txt
Scan type: Quick Scan
Objects scanned: 59085
Time elapsed: 6 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:04 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061014
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061014
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Todd"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/MC/ENU/VS40...0504175614.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/4.3.07.83/Control/IRCSharc.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aciweb.webex.com/client/T25L...rt/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.appraisalport.com/xport/activex/xupload.ocx
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL hlklex.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 12248 bytes
Problem may have been solved with steps in Removal Guide, but would rather you guys have a look.

Thanks!

**sjb007** · #2 6th Jan 2009, 02:10

Hi there

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.

---------------------------------------------------

Please include the contents of both in your next reply:

tharp68 · #3 6th Jan 2009, 08:37

Thanks for your reply. Here are the logs you requested. Hope they are what you need. Not too familiar with this process.

DDS (Version 1.1.0) - NTFSx86
Run by Todd at 10:27:07.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.509 [GMT -5:00]
AV: Total Protection Service *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090106-0] *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Documents and Settings\Todd\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.rr.com/flash/index.cfm
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061014
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\sw g.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [Washer] c:\program files\washer\washer.exe /0
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [LXCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCCtim e.dll,_RunDLLEntry@16
mRun: [lxccmon.exe] "c:\program files\lexmark 3300 series\lxccmon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\agent\Splash.exe"
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunServicesOnce: [washindex] c:\program files\washer\washidx.exe "Todd"
StartupFolder: c:\docume~1\todd\startm~1\programs\startup\ding!.l nk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado bea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dig ita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efa x43~1.lnk - c:\program files\efax messenger 4.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exi fla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sma rtw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.538.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL hlklex.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-5 111184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-1 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-5 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-5 352920]
R3 McShield;McShield;c:\progra~1\mcafee\manage~1\vsca n\McShield.exe [2007-2-1 144704]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2007-2-1 79304]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2007-2-1 35240]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-1-5 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-5 155160]
R4 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-2-9 14144]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2007-2-1 169280]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-13 29744]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-2-9 33832]
=============== Created Last 30 ================
2009-01-05 21:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-05 21:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-05 21:13 <DIR> --d----- c:\docume~1\todd\applic~1\Malwarebytes
2009-01-05 21:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-05 21:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 21:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 21:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-05 21:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-05 21:04 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-05 21:04 <DIR> --d----- c:\docume~1\todd\applic~1\SUPERAntiSpyware.com
2009-01-05 17:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-01-03 11:47 32,470 a------- C:\stream.bin
2008-12-26 18:32 <DIR> --d----- c:\docume~1\todd\applic~1\Libronix DLS
2008-12-26 18:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Libronix DLS
2008-12-26 18:32 <DIR> --d----- c:\program files\Libronix DLS
2008-12-09 00:10 <DIR> --d----- c:\program files\Amazon
==================== Find3M ====================
2009-01-02 20:58 4,880 a------- c:\docume~1\todd\applic~1\wklnhst.dat
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-04 19:31 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-07 14:23 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
============= FINISH: 10:27:46.87 ===============

DDS (Version 1.0)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/19/2006 6:19:22 PM
System Uptime: 1/6/2009 10:08:50 AM (0 hours ago)
Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 144 GiB total, 107.359 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP320: 1/4/2009 9:23:51 PM - System Checkpoint
RP321: 1/4/2009 9:23:52 PM - System Checkpoint
RP322: 1/4/2009 9:23:52 PM - System Checkpoint
RP323: 1/4/2009 9:23:52 PM - System Checkpoint
RP324: 1/4/2009 9:23:52 PM - System Checkpoint
RP325: 1/4/2009 9:23:53 PM - Software Distribution Service 3.0
RP326: 1/4/2009 9:23:53 PM - System Checkpoint
RP327: 1/4/2009 9:23:53 PM - System Checkpoint
RP328: 1/4/2009 9:23:53 PM - Software Distribution Service 3.0
RP329: 1/4/2009 9:23:53 PM - Software Distribution Service 3.0
RP330: 1/4/2009 9:23:53 PM - System Checkpoint
RP331: 1/4/2009 9:23:53 PM - System Checkpoint
RP332: 1/4/2009 9:23:54 PM - System Checkpoint
RP333: 1/4/2009 9:23:54 PM - System Checkpoint
RP334: 1/4/2009 9:23:54 PM - System Checkpoint
RP335: 1/4/2009 9:23:54 PM - System Checkpoint
RP336: 1/4/2009 9:23:54 PM - System Checkpoint
RP337: 1/4/2009 9:23:54 PM - System Checkpoint
RP338: 1/4/2009 9:23:54 PM - System Checkpoint
RP339: 1/4/2009 9:23:55 PM - System Checkpoint
RP340: 1/4/2009 9:23:55 PM - System Checkpoint
RP341: 1/4/2009 9:23:55 PM - Software Distribution Service 3.0
RP342: 1/4/2009 9:23:55 PM - System Checkpoint
RP343: 1/4/2009 9:23:55 PM - System Checkpoint
RP344: 1/4/2009 9:23:55 PM - System Checkpoint
RP345: 1/4/2009 9:23:56 PM - System Checkpoint
RP346: 1/4/2009 9:23:56 PM - System Checkpoint
RP347: 1/4/2009 9:23:56 PM - System Checkpoint
RP348: 1/4/2009 9:23:56 PM - System Checkpoint
RP349: 1/4/2009 9:23:56 PM - System Checkpoint
RP350: 1/4/2009 9:23:56 PM - System Checkpoint
RP351: 1/4/2009 9:23:57 PM - System Checkpoint
RP352: 1/4/2009 9:23:57 PM - System Checkpoint
RP353: 1/4/2009 9:23:57 PM - System Checkpoint
RP354: 1/4/2009 9:23:57 PM - System Checkpoint
RP355: 1/4/2009 9:23:57 PM - System Checkpoint
RP356: 1/4/2009 9:23:58 PM - System Checkpoint
RP357: 1/4/2009 9:23:58 PM - System Checkpoint
RP358: 1/4/2009 9:23:58 PM - System Checkpoint
RP359: 1/4/2009 9:23:58 PM - System Checkpoint
RP360: 1/4/2009 9:23:58 PM - Software Distribution Service 3.0
RP361: 1/4/2009 9:23:58 PM - System Checkpoint
RP362: 1/4/2009 9:23:59 PM - System Checkpoint
RP363: 1/4/2009 9:23:59 PM - System Checkpoint
RP364: 1/4/2009 9:23:59 PM - System Checkpoint
RP365: 1/4/2009 9:23:59 PM - System Checkpoint
RP366: 1/4/2009 9:23:59 PM - Software Distribution Service 3.0
RP367: 1/4/2009 9:23:59 PM - System Checkpoint
RP368: 1/4/2009 9:24:00 PM - System Checkpoint
RP369: 1/4/2009 9:24:00 PM - System Checkpoint
RP370: 1/4/2009 9:24:00 PM - Installed LibronixUpdate
RP371: 1/4/2009 9:24:00 PM - Installed Batch Update
RP372: 1/4/2009 9:24:00 PM - Installed Bible Data Type System Files
RP373: 1/4/2009 9:24:00 PM - Installed Common System Files
RP374: 1/4/2009 9:24:01 PM - Installed Graphical Query Editor
RP375: 1/4/2009 9:24:01 PM - Installed Libronix Digital Library System
RP376: 1/4/2009 9:24:01 PM - Installed Libronix DLS Application
RP377: 1/4/2009 9:24:01 PM - Installed Libronix DLS Shortcuts
RP378: 1/4/2009 9:24:01 PM - Installed LLS Resource Driver
RP379: 1/4/2009 9:24:01 PM - Installed OEB Resource Driver
RP380: 1/4/2009 9:24:01 PM - Installed PDF Resource Driver
RP381: 1/4/2009 9:24:01 PM - Installed Sentence Diagramming
RP382: 1/4/2009 9:24:02 PM - System Checkpoint
RP383: 1/4/2009 9:24:02 PM - System Checkpoint
RP384: 1/4/2009 9:24:02 PM - System Checkpoint
RP385: 1/4/2009 9:24:02 PM - System Checkpoint
RP386: 1/4/2009 9:24:08 PM - Last known good configuration
==== Installed Programs ======================
2006 SP5 Updates Setup
ABBYY FineReader 6.0 Sprint Plus
ACI Collection 32
Adobe Acrobat 7.0 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe SVG Viewer 6.0
Amazon MP3 Downloader 1.0.3
AOLIcon
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
AWC 2006
AWC 2006 Service Pack
AWC 2006 Service Pack2
AWC 2006 Service Pack3
AWC 2006 Service Pack4
AWC 2006 Service Pack5
Batch Update
Bible Data Type System Files
Bonjour
Broadcom Management Programs
CCleaner (remove only)
Common System Files
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Game Console
Dell Support 3.2
Dell System Restore
Digital Content Portal
Digital Line Detect
DING!
Documentation & Support Launcher
EducateU
eFax Messenger 4.3
ELIcon
FinePixViewer Ver.2.0
FUJIFILM USB Driver
Games, Music, & Photos Launcher
GemMaster Mystic
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Graphical Query Editor
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Internet Service Offers Launcher
iTunes
Java(TM) 6 Update 11
Learn2 Player (Uninstall Only)
Lexmark 3300 Series
Lexmark Fax Solutions
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LLS Resource Driver
Malwarebytes' Anti-Malware
McAfee Virus and Spyware Protection Service
MicroBase Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Works
Modem Diagnostic Tool
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
NETGEAR WG111 Software
NetWaiting
NVIDIA Drivers
OEB Resource Driver
Otto
PDF Resource Driver
QuickTime
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sentence Diagramming
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SUPERAntiSpyware Free Edition
Tiger Woods 99 PGA TOUR Golf
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
USPAP 2008-2009
Viewpoint Media Player
Wal-Mart Music Downloads Store
WebEx
WebFldrs XP
WildTangent Web Driver
Window Washer
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
1/4/2009 9:51:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
1/4/2009 9:50:30 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
1/4/2009 9:50:30 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/4/2009 9:50:30 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
1/4/2009 9:50:30 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service lxcc_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441066}
1/4/2009 9:50:30 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
1/4/2009 9:50:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/4/2009 9:18:45 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
1/3/2009 10:34:42 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000FB5716246. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/4/2009 10:58:14 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1916000, parameter2 00000002, parameter3 00000000, parameter4 f3981d50.
1/5/2009 5:10:25 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1a06000, parameter2 00000002, parameter3 00000000, parameter4 f3db6d50.
1/5/2009 5:11:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
1/5/2009 5:54:59 PM, error: Service Control Manager [7000] - The pxark service failed to start due to the following error: The system cannot find the file specified.
1/5/2009 6:04:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/5/2009 6:04:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/5/2009 6:05:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 6:05:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 6:05:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 6:05:30 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 6:05:30 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 6:05:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 6:05:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT nvatabus nvraid RasAcd Rdbss Tcpip
1/5/2009 6:05:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/5/2009 6:23:44 PM, error: Service Control Manager [7034] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 7:33:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/5/2009 7:43:40 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1ffa000, parameter2 00000002, parameter3 00000000, parameter4 f3a70d50.
1/5/2009 7:56:51 PM, error: Service Control Manager [7034] - The McAfee Virus and Spyware Protection Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:24:54 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
1/5/2009 11:14:50 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
1/5/2009 11:39:00 PM, error: Print [6161] - The document http://www.computer-juice.com/forums...-removal-guide- owned by Todd failed to print on printer Epson Stylus COLOR 740 ESC/P 2. Data type: NT EMF 1.008. Size of the spool file in bytes: 9843700. Number of bytes printed: 544968. Total number of pages in the document: 20. Number of pages printed: 1. Client machine: \\D69TKYB1. Win32 error code returned by the print processor: 1223 (0x4c7).
1/5/2009 11:41:19 PM, error: Print [6161] - The document http://www.computer-juice.com/forums...-removal-guide- owned by Todd failed to print on printer Epson Stylus COLOR 740 ESC/P 2. Data type: NT EMF 1.008. Size of the spool file in bytes: 9843700. Number of bytes printed: 689812. Total number of pages in the document: 20. Number of pages printed: 1. Client machine: \\D69TKYB1. Win32 error code returned by the print processor: 1223 (0x4c7).
1/6/2009 10:10:50 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================

**sjb007** · #4 6th Jan 2009, 16:38

Hi there tharp68

I am not seeing anything immediate in your log. What makes you thing you are infected? Are you experiencing any pop ups or odd system behaviour.

I do notice that you have 2 anti virus applications running, although this may seem like a sound idea to double your protection, you are actually putting your system at risk from conflicts and slowdowns as they fight for superiority. I would choose from just one from what you are running and uninstall the other.

Let run a scan at kaspersky...

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.
Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:

**Note**
To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the resulting log in your next reply

tharp68 · #5 6th Jan 2009, 19:02

I will follow your directions and post log when completed. Yes I was experiencing pop ups and odd behavour while connected to intrnet. It was slow and would shut down suddenly. The steps taken in the Removal guide might have cured the problem, but it suggested posting logs for you guys to see. Also, I noticed when connected to internet I have explore.exe and iexplore.exe running. Is this normal? Which anti-virus would you suggest I keep or is there another one you would suggest? The McAffee I have paid for already for my business, but would rather be safe than sorry if anothrt one is better. Thanks for your replies and help!

tharp68 · #6 6th Jan 2009, 20:53

Here is the log you requested. Once again thanks for your time and help.

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 6, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 07, 2009 00:14:31
Records in database: 1573922
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 81951
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:14:31

**sjb007** · #7 7th Jan 2009, 00:45

Hi there

Quote:

Also, I noticed when connected to internet I have explore.exe and iexplore.exe running.

These are legit operating system files and are nothing to worry about. All the logs I have seen suggest no malware is present on your machine, it looks like the steps you followed in the removal guide cured your problem.

Quote:

Which anti-virus would you suggest I keep

If you have paid for McAfee trhen I would stick with that.

Just your restore points left to flush out to preven t any re-infection. If you are still experiencing any problems or wish to ask any further questions then please feel free to post back.

Flush your restore points

Creating a new Restore Point:

Go to Start > All Programs > Accessories > System Tools > System Restore.
When the utility opens, select "Create a new restore point" and click Next
Name the restore point - something like "After infection cleaned" or "After cleaning"
Click Create.

Now delete the old Restore Points:
Go to Start > All Programs > Accessories > System Tools > Disk Cleanup. Click Ok.
Click the "More Options" tab.
Where it states "System Restore" - click Clean up.
All of the old Restore Points will be deleted EXCEPT for the one you just created.

Reboot your computer!

Now that you appear to be free from malware lets help you stay that way!

Update windows on a regular basis - If you do not have automatic updates enabled then

Visit Microsoft's Update Page and update your computer from there
Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions.
Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more infomration on firewalls read this article here

Make your Internet Explorer more secure - This can be done by following these simple instructions:

Open Internet Explorer, click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Safer Browsing
Use software such as Trendprotect or Sitehound to help you stay away from unsuspecting sites that have malicious purposes.
Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects)

Use an alternative browser
Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser.

Computer Maintenance
Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis.

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy and Adaware 2007 Free by Lavasoft can help you keep clear. These products are scan on demand and do not have active back ground scanning. These two products can be installed together without any complications.

Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) - Please note that this product can also be run as free without a licience but the background protection will not be active.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet.

-> So How Did I Get Infected In First Place - By TonyKlein
-> How to prevent Malware - By miekiemoes
-> I'm not pulling your leg, honest - By Sandi Hardmeie

Please acknoledge this post one more time so I can class this issue as resolved

tharp68 · #8 7th Jan 2009, 07:27

Thank you for your time helping me with this issue. I will follow your advice and instructions posted. Once again thank you.

**sjb007** · #9 7th Jan 2009, 16:33

Not a problem, only too glad to lend a hand

I will now discontinue monitoring this thread for replies. Should you require any further assistance please start a new topic in the relevant section of the forums

Good luck and happy safe surfing!