I'm having severe issues with Vundo, Iexplorer constantly running

[daver23]

http://virusscan.jotti.org/en/scanresult/f8a3fee43501ca4b2637ac884cf3e85d4644fbae

If I did this wrong let me know. I was a little confused by the directions on this one at first.  Nothing was found here..i'm unsure why nothing is being found since the iexplorer.exe keeps popping up all the time.

[daver23]

The Security Check log

 Results of screen317's Security Check version 0.99.25 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 26 
 Java(TM) 7 Update 1 
 Java(TM) 6 Update 7 
 Java 2 Runtime Environment, SE v1.4.2_03
 Out of date Java installed!
 Adobe Flash Player    11.0.1.152 
 Adobe Reader X (10.1.1)
 Mozilla Firefox (Player..)
 Mozilla Thunderbird (1.5.0) Thunderbird Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************************
The Security Check shows that you don't have an anti-virus program installed. Did you remove AVG? If you did, I would suggest that you install MSE from MicroSoft

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
******************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[daver23]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F88C8000
Module End: F88D7000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: BA654000
Module End: BA66C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA7D2000
Module End: BA7D4000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F6F89000
Module End: F6F91000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F8E06000
Module End: F8E08000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: ED6DD640
Driver Base: ED6D3000
Driver End: ED6F5000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

[daver23]

Here's a fresher Hijack This log.   Iexplorer.exe is still loading without permission.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.insightbb.com;localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7889 bytes

[SuperDave]

I still see no evidence of an anti-virus program. Please install one and then run the Security Check again and post the log.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.insightbb.com;localhost
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O24 - Desktop Component 0: (no name) - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*******************************************************
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

[daver23]

Well Insightbb.com is my internet provider.  If I check that from hijack this will it screw up my internet service?
Here's the log for the Process Explorer log

Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Command Line
System Idle Process   0   76.56   0 K   16 K         
System   4   4.69   0 K   28 K         
 Interrupts   n/a   < 0.01   0 K   0 K   Hardware Interrupts and DPCs      
 smss.exe   572      168 K   40 K   Windows NT Session Manager   Microsoft Corporation   \SystemRoot\System32\smss.exe
  csrss.exe   636      1,708 K   1,712 K   Client Server Runtime Process   Microsoft Corporation   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
  winlogon.exe   660      6,664 K   1,348 K   Windows NT Logon Application   Microsoft Corporation   winlogon.exe
   services.exe   704      1,776 K   1,376 K   Services and Controller app   Microsoft Corporation   C:\WINDOWS\system32\services.exe
    svchost.exe   896      3,608 K   1,472 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k DcomLaunch
     iexplore.exe   3368   17.19   82,632 K   86,232 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding
     wmiprvse.exe   2748      2,876 K   4,936 K   WMI   Microsoft Corporation   C:\WINDOWS\system32\wbem\wmiprvse.exe
    svchost.exe   964      1,960 K   1,476 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k rpcss
    MsMpEng.exe   1060      168,084 K   40,872 K   Antimalware Service Executable   Microsoft Corporation   "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
    svchost.exe   1140      17,524 K   9,760 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k netsvcs
     wuauclt.exe   3440      2,188 K   252 K   Windows Update   Microsoft Corporation   "C:\WINDOWS\system32\wuauclt.exe"
    svchost.exe   1244      2,376 K   80 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe   1560      11,220 K   1,832 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k NetworkService
    svchost.exe   1712      1,472 K   924 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
    LEXBCES.EXE   1836      1,240 K   80 K   LexBce Service   Lexmark International, Inc.   C:\WINDOWS\system32\LEXBCES.EXE
     LEXPPS.EXE   1916      992 K   380 K   LEXPPS.EXE   Lexmark International, Inc.   LEXPPS.EXE
    spoolsv.exe   1860      3,936 K   616 K   Spooler SubSystem App   Microsoft Corporation   C:\WINDOWS\system32\spoolsv.exe
    svchost.exe   468      1,308 K   52 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
    SASCore.exe   560      604 K   108 K   Core Service   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
    FreeAgentService.exe   600      3,864 K   144 K   Sync Windows Services   Seagate Technology LLC   "C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
    svchost.exe   1028      3,408 K   364 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    jqs.exe   1188      2,036 K   1,400 K   Java(TM) Quick Starter Service   Oracle Corporation   "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
    KodakCCS.exe   1208      784 K   40 K   Kodak DC Ring 3 Conduit (Win32)   Eastman Kodak Company   C:\WINDOWS\system32\drivers\KodakCCS.exe
    ScsiAccess.EXE   1516      312 K   44 K         C:\WINDOWS\system32\ScsiAccess.EXE
    sprtsvc.exe   2232      2,676 K   544 K   SupportSoft Agent Service   SupportSoft, Inc.   "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /p dellsupportcenter
    svchost.exe   2316      2,404 K   304 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k imgsvc
    alg.exe   3120      1,168 K   116 K   Application Layer Gateway Service   Microsoft Corporation   C:\WINDOWS\System32\alg.exe
    svchost.exe   1652      2,176 K   116 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k HPZ12
   lsass.exe   716   1.56   3,972 K   2,136 K   LSA Shell (Export Version)   Microsoft Corporation   C:\WINDOWS\system32\lsass.exe
   taskmgr.exe   2616      1,356 K   1,972 K   Windows TaskManager   Microsoft Corporation   taskmgr.exe
explorer.exe   1388      40,176 K   19,672 K   Windows Explorer   Microsoft Corporation   C:\WINDOWS\Explorer.EXE
 hkcmd.exe   3604      632 K   348 K   hkcmd Module   Intel Corporation   "C:\WINDOWS\system32\hkcmd.exe"
 igfxpers.exe   3648      652 K   356 K   persistence Module   Intel Corporation   "C:\WINDOWS\system32\igfxpers.exe"
 DMXLauncher.exe   3700      636 K   360 K         "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
 DLACTRLW.EXE   3768      1,068 K   592 K   Drive Letter Access Component   Sonic Solutions   "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
 hpwuSchd2.exe   3796      576 K   256 K   Hewlett-Packard Product Assistant   Hewlett-Packard Co.   "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
 sprtcmd.exe   3824      8,944 K   812 K   Dell Support Center Updates   SupportSoft, Inc.   "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
 stxmenumgr.exe   3848      1,080 K   516 K   FreeAgent™ Launcher   Seagate LLC   "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
 jusched.exe   4004      776 K   44 K   Java(TM) Update Scheduler   Sun Microsystems, Inc.   "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 msseces.exe   4040      5,820 K   456 K   Microsoft Security Client User Interface   Microsoft Corporation   "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
 DSAgnt.exe   4080      9,144 K   3,976 K   Dell Support   Gteko Ltd.   "C:\Program Files\DellSupport\DSAgnt.exe" /startup
 GA311.exe   224      2,356 K   1,228 K   NETGEAR GA311 Configuration Utility      "C:\Program Files\NETGEAR GA311 Adapter\GA311.exe"
 firefox.exe   3220      114,724 K   81,636 K   Firefox   Mozilla Corporation   "C:\Program Files\Mozilla Firefox\firefox.exe"
  plugin-container.exe   2192      19,136 K   5,688 K   Plugin Container for Firefox   Mozilla Corporation   "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=3220.c3cd300.914513784 "C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" - -greomni "C:\Program Files\Mozilla Firefox\omni.jar" 3220 "\\.\pipe\gecko-crash-server-pipe.3220" plugin
 procexp.exe   3572      9,704 K   13,752 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Documents and Settings\David L\Desktop\ProcessExplorer\procexp.exe"
hpqste08.exe   2220      3,328 K   456 K   HP CUE Status Root   Hewlett-Packard Co.   "C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C4200 series#1245018428" -Startup
SUPERANTISPYWARE.EXE   2180      138,952 K   552 K   SUPERAntiSpyware Application   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /UPDATERESULTS:""
spotify.exe   3732      50,408 K   32,036 K   Spotify   Spotify Ltd   "C:\Documents and Settings\David L\Application Data\Spotify\Spotify.exe" /LOWERELEVATION -ld 4242
ctfmon.exe   3468      920 K   2,488 K   CTF Loader   Microsoft Corporation   ctfmon.exe

[SuperDave]

If I check that from hijack this will it screw up my internet service?

It shouldn't affect it.

i'm unsure why nothing is being found since the iexplorer.exe keeps popping up all the time.

Please explain this or post a screenshot.
I'm still waiting for the log from Security Check.
How to post screenshots or images

[daver23]

 Results of screen317's Security Check version 0.99.25 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 26 
 Java(TM) 7 Update 1 
 Java(TM) 6 Update 7 
 Java 2 Runtime Environment, SE v1.4.2_03
 Out of date Java installed!
 Adobe Flash Player    11.0.1.152 
 Adobe Reader X (10.1.1)
 Mozilla Firefox (Player..)
 Mozilla Thunderbird (1.5.0) Thunderbird Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Microsoft Security Client Antimalware MsMpEng.exe 
``````````End of Log````````````



Well the iexplore.exe just keeps popping up in windows task manager no matter how many times I end the process. That's been the whole problem.   Searches are still re-directing also.  I use mozilla firefox and the searches are re-directing on there also.  I don't really use internet explorer for anything, however this virus or whatever it is continually loads iexplorer.exe in my task manager.

[daver23]

Okay, I did a free scan on a ad-aware that took several hours to complete.  I got 2 results of malware which I don't think have shown up on any previous scans.

Adware.trojan.win32.generic   
and  trojan.win32.malware.a

i'd appreciate help with trying to get rid of these 2...thanks

[SuperDave]

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
  
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  
• Note:It will also create a log in the C:\ directory.
  

[daver23]

I've tried downloading the tdsskiller program a couple times...it just won't run on my computer. It doesn't get past the stage of choosing it to run.

[SuperDave]

Download GMER Rootkit Scanner from here.

•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
   *Sections
   *IAT/EAT
   *Drives/Partition other than Systemdrive (typically C:\)
   *Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[daver23]

I did receive a load driver error before the scan ran.   Here is the txt log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-14 18:20:07
Windows 5.1.2600 Service Pack 3
Running: d9wh946i.exe; Driver: C:\DOCUME~1\DAVIDL~1\LOCALS~1\Temp\pxtdapod.sys


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             2
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             7
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             35
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             4
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             4
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             4
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             7
Reg  HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256
Reg  HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@                                                 
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count   28031

---- EOF - GMER 1.0.15 ----

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt