the log indicates "no action taken" , did you allow MalwareBytes to clean those items after copying the log for me?

yes, I did allow malwarebyte to clean up the files. running kaspersky now

When I run kaspersky, it tells me that I should have an older java version btw

The Java Addon in IE may be disabled.

• Go to Tools > Internet Options > Advanced tab.
• Click Reset then OK and exit IE.
• Re-open IE and ensure the Java add-ons are enabled.

make sure you do this:

**Vista users - right click on the IE icon and run as administrator


If you still can't get it to run:

try this scanner instead:

Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic and also let me know how things are now.

As a Vista user in order to do this scan you must open Internet Explorer by right clicking it's icon and choose "Run as Administrator".

I ran the eset scanner and it stopped about 46% of the way through. The message said that a problem with ie caused it to stop. it had found two trojans up to that point. This is all that came up on the logfile.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Hi,

Not sure what is still causing these issues.

try giving this scan a try.

Make sure all your other security programs are disabled:


Please download Dr.Web CureIt . Save it to your desktop:

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
• This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
• Please post the Dr.Web.txt report in your next reply
• Close Dr.Web Cureit.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

here's the drweb txt file

combo-fix.exe\32788R22FWJFW\c.bat;C:\Documents and Settings\Mike\Desktop\combo-fix.exe;Probably BATCH.Virus;;
combo-fix.exe;C:\Documents and Settings\Mike\Desktop;Archive contains infected objects;Moved.;
combo-fix.exe\32788R22FWJFW\c.bat;C:\Documents and Settings\Mike\DoctorWeb\Quarantine\combo-fix.exe;Probably BATCH.Virus;;
combo-fix.exe;C:\Documents and Settings\Mike\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Documents and Settings\Mike\Documents\LimeWire\Saved;Trojan.WMALoader;;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Documents and Settings\Mike\My Documents\LimeWire\Saved;Trojan.WMALoader;;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Users\Mike\Documents\LimeWire\Saved;Trojan.WMALoader;;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Users\Mike\My Documents\LimeWire\Saved;Trojan.WMALoader;;
combo-fi0.exe\32788R22FWJFW\c.bat;C:\Documents and Settings\Mike\DoctorWeb\Quarantine\combo-fi0.exe;Probably BATCH.Virus;;
combo-fi0.exe;C:\Documents and Settings\Mike\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Documents and Settings\Mike\Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;


it appears to me that the lilwayne song that my kids have on their ipods is a culprit. how do I get it to not reload when they sync back? I'm not sure if this is a relevant question, but thought I should ask.

I have a couple friends that write code and asked them today about my zip decompressing problem. They told me to download 7zip and that would fix it. It did, I can now uncompress zip files.

http://www.7-zip.org/download.html

also should I cure all the infections in drweb?

Hi,

No,

The combofix alerts are not infections just alerts on the heuristics of the program,

The only items that need removing are these

Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Documents and Settings\Mike\Documents\LimeWire\Saved;Trojan.WMALoader;;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Documents and Settings\Mike\My Documents\LimeWire\Saved;Trojan.WMALoader;;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Users\Mike\Documents\LimeWire\Saved;Trojan.WMALoader;;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Users\Mike\My Documents\LimeWire\Saved;Trojan.WMALoader;;
Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3;C:\Documents and Settings\Mike\Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

You will need to navigate to the locations of that mp3 and delete it.

C:\Documents and Settings\Mike\Documents\LimeWire\Saved
C:\Documents and Settings\Mike\My Documents\LimeWire\Saved
C:\Users\Mike\My Documents\LimeWire\Saved
C:\Users\Mike\Documents\LimeWire\Saved


It appears to have copies in the above four locations

locate them and delete them

next


I am glad 7zip allows you to now decompress files, but that doesn't explain why the function wasn't working in Vista originally.


Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues.

here's the dds files


DDS (Ver_09-07-30.01) - NTFSx86
Run by Mike at 6:11:33.92 on Tue 09/22/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2036.1209 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Windows\system32\lxblcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Mike\Desktop\launch.exe
C:\Users\Mike\AppData\Local\Temp\RarSFX0\3p9646.exe
C:\Users\Mike\AppData\Local\Temp\RarSFX0\jxnz6XP.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2071213
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2071213
uInternet Settings,ProxyOverride = *.local
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SpiralFrog] c:\program files\spiralfrog\Spiralfrog.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\oxmnlibu.default\
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\spiralfrog\NPSFDMGR.dll
FF - plugin: c:\program files\spiralfrog\wmp\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-12 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-12 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-12 297752]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-10 1153368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-13 29744]

=============== Created Last 30 ================

2009-09-21 07:48 <DIR> --d----- c:\users\mike\DoctorWeb
2009-09-21 06:43 <DIR> --d----- c:\program files\ESET
2009-09-19 20:27 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-19 20:06 229,888 a------- c:\windows\PEV.exe
2009-09-19 20:06 <DIR> --d----- C:\combo-fix
2009-09-18 08:24 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-09-18 08:24 15,360 a------- c:\windows\system32\pacerprf.dll
2009-09-18 08:24 147,456 a------- c:\windows\system32\Faultrep.dll
2009-09-18 08:24 125,952 a------- c:\windows\system32\wersvc.dll
2009-09-18 08:24 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-18 08:24 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-09-18 08:24 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-09-18 08:24 45,056 a------- c:\windows\system32\dataclen.dll
2009-09-18 08:24 36,864 a------- c:\windows\system32\cdd.dll
2009-09-18 08:23 430,080 a------- c:\windows\system32\vbscript.dll
2009-09-18 08:23 180,224 a------- c:\windows\system32\scrobj.dll
2009-09-18 08:23 172,032 a------- c:\windows\system32\scrrun.dll
2009-09-18 08:23 155,648 a------- c:\windows\system32\wscript.exe
2009-09-18 08:23 135,168 a------- c:\windows\system32\wshom.ocx
2009-09-18 08:23 135,168 a------- c:\windows\system32\cscript.exe
2009-09-18 08:23 90,112 a------- c:\windows\system32\wshext.dll
2009-09-18 03:19 <DIR> --d----- C:\PerfLogs
2009-09-17 20:00 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 14:33 <DIR> --dsh--- c:\programdata\59f35a4
2009-09-17 14:33 <DIR> --dsh--- c:\progra~2\59f35a4
2009-09-09 01:24 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 01:24 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-09 01:24 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 01:24 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 01:24 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 01:24 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 01:24 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 01:24 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 01:24 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 01:24 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 01:23 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 01:23 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-09 01:23 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 01:23 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 01:23 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 01:23 68,096 a------- c:\windows\system32\wlanhlp.dll
2009-09-09 01:23 64,512 a------- c:\windows\system32\wlanapi.dll
2009-09-09 01:23 15,181 a------- c:\windows\system32\gatherWirelessInfo.vbs
2009-09-09 01:23 2,334 a------- c:\windows\system32\wbem\L2SecHC.mof
2009-09-09 01:23 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-02 12:42 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 12:42 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-26 03:00 2,048 a------- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-09-18 03:37 174 a--sh--- c:\program files\desktop.ini
2009-09-18 03:36 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-18 03:36 86,016 a------- c:\windows\inf\infstor.dat
2009-09-18 03:36 51,200 a------- c:\windows\inf\infpub.dat
2009-09-18 03:19 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-17 22:54 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-09-17 22:54 82,432 a------- c:\windows\system32\axaltocm.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-26 09:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-26 09:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 09:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 09:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 02:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 07:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 06:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 05:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 05:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 03:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2008-07-31 21:53 0 a------- c:\users\mike\jagex_runescape_preferences.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2004-07-22 10:51 3,432,656 a------- c:\program files\ManagedDX.CAB
2004-07-19 22:58 1,156,363 a------- c:\program files\BDANT.cab
2004-07-19 22:53 976,020 a------- c:\program files\BDAXP.cab
2004-07-09 14:17 13,265,040 a------- c:\program files\dxnt.cab
2004-07-09 09:13 15,493,481 a------- c:\program files\DirectX.cab
2004-07-09 09:13 703,080 a------- c:\program files\BDA.cab
2004-07-09 04:08 472,576 a------- c:\program files\dxsetup.exe
2004-07-09 04:08 2,242,560 a------- c:\program files\dsetup32.dll
2004-07-09 03:03 62,976 a------- c:\program files\DSETUP.dll
2007-12-24 22:31 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-12-24 22:31 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-12-24 22:31 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-12-13 11:05 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 6:12:26.67 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/13/2007 2:12:07 AM
System Uptime: 9/20/2009 8:49:48 AM (46 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 105.585 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.888 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Meeting Manager for Mozilla Firefox/Netscape Navigator
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
Ad-Aware
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.1
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
BearShare
Bonjour
Browser Address Error Redirector
Business Tools Launcher
CCleaner (remove only)
City of Villains/City of Heroes (remove only)
Dell Automated PC TuneUp
Dell Getting Started Guide
Dell Network Assistant
Dell Support Center
ERUNT 1.1j
ESET Online Scanner v3
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0
IrfanView (remove only)
iTunes
Java™ 6 Update 15
Java™ 6 Update 6
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Lexmark Z700-P700 Series
LimeWire 4.18.3
Malwarebytes' Anti-Malware
Meeting Manager for Internet Explorer
Meeting Service
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Norton Security Scan
OpenOffice.org 3.1
Product Documentation Launcher
QualxServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Sonic Activation Module
SpiralFrog Download Manager 0.8.28
Spybot - Search & Destroy
Super Stunt Spectacular v1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
User's Guides
Warcraft III
WarRock
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Yahoo! Install Manager
Yahoo! Toolbar
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

9/21/2009 3:05:07 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
9/20/2009 5:06:49 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 001D097CF64B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/20/2009 12:15:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/19/2009 8:54:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/19/2009 8:54:14 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2009 8:54:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/19/2009 8:07:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
9/19/2009 8:07:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/19/2009 12:02:57 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001D097CF64B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/18/2009 4:50:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/18/2009 3:37:18 AM, Error: Microsoft-Windows-Eventlog [30] - The event logging service encountered an error (5) while enabling publisher {DBE9B383-7CF3-4331-91CC-A3CB16A3B538} to channel Microsoft-Windows-Winlogon/Operational. This doesn't affect operation of the channel, but does affect the ability for the publisher to raise events to the channel. One common reason for this error is that Provider is using ETW Provider Security and has not granted enable permissions to the Eventlog service identity.
9/18/2009 3:34:38 AM, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The system cannot find the file specified.
9/18/2009 3:34:38 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The system cannot find the file specified.
9/18/2009 3:34:38 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
9/18/2009 1:15:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001D097CF64B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/16/2009 3:42:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001D097CF64B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/16/2009 11:05:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001D097CF64B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/15/2009 3:04:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 001D097CF64B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

system seems to be running fine.

Hi,

You are clean, just need to do some housekeeping now.

Please do the following:

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
• Download and install the latest Java Runtime Environment (JRE) version for your computer.(Version 6 update 16)

NEXT

Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.



Next

Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

• Click the Pt. Restauration button and press OK to the prompts.
• Click the Corbeille button and press OK to the prompt.
• Click the Fichiers temp button and press OK to the prompt.
• Click the Recherche button and let it run ( it may look like it freezes but let it continue )
• Once it is done click the Suppression button and let it remove anything it finds.
• Close the program

If any tools/logs remain > right click and delete them, but keep MalwareBytes AntiMalware, update it and run it regularly.


Next

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  
  • Green to go
  • Yellow for caution
  • Red to stop
  
  WOT has an addon available for both Firefox and IE
  
• For Firefox, I highly recommend this add-on to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• Please read these useful guides How did I get infected in the first place?
• PC Safety and Security--What Do I Need?[/b]
• miekiemoes' Prevention topic.

Thank you for your patience, and performing all of the procedures requested.

Please respond to this thread one more time so we can mark this thread as resolved.

Everything appears to be running perfectly. You guys absolutely amaze me! Thank you for being so patient also.

you are more than welcome

stay safe

~CB