Update
I installed and ran recommended Avira Anti-Virus, then ran a full scan. At the time it did not find anything, but during the other requested processes Avira came up with the following that I took the quarantine option:
Begin scan in 'C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll'
C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll
[DETECTION] Contains virus patterns of Adware ADWARE/FunWeb.GQ.4
Beginning disinfection:
C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll
[DETECTION] Contains virus patterns of Adware ADWARE/FunWeb.GQ.4
[NOTE] The file was moved to the quarantine directory under the name '4f5dd1ed.qua'.
Installed and ran TFC.
Installed, updated and ran MBAM and received the following log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5475
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
1/7/2011 2:37:54 PM
mbam-log-2011-01-07 (14-37-54).txt
Scan type: Full scan (C:\|)
Objects scanned: 207336
Time elapsed: 32 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I
nstalled and ran GMER and received the following log:
GMER 1.0.15.15530 -
http://www.gmer.net
Rootkit quick scan 2011-01-07 14:42:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3750640A rev.3.AAE
Running: khe0ofqr.exe; Driver: C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\fxtdapob.sys
---- Threads - GMER 1.0.15 ----
Thread System [4:124] 872F453C
Thread System [4:128] 872F652D
---- EOF - GMER 1.0.15 ----
Installed and ran D.D.S. and received the following DDS/ATTACH:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Larry Williams at 14:45:49.04 on Fri 01/07/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.548 [GMT -6:00]
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Larry Williams\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-system: zwxinptvxqkymmzwdbdiTaskMgr = 0 (0x0)
Trusted Zone: aol.com\free
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\larryw~1\applic~1\mozilla\firefox\profiles\wh9rbfaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-7 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-7 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-7 61960]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-2-14 91830]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
=============== Created Last 30 ================
2011-01-07 20:19:02 -------- d-----w- c:\docume~1\larryw~1\applic~1\Avira
2011-01-07 19:54:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 19:54:49 -------- d-----w- c:\program files\Avira
2011-01-07 19:54:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-01-07 15:45:44 -------- d-----w- c:\program files\ESET
2011-01-07 13:22:34 -------- d--h--w- c:\windows\PIF
2011-01-07 11:26:50 -------- d-----w- C:\ComboFix
2011-01-06 14:39:21 -------- d-sha-r- C:\cmdcons
2011-01-06 14:21:48 98816 ----a-w- c:\windows\sed.exe
2011-01-06 14:21:48 89088 ----a-w- c:\windows\MBR.exe
2011-01-06 14:21:48 256512 ----a-w- c:\windows\PEV.exe
2011-01-06 14:21:48 161792 ----a-w- c:\windows\SWREG.exe
2011-01-05 18:18:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 18:18:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 18:18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-25 03:01:23 -------- d-----w- c:\program files\Microsoft IntelliType Pro
==================== Find3M ====================
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-10-21 12:12:30 389120 ----a-w- c:\windows\system32\html.iec
============= FINISH: 14:51:58.40 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/14/2008 1:09:35 PM
System Uptime: 1/7/2011 2:02:37 PM (0 hours ago)
Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 674.328 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Acrobat Reader 3.02
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Alarm 2.0.4
Apple Application Support
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATI Problem Report Wizard
Avira AntiVir Personal - Free Antivirus
B57Inst
BCM V.92 56K Modem
BlueVoda Website Builder 10.2
Broadcom Driver Installer
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon MP190 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Spanish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Corel Applications
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
Creative WebCam Live! Driver (1.01.01.0730)
Creative WebCam Live! User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
Cross Fire En
eFax Messenger 4.3
ESET Online Scanner v3
EverQuest II Extended
Flash Slideshow Maker Pro 4.88
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Inkjet Printer/Scanner Extended Survey Program
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Ipswitch WS_FTP Professional 2007
Jasc Paint Shop Pro 8
Java Auto Updater
Java(TM) 6 Update 21
Magic DVD Ripper V5.5.0
Malwarebytes' Anti-Malware
Maxtor OneTouch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 7.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mocha W32 TN5250
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicnotes Software Suite 1.5.1
Netscape (7.2)
PokerStars
QuickBooks 2000
ReaConverter 5.5 Pro
RealPlayer
RealUpgrade 1.0
Retrospect Express HD 1.0
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skins
SmartDraw 6
Sonic CinePlayer DVD Pack
Sound Blaster X-Fi
Sounds Best On Sound Blaster
StormPredator 3.01
StormPredator 3.26
StormPredator 3.3
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (MXO)
WebFldrs XP
Windows Driver Package - KeyScan Image (11/01/2009 8.00.03)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
1/7/2011 8:50:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 8:49:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/7/2011 7:05:19 AM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 0007E9E9E944 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
1/7/2011 6:53:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.13.
1/7/2011 6:53:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.13.
1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 1:53:28 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/7/2011 1:53:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
1/7/2011 1:53:28 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/6/2011 2:31:30 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
==== End Of File ===========================
Downloaded and Installed all Windows Security and Critical updates. 81 Updates 15 failed. Deleted, downloaded and installed new Java and Adobe.
During all of these processes and current, I keep receiving a pop-up error stating "Internet Explorer Has Encountered an Error. This is popping up every couple of minutes. The error it is showing is:
C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\20db_appcompat.txt
I do not have IE8 installed and the IE7 I do have installed I never use except for updates. I use Firefox for my browser and every time I open Firefox I receive "Firefox is not currently set as your default browser. Would you like to make it your default browser?" and take the "yes" option.
Thank you again for your assistance.