Uninvited guests...Exploit:Win32/pdfjsc.PC and VIRtool:JS/Obfuscator.BN

[fartbubble]

It seems that my security picked up on some visitors that showed up uninvited. I have all in quarantine at the moment. I didn't even know until now and it happened 4 days ago. I'm a bit confused on the messaging that is attached in the dialog box though. It states that "Security Essentials has detected programs that may compromise or damage....You can still access the files that these programs use without removing them (not reccommended). To access these files, select the allow action and click apply actions. If theses options are not available log on as administrator or contact your security administrator." Well I'm both of those on my system and I still am not sure how to approach this. I am unfamiliar with Security Essentials 2011 and I haven't incurred this before. I'm skeptical about just "removing" them as I don't really know where there going or if they are truly eradicated. Any solid suggestions would be much appreciated.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

[fartbubble]

Thank you for the response. I did find more information form Microsoft on the "reccommended protocol" for a SEVERE category detection...immediate removal. As you stated though "absence of symtoms does not mean that everything is clear." Coincidentally, I was flagged by the security program only to find two more of the same category, but not the same location. To add insult to injury, the message "cannot find the file specified" with an error ciode attatched was really bothersome. I just shut everything down and went to school. So, I've read your criteria and have started on the list. I am able to get online with the infested tower. I also have a second tower to run from that is not infested. I am running the scan with SAS at present. It is the Pro version. Too bad I hadn't got around to installing it on the other tower. I should be able to get through the DDS portion tonight if there aren't any real hithces. I wasn't quite clear if you wanted all the logs posted at one time or as each step is completed. I'll check back after while.

[fartbubble]

so much for just COPY and PASTE

[fartbubble]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/23/2011 at 07:14 PM

Application Version : 4.54.1000

Core Rules Database Version : 7320
Trace Rules Database Version: 5132

Scan type       : Complete Scan
Total Scan Time : 00:46:29

Memory items scanned      : 441
Memory threats detected   : 0
Registry items scanned    : 6744
Registry threats detected : 10
File items scanned        : 43293
File threats detected     : 111

Adware.Tracking Cookie
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][3].txt
   C:\Documents and Settings\user\Cookies\user@imrworldwide[3].txt
   C:\Documents and Settings\user\Cookies\user@invitemedia[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][3].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][6].txt
   C:\Documents and Settings\user\Cookies\[email protected][3].txt
   C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
   C:\Documents and Settings\user\Cookies\user@collective-media[3].txt
   C:\Documents and Settings\user\Cookies\user@pornografish[3].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
   C:\Documents and Settings\user\Cookies\[email protected][3].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\user@interclick[3].txt
   C:\Documents and Settings\user\Cookies\user@chitika[2].txt
   C:\Documents and Settings\user\Cookies\user@247realmedia[2].txt
   ads2.msads.net [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\3Q6Q3RVU ]
   C:\Documents and Settings\user\Cookies\user@247realmedia[1].txt
   C:\Documents and Settings\user\Cookies\user@2o7[1].txt
   C:\Documents and Settings\user\Cookies\user@2o7[3].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\user@adbrite[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@adultfriendfinder[1].txt
   C:\Documents and Settings\user\Cookies\user@advertising[1].txt
   C:\Documents and Settings\user\Cookies\user@adxpansion[2].txt
   C:\Documents and Settings\user\Cookies\user@apmebf[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\user@atdmt[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt
   C:\Documents and Settings\user\Cookies\user@clickbank[1].txt
   C:\Documents and Settings\user\Cookies\user@clickboothlnk[1].txt
   C:\Documents and Settings\user\Cookies\user@collective-media[2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][3].txt
   C:\Documents and Settings\user\Cookies\user@dmtracker[1].txt
   C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
   C:\Documents and Settings\user\Cookies\user@emailquestions[2].txt
   C:\Documents and Settings\user\Cookies\user@ero-advertising[1].txt
   C:\Documents and Settings\user\Cookies\user@exoclick[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@imrworldwide[2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@interclick[1].txt
   C:\Documents and Settings\user\Cookies\user@invitemedia[2].txt
   C:\Documents and Settings\user\Cookies\user@invitemedia[3].txt
   C:\Documents and Settings\user\Cookies\user@kporno[1].txt
   C:\Documents and Settings\user\Cookies\user@legolas-media[2].txt
   C:\Documents and Settings\user\Cookies\user@lucidmedia[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@media6degrees[1].txt
   C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@penisgrowthscience[2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@pointroll[2].txt
   C:\Documents and Settings\user\Cookies\user@pornhub[2].txt
   C:\Documents and Settings\user\Cookies\user@pornhub[3].txt
   C:\Documents and Settings\user\Cookies\user@pornografish[2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\user@qnsr[1].txt
   C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\user@revsci[2].txt
   C:\Documents and Settings\user\Cookies\user@ru4[1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt
   C:\Documents and Settings\user\Cookies\user@socialsexnetwork[1].txt
   C:\Documents and Settings\user\Cookies\user@solvemedia[2].txt
   C:\Documents and Settings\user\Cookies\user@specificclick[1].txt
   C:\Documents and Settings\user\Cookies\user@statcounter[2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\user@trafficmp[2].txt
   C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][3].txt
   C:\Documents and Settings\user\Cookies\[email protected][4].txt
   C:\Documents and Settings\user\Cookies\[email protected][5].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][3].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\user@xiti[1].txt
   C:\Documents and Settings\user\Cookies\user@yadro[2].txt
   C:\Documents and Settings\user\Cookies\user@zedo[1].txt

Browser Hijacker.Tubby
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoModify
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#Publisher
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6935

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/23/2011 9:18:36 PM
mbam-log-2011-06-23 (21-18-36).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|)
Objects scanned: 199170
Time elapsed: 39 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 21:36:20 on 2011-06-23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.428 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z022&form=ZGAPHP
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] f:\superantispyware\SUPERAntiSpyware.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RemoteControl11] "c:\program files\cyberlink\powerdvd11\PDVD11Serv.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatchTray13.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2011\roxio burn\RoxioBurnLauncher.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CPMonitor] "c:\program files\roxio\cineplayer\5.0\CPMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307032168591
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{911496F7-9AA0-49B3-AB2F-057997207866} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2011-6-3 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2011-6-3 15856]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2011-6-3 77312]
R1 C2SCSI;C2SCSI;c:\windows\system32\drivers\c2scsi.sys [2011-6-12 252160]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-3 218688]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl3674443f;MpKsl3674443f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1403ea9-65ae-4384-b052-255ebd878789}\MpKsl3674443f.sys [2011-6-23 28752]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2011-6-3 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/03 08:55:56];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2011-6-3 77296]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2009-6-2 457200]
R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2010-8-30 39408]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2011-6-3 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2011-6-3 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServer.exe [2011-6-3 312616]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-23 366640]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2011-6-3 71664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-23 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2010-7-16 354288]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2010-7-16 1099248]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-24 03:34:15   --------   d-----w-   c:\documents and settings\user\application data\Malwarebytes
2011-06-24 03:33:32   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 03:33:32   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-06-24 03:33:28   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-24 03:33:28   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-06-24 02:49:41   28752   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1403ea9-65ae-4384-b052-255ebd878789}\MpKsl3674443f.sys
2011-06-24 00:50:08   --------   d-----w-   c:\windows\system32\appmgmt
2011-06-23 22:06:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-06-23 17:33:54   --------   d-----w-   c:\documents and settings\user\application data\SUPERAntiSpyware.com
2011-06-23 17:33:54   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-23 16:06:15   7074640   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1403ea9-65ae-4384-b052-255ebd878789}\mpengine.dll
2011-06-19 07:01:08   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2011-06-19 07:01:08   21504   ----a-w-   c:\windows\system32\hidserv.dll
2011-06-17 14:15:30   --------   d-----w-   C:\OEMSettings
2011-06-17 14:13:57   --------   d-----w-   c:\program files\NETGEAR
2011-06-14 23:38:34   3840   ----a-w-   c:\windows\system32\drivers\BANTExt.sys
2011-06-14 23:38:34   --------   d-----w-   c:\program files\Belarc
2011-06-14 19:49:48   --------   d-----w-   c:\windows\SxsCaPendDel
2011-06-14 16:51:52   --------   d-----w-   c:\windows\system32\Lang
2011-06-13 21:38:14   --------   d-----w-   c:\program files\Search Toolbar
2011-06-13 18:48:22   --------   d-----w-   c:\documents and settings\user\local settings\application data\Deployment
2011-06-13 17:46:57   --------   d-----w-   c:\documents and settings\user\local settings\application data\Identities
2011-06-13 04:26:41   --------   d-----w-   c:\documents and settings\all users\sonic
2011-06-13 02:41:21   252160   ----a-w-   c:\windows\system32\drivers\c2scsi.sys
2011-06-13 01:23:51   --------   d-----w-   c:\documents and settings\user\application data\Roxio Burn
2011-06-12 19:42:00   --------   d-----w-   c:\documents and settings\user\application data\Macrovision
2011-06-12 18:52:15   --------   d-----w-   c:\documents and settings\user\local settings\application data\Roxio,_Inc
2011-06-12 18:41:55   --------   d-----w-   c:\documents and settings\user\local settings\application data\Sonic_Solutions
2011-06-12 18:20:37   --------   d-----w-   c:\documents and settings\user\local settings\application data\Temp
2011-06-12 16:09:53   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2011-06-12 16:09:53   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2011-06-12 16:09:48   25856   -c--a-w-   c:\windows\system32\dllcache\usbprint.sys
2011-06-12 16:09:48   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys
2011-06-12 15:31:21   --------   d-----w-   c:\documents and settings\user\application data\HpUpdate
2011-06-12 15:31:02   539496   ----a-w-   c:\windows\system32\hpinksts8711.dll
2011-06-12 15:31:02   272744   ----a-w-   c:\windows\system32\hpinksts8711LM.dll
2011-06-12 15:31:02   201728   ----a-w-   c:\windows\system32\hpinkcoi8711.dll
2011-06-12 15:30:04   --------   d-----w-   c:\program files\HP
2011-06-12 15:28:31   1761128   ----a-r-   c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll
2011-06-12 15:28:29   15104   -c--a-w-   c:\windows\system32\dllcache\usbscan.sys
2011-06-12 15:28:29   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2011-06-12 15:28:20   --------   d-----w-   c:\documents and settings\user\local settings\application data\HP
2011-06-12 15:25:02   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2011-06-12 15:25:02   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2011-06-06 23:25:05   7074640   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-06 23:15:14   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2011-06-06 23:15:14   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2011-06-06 23:15:10   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2011-06-06 23:15:10   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2011-06-03 18:15:11   6272   -c--a-w-   c:\windows\system32\dllcache\splitter.sys
2011-06-03 18:15:11   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys
2011-06-03 18:15:08   83072   -c--a-w-   c:\windows\system32\dllcache\wdmaud.sys
2011-06-03 18:15:08   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys
2011-06-03 18:15:05   52864   -c--a-w-   c:\windows\system32\dllcache\dmusic.sys
2011-06-03 18:15:05   52864   ----a-w-   c:\windows\system32\drivers\DMusic.sys
2011-06-03 18:15:03   56576   -c--a-w-   c:\windows\system32\dllcache\swmidi.sys
2011-06-03 18:15:03   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys
2011-06-03 18:15:01   142592   -c--a-w-   c:\windows\system32\dllcache\aec.sys
2011-06-03 18:15:01   142592   ----a-w-   c:\windows\system32\drivers\aec.sys
2011-06-03 18:10:53   77312   ----a-r-   c:\windows\system32\drivers\viasraid.sys
2011-06-03 18:10:34   --------   d-----w-   c:\program files\VIA
2011-06-03 18:00:30   --------   d-----w-   c:\documents and settings\user\local settings\application data\PCHealth
2011-06-03 17:45:08   --------   d-----w-   c:\documents and settings\user\local settings\application data\Adobe
2011-06-03 17:35:13   --------   d-----w-   c:\program files\MSXML 4.0
2011-06-03 17:00:12   --------   d-----w-   c:\documents and settings\all users\application data\Uninstall
2011-06-03 16:58:04   25584   ------w-   c:\windows\system32\drivers\SaibVd32.sys
2011-06-03 16:58:04   21488   ------w-   c:\windows\system32\drivers\SahdIa32.sys
2011-06-03 16:58:03   15856   ------w-   c:\windows\system32\drivers\SaibIa32.sys
2011-06-03 16:52:54   --------   d-----w-   c:\program files\common files\Sonic Shared
2011-06-03 16:52:27   47616   ----a-w-   c:\program files\windows media player\msoobci.dll
2011-06-03 16:52:26   819200   ----a-w-   c:\program files\windows media player\wmsetsdk.exe
2011-06-03 16:52:01   --------   d-----w-   c:\windows\RegisteredPackages
2011-06-03 16:51:23   --------   d-----w-   c:\documents and settings\user\application data\Simple Star
2011-06-03 16:51:18   --------   d-----w-   c:\documents and settings\all users\application data\PhotoShow Shared Assets
2011-06-03 16:51:14   --------   d-----w-   c:\program files\Roxio
2011-06-03 16:47:35   --------   d--h--w-   c:\windows\msdownld.tmp
2011-06-03 16:47:33   --------   d-----w-   c:\windows\Logs
2011-06-03 16:30:33   --------   d-----w-   c:\windows\system32\XPSViewer
2011-06-03 16:30:08   89088   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-03 16:29:57   117760   ------w-   c:\windows\system32\prntvpt.dll
2011-06-03 16:29:56   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-03 16:29:56   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-03 16:29:56   597504   ------w-   c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-03 16:29:56   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-03 16:29:56   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2011-06-03 16:29:56   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2011-06-03 16:29:56   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2011-06-03 16:29:55   --------   d-----w-   C:\3c7cb751d331d9f47b00f9d6a6
2011-06-03 16:20:22   --------   d-----w-   c:\documents and settings\user\application data\Roxio Log Files
2011-06-03 16:17:21   208896   ----a-w-   c:\windows\system32\nvudisp.exe
2011-06-03 16:17:21   --------   d-----w-   c:\windows\nview
2011-06-03 16:17:05   208896   ----a-w-   c:\windows\system32\NVUNINST.EXE
2011-06-03 16:17:03   729088   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-06-03 16:17:03   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-06-03 16:17:03   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-06-03 16:17:03   32768   ----a-w-   c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-06-03 16:17:03   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-06-03 16:17:03   192512   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-06-03 16:16:57   311428   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-06-03 16:16:57   188548   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-06-03 16:16:48   --------   d-----w-   C:\NVIDIA
2011-06-03 16:04:04   33104   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-06-03 16:04:04   32656   ----a-w-   c:\windows\system32\msonpmon.dll
2011-06-03 15:59:43   --------   d-----w-   c:\windows\SHELLNEW
2011-06-03 15:59:19   --------   d-----w-   c:\documents and settings\user\local settings\application data\Microsoft Help
2011-06-03 15:56:55   218688   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-03 15:56:45   --------   d-----w-   c:\program files\DAEMON Tools Lite
2011-06-03 15:56:37   --------   d-----w-   c:\documents and settings\user\application data\DAEMON Tools Lite
2011-06-03 15:56:37   --------   d-----w-   c:\documents and settings\all users\application data\DAEMON Tools Lite
2011-06-03 15:55:58   --------   d-----w-   c:\documents and settings\all users\application data\PDVD
2011-06-03 15:55:45   --------   d-----w-   c:\documents and settings\user\local settings\application data\MediaServer
2011-06-03 15:55:44   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 15:53:34   --------   d-----w-   c:\documents and settings\all users\application data\install_clap
2011-06-02 22:17:58   274288   ----a-w-   c:\windows\system32\mucltui.dll
2011-06-02 22:17:58   215920   ----a-w-   c:\windows\system32\muweb.dll
2011-06-02 22:17:58   16736   ----a-w-   c:\windows\system32\mucltui.dll.mui
2011-06-02 17:01:25   222080   ------w-   c:\windows\system32\MpSigStub.exe
.
==================== Find3M  ====================
.
2011-06-03 18:13:55   6964736   ----a-w-   c:\windows\system32\RTLCPL.EXE
2011-06-03 18:13:55   65024   ----a-w-   c:\windows\SOUNDMAN.EXE
2011-06-03 18:13:55   155648   ----a-w-   c:\windows\system32\RTLCPAPI.dll
2011-06-03 18:13:50   765952   ----a-w-   c:\windows\system\crlds3d.dll
2011-06-03 18:13:48   65536   ----a-w-   c:\windows\system32\Audio3D.dll
2011-06-03 18:13:48   65536   ----a-w-   c:\windows\system32\a3d.dll
2011-06-03 18:13:48   14250496   ----a-w-   c:\windows\system32\ALSNDMGR.CPL
2011-06-03 18:13:46   613244   ----a-w-   c:\windows\system32\drivers\ALCXWDM.SYS
2011-06-03 18:13:46   400384   ----a-w-   c:\windows\system32\drivers\ALCXSENS.SYS
2011-06-03 18:13:42   208896   ------w-   c:\windows\alcupd.exe
2011-06-03 18:13:41   139264   ------w-   c:\windows\alcrmv.exe
2011-06-02 16:53:08   21361   ----a-w-   c:\windows\system32\drivers\AegisP.sys
2011-05-02 15:31:52   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-04-25 16:11:11   43520   ------w-   c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22   385024   ------w-   c:\windows\system32\html.iec
2011-04-21 13:37:43   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
.
============= FINISH: 21:37:04.01 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2011 9:15:36 AM
System Uptime: 6/23/2011 7:49:12 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | A8V
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket 939 | 2002/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 60.783 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 19 GiB total, 18.973 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 6/14/2011 7:55:17 PM - System Checkpoint
RP2: 6/14/2011 7:59:28 PM - First Restore
RP3: 6/16/2011 3:40:20 PM - Software Distribution Service 3.0
RP4: 6/17/2011 4:20:47 AM - Software Distribution Service 3.0
RP5: 6/17/2011 4:50:47 AM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP6: 6/17/2011 5:01:24 AM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP7: 6/17/2011 5:03:31 AM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP8: 6/17/2011 6:00:50 AM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP9: 6/17/2011 6:02:38 AM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP10: 6/17/2011 7:13:20 AM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP11: 6/17/2011 8:39:58 PM - Software Distribution Service 3.0
RP12: 6/19/2011 1:15:32 AM - System Checkpoint
RP13: 6/20/2011 1:38:18 AM - Software Distribution Service 3.0
RP14: 6/21/2011 8:32:56 AM - Software Distribution Service 3.0
RP15: 6/23/2011 12:16:04 AM - Software Distribution Service 3.0
RP16: 6/23/2011 9:06:13 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Belarc Advisor 8.2
CyberLink PowerDVD 11
DAEMON Tools Lite
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Update
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v3 wireless USB 2.0 adapter
NVIDIA Drivers
Realtek AC'97 Audio
Roxio BackOnTrack
Roxio BackOnTrackPE
Roxio Burn - Secure
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2011 Pro
Roxio PhotoShow
Roxio Video Capture USB
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SmartSound Common Data
SmartSound Quicktracks 5
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Integrated Setup Wizard
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
.
==== Event Viewer Messages From Past Week ========
.
6/23/2011 8:55:50 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.107.249.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7000.0    Error code: 0x8024402c    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/23/2011 3:06:50 PM, error: Service Control Manager [7000]  - The SASKUTIL service failed to start due to the following error:  The system cannot find the file specified.
6/23/2011 3:06:50 PM, error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  The system cannot find the file specified.
6/23/2011 11:08:54 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASDIFSV SASKUTIL
6/19/2011 5:32:00 PM, error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:JS/Obfuscator.BN&threatid=2147646584    Name: VirTool:JS/Obfuscator.BN    ID: 2147646584    Severity: Severe    Category: Tool    Path: file:_C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\KWSJKLLX\vbulletin-sidebar[1].js    Detection Origin: Internet    Detection Type: Concrete    Detection Source: Real-Time Protection    User: USER-DA37FC8BC8\user    Process Name: C:\Program Files\Internet Explorer\iexplore.exe    Action: Quarantine    Action Status:  No additional actions required    Error Code: 0x80070490    Error description: Element not found.     Signature Version: AV: 1.105.2231.0, AS: 1.105.2231.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.6903.0, NIS: 0.0.0.0
6/19/2011 12:27:57 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.105.2231.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6903.0    Error code: 0x8024402c    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/18/2011 12:13:12 PM, error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.PC&threatid=2147645587    Name: Exploit:Win32/Pdfjsc.PC    ID: 2147645587    Severity: Severe    Category: Exploit    Path: containerfile:_C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AR8XDQQQ\6134ad[1].pdf;containerfile:_C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AR8XDQQQ\6134ad[2].pdf;file:_C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AR8XDQQQ\6134ad[1].pdf->(pdf0000:);file:_C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AR8XDQQQ\6134ad[2].pdf->(pdf0000:)    Detection Origin: Internet    Detection Type: Concrete    Detection Source: Real-Time Protection    User: USER-DA37FC8BC8\user    Process Name: C:\Program Files\Internet Explorer\iexplore.exe    Action: Quarantine    Action Status:  No additional actions required    Error Code: 0x80070002    Error description: The system cannot find the file specified.     Signature Version: AV: 1.105.2231.0, AS: 1.105.2231.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.6903.0, NIS: 0.0.0.0
6/18/2011 1:25:05 PM, error: Print [6161]  - The document https://exp.lanecc.edu/pls/lane/zwskstrm.P_DispTermSchd owned by user failed to print on printer HP Deskjet 2050 J510 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\USER-DA37FC8BC8. Win32 error code returned by the print processor: 183 (0xb7).
6/17/2011 6:56:22 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.
6/17/2011 6:56:22 AM, error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

   My apologies for this taking so long. The logs are in sequential order as you requested; SAS, MBAM, and the two DDS. A plethora of information that I will review after a little break. I appreciate your efforts on my behalf. Friday is my easy day for classes, so I'll make myself available throughout. Thank you again.

[SuperDave]

so I'll make myself available throughout

It's not necessary that you be on your computer the same time as myself. Just run the scans, post the logs and I'll check them.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[fartbubble]

 Results of screen317's Security Check version 0.99.7 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
 Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Adobe Flash Player   
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSMpEng.exe
 Malwarebytes' Anti-Malware mbamservice.exe 
 Malwarebytes' Anti-Malware mbamgui.exe 
 Microsoft Security Essentials msseces.exe
 Microsoft Security Client Antimalware MsMpEng.exe 
``````````End of Log````````````



ComboFix 11-06-25.03 - user 06/25/2011  13:02:29.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.443 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
E:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-25 to 2011-06-25  )))))))))))))))))))))))))))))))
.
.
2011-06-17 14:15 . 2011-06-17 14:15   --------   d-----w-   C:\OEMSettings
2011-06-03 16:29 . 2011-06-03 16:30   --------   d-----w-   C:\3c7cb751d331d9f47b00f9d6a6
2011-06-03 16:16 . 2011-06-03 16:16   --------   d-----w-   C:\NVIDIA
2011-06-03 15:58 . 2011-06-03 15:58   --------   d-----r-   C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 16:19 . 2008-04-14 12:00   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 12:00   385024   ------w-   c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"Desktop Disc Tool"="c:\program files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"SoundMan"="SOUNDMAN.EXE" [2011-06-03 65024]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 2330624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PowerDVD11.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Common\\MediaServer\\CLMSServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Program Files\\SUPERAntiSpyware\\BootSafe.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [6/3/2011 9:58 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [6/3/2011 9:58 AM 15856]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [6/3/2011 11:10 AM 77312]
R1 C2SCSI;C2SCSI;c:\windows\system32\drivers\c2scsi.sys [6/12/2011 7:41 PM 252160]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/3/2011 8:56 AM 218688]
R1 MpKsl3768b022;MpKsl3768b022;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1403EA9-65AE-4384-B052-255EBD878789}\MpKsl3768b022.sys [6/25/2011 10:56 AM 28752]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [6/3/2011 9:58 AM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/03 08:55];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [6/3/2011 8:54 AM 77296]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [6/2/2009 7:05 PM 457200]
R2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [8/30/2010 8:14 PM 39408]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [6/3/2011 8:54 AM 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [6/3/2011 8:54 AM 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [6/3/2011 8:54 AM 312616]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/23/2011 8:33 PM 366640]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [6/3/2011 8:55 AM 71664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/23/2011 8:33 PM 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [7/16/2010 6:48 AM 354288]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 5:00 AM 14336]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [7/16/2010 6:48 AM 1099248]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3768B022
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-12 c:\windows\Tasks\bot4_project_1.job
- c:\program files\Roxio\BackOnTrack\App\BNotify.exe [2010-08-31 17:02]
.
2011-06-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z022&form=ZGAPHP
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SUPERAntiSpyware - f:\superantispyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-25 13:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-776561741-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
.
Completion time: 2011-06-25  13:09:26
ComboFix-quarantined-files.txt  2011-06-25 20:09
.
Pre-Run: 65,277,476,864 bytes free
Post-Run: 65,500,803,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 46ADA218EA8D573C763A93AEA18E6209


These are the logs in sequential order as you requested. Both apps seemed to function as needed. I did notice that after downloading ComboFix from the second link  to my desktop that it did not arrive in the form of a .zip folder. Also the Security Check.bat file did not open when I opened the folder, but did bring up the cmd prompt screen and functioned as I believe it is intended from the description you provided. I don't believe it has any bearing on the results, but I am curious....and just having some anxieties over this whole occurence.
Thank you again for your assistance and patients on my behalf.

[SuperDave]

That looks good. Let's try another scan.

***************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[fartbubble]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A225E000
Module End: A2276000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B4A000
Module End: F7B4C000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: A2407620
Driver Base: A23FD000
Driver End: A241F000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied




This is the log that you requested. I will be available tomorrow in the afternoon. I did download and print the 'users guide' with the app for reference if needed; since it just made itself at home as a directory. The program is well organized and user friendly....nice. Thank you.
I'll be available on and off throughout the day tomorrow. Perhaps you could pass on what you interpret from the log info as we move forward. I am just seeing this information in it's format for the first time so it's a bit overwhelming. It would be beneficial to have some direction from someone like yourself as to what I should be looking for as well; to be better informed in the future a well as reduce the  present learning curve on my end. Again I thank you for your time and patients on my behalf. Goodnite. 

[SuperDave]

It would be beneficial to have some direction from someone like yourself as to what I should be looking for as well; to be better informed in the future a well as reduce the  present learning curve on my end.

You don't have to look for anything. I will do the looking for you. To explain what I'm looking for would take more time than I have. Just one more scan, if you don't mind.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[fartbubble]

Just received your message. I'll begin straightaway.

[fartbubble]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=d0389faf8566db4bacdef90c7778aaf4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-27 04:13:34
# local_time=2011-06-26 09:13:34 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 0 20243705 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=44008
# found=2
# cleaned=2
# scan_time=1971
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir   Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{B0567392-64D6-4BF0-B2EA-40924BD2EEA9}\RP17\A0006566.dll   Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C



This is the ESET scan log that you requested. I apologize for not being more readily available during "normal" hours to complete these tasks.
Each time I plan a daily schedule to include these undertakings, it is preempted by some other "priority." It is what it is I suppose.
I recognise 'Qoobox'. I believe it is associated with the MSE program on my system; the quarantine locale. Is it possible that these are the two E-hoodlums that MSE stated in the error report as "element not found"? Ok, that's enough for now. Thank you again for your continued support and dedication. I'll check back again in the AM before classes start. Goodnight.

[SuperDave]

I apologize for not being more readily available during "normal" hours to complete these tasks.

That's not necessary in this forum. In fact, I'm almost never available in normal hours because of the different time zones in which we live.

I recognise 'Qoobox'. I believe it is associated with the MSE program on my system; the quarantine locale. Is it possible that these are the two E-hoodlums that MSE stated in the error report as "element not found"?

Qoobox is associated with ComboFix and the file was in quarantine. The other infection was in your System Restore but ESET got rid of them. How's your computer working now? Any other issues?

[fartbubble]

 :PWell so much for what Irecognise, huh? My fingers spoke before my brain on that one; after you helped point it out. (Qoobox) I haven't checked the other tower yet; the problem child. I will have a lookey-loo. It didn't ever really perform in a defunct manner from just the users point of view, but the machine was crying out with its error code information. I haven't had enough time with this other tower to say for sure one way or the other.Is there something I should look for specifically? It is my goal for the two towers I have to function as a network. I am a bit trepidations about the idea, having gone through this. Functionality is very important, but I am more keenly aware now of the potential risk factors of exposure to the little buggers that "lie in wait to deceive." I will feel more confident about the environment on the AMD tower if you feel that the system is technically sound from the results that you've requested. There is an inevitable point that has to be reached where
all that can be done has been done. I really don't have the qualifications to make that call. But I am prepared to accept the outcome ....good or bad. I'll check back tomorrow. Thank you SD for your assistance on my behalf; It has to be a trial on your patients for all that you and your cohorts do for the likes of me.  Goodnight.

[SuperDave]

I haven't checked the other tower yet; the problem child.

Are you trying to repair two computers at once?
If everything is ok with the computer we're working on, I'd like to do some cleanup. After that we'll have to take a look at the second computer.

[fartbubble]

Are you trying to repair two computers at once?
If everything is ok with the computer we're working on, I'd like to do some cleanup. After that we'll have to take a look at the second computer.

I do have two towers, but this one, the Dell Dimension B110 is the tower I am presently commnicating from. It is the 'Ole Faithful
in my household. The AMD tower is the tower I recently purchased, that you have assistied me with.
Let us proceed then with the task at hand. Just tell me what it is that you require. I am using a Belkin KVM switch, which both units use but are kept seperated and are not presently sharing files or functioning togeter as a network group. Please advise as to how you wish to proceed. It isn't over until it's over.

[SuperDave]

I've finished running scans on that computer. If there are no other issues, we can do some cleanup. Please let me know and we can do the cleanup.

[fartbubble]

If everything is ok with the computer we're working on, I'd like to do some cleanup. After that we'll have to take a look at the second computer.

I would be glad to have your continued support. Do you still feel that the other tower should be looked at as well? I would feel better knowing that both systems are absolutely infestation free; prior to networking the two together and sharing files. I will check back here tomorrow assuming that you would like to proceed. Thank you for your time and patience on my behalf.

[SuperDave]

Do you still feel that the other tower should be looked at as well?

If you're having problems with it, please start a new thread.
Ok. Let's do some cleanup on this one.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*******************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[fartbubble]

I initiated the process that you provided for the final cleanup. The temporary internet files and temp files that were "cleaned out" were limited to only what the DISKCLEANUP in SYSTEM TOOLS offers in the menu of choice. I do not believe this fulfills the scope of your intentions for the final cleanup regarding these files/folders. I have 13 different temp folders; containing hundreds of files spread between 3 different directories that include the WINDOWS OS, and Program Files. In addition, it turns out that that they are case senitive; 6 are uppercase  and 5 are lowercase spellings of the same. Temporary internet files are relatively easy to assess, yet I have 3 of those as well in my "list" while not completely confident in which files  for sure are seperated then get the AX.  Long story short.....I am proceeding on the premise that i am not going to wipeout my system, because i didn't put all my eggs in one basket. I beleive there are file/folders that are directly relatedto some of the operations performed laft week. At any rate...I will send the info tomorrow.

Thank you,
Brent

[fartbubble]

I apologize for being away from this thread for so long. I have been swamped with summer terms workload and really have not had the time to devote to the final details.
OK. Where I am now is having run the uninstall on COMBOFIX, and did a clean-up of Temporary Internet Files (limited to what is flagged by Disk Cleanup in System Tools). I have not ran the program from old timer yet. I do HAVE A QUESTION... Should there be any folders or files left anywhere in my system that pertain to COMBOFIX? If the answer is no, then something isn't right, I sill have a directory folder in my directory tree titled COMBOFIX. This is after running the unistall as directed. I have not even ran the "problem child" after discovering this and my last post. I know I marked it as solved because I feel, Dave, that ultimately you helped me solve the problem at hand. But I could use just a little more direction on the details.  Can you assist? Or should I begin a new thread? Thanks in advance.

[SuperDave]

I have not ran the program from old timer yet. I do HAVE A QUESTION... Should there be any folders or files left anywhere in my system that pertain to COMBOFIX? If the answer is no, then something isn't right, I sill have a directory folder in my directory tree titled COMBOFIX. This is after running the unistall as directed.

After you run OTL cleanup it should be all gone.