Author Topic: I downloaded something I should not have. (Read 22379 times)

Doug · « **on:** January 12, 2012, 10:52:14 AM »

Help please. More then a month ago I wanted to watch something online which required Divx to watch. A box appeared asking me if I wanted to use Windows Media Player and I clicked on it and downloaded whatever the program was. I did it because some sites allow you to choose if you want to watch a video with MP or Quicktime, or Flash. I got tricked and realize it now because the other sites don't require you to download anything and I didn't want to download Divx and clicked quickly. I've had fake security center thing and have gotten rid of it using SAS and Malwarebytes but I noticed this recently when I went to the security center.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2008 12:10:50 PM
System Uptime: 1/12/2012 11:59:11 AM (1 hours ago)
.
Motherboard: Intel Corporation | | DQ45EK
Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz | LGA775 | 2527/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 365.143 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.406 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BurnAware Free 4.2
CCleaner
DivX Setup
Enhanced Multimedia Keyboard Solution
FlashGet 1.9.6.1073
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Feedback
HP Picasso Media Center Add-In
Intel(R) Graphics Media Accelerator Driver
Intel(R) Integrator Assistant
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyDefrag v4.3.1
Python 2.5
Revo Uninstaller 1.93
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype Click to Call
Skype™ 5.6
SoundMAX
SUPERAntiSpyware
Trend Micro Titanium
Trend Micro Titanium Internet Security 2012
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 9:23:04 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001CC07EA3C3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
1/9/2012 2:41:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt SASDIFSV SASKUTIL spldr tmactmon tmcomm tmevtmgr tmtdi Wanarpv6
1/9/2012 2:41:48 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2012 2:40:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/9/2012 2:40:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/9/2012 2:40:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/9/2012 2:40:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/9/2012 2:40:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/12/2012 8:14:26 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
1/12/2012 8:14:24 AM, Error: EventLog [6008] - The previous system shutdown at 8:12:01 AM on 1/12/2012 was unexpected.
1/12/2012 12:01:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
1/12/2012 12:01:12 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/12/2012 12:01:12 PM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
1/12/2012 12:01:12 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/12/2012 12:01:12 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/10/2012 7:50:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001CC07EA3C3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by SuperDuperUserOne at 12:26:12 on 2012-01-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3033.1967 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcccoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\WscStatusController.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - h:\flashget\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - h:\flashget\getflash.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [<NO NAME>]
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - h:\flashget\jc_all.htm
IE: &Download with FlashGet - h:\flashget\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - h:\flashget\FlashGet.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_30.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DC208170-CEB0-4133-8787-7A722F617BCE} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-11-30 68368]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-11-30 200632]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2008-12-12 459904]
R3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\drivers\e1q6032.sys [2011-11-29 150624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-11 14:54:39   9728   ----a-w-   c:\windows\system32\lsass.exe
2012-01-11 14:54:39   72704   ----a-w-   c:\windows\system32\secur32.dll
2012-01-11 14:54:39   440192   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-01-11 14:54:39   377344   ----a-w-   c:\windows\system32\winhttp.dll
2012-01-11 14:54:39   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-01-11 14:54:39   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
2012-01-11 00:55:37   23552   ----a-w-   c:\windows\system32\mciseq.dll
2012-01-11 00:55:37   189952   ----a-w-   c:\windows\system32\winmm.dll
2012-01-11 00:55:36   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 00:55:34   66560   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 00:55:34   376320   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-11 00:55:33   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2012-01-11 00:55:32   497152   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 00:55:32   1314816   ----a-w-   c:\windows\system32\quartz.dll
2012-01-08 14:08:53   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-06 14:52:26   --------   d-----r-   c:\program files\Skype
2012-01-03 23:24:50   --------   d-----w-   c:\users\superduperuserone\appdata\local\{77A5A540-39E8-49FE-8BB0-3744DBB1CC5B}
2012-01-03 23:24:36   --------   d-----w-   c:\users\superduperuserone\Tracing
2012-01-03 23:14:24   --------   d-----w-   c:\program files\Microsoft
2012-01-03 23:14:16   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2012-01-03 23:14:16   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2012-01-03 23:14:16   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2012-01-03 23:13:40   3426072   ----a-w-   c:\windows\system32\d3dx9_32.dll
2012-01-03 23:12:09   754688   ----a-w-   c:\windows\system32\webservices.dll
2012-01-03 23:11:49   7450888   ----a-w-   c:\program files\common files\windows live\.cache\102d91c91ccca6d0a\bingbarsetup.exe
2012-01-03 23:11:41   15712   ----a-w-   c:\program files\common files\windows live\.cache\d0abf0d1ccca6d09\MeshBetaRemover.exe
2012-01-03 23:11:39   94040   ----a-w-   c:\program files\common files\windows live\.cache\bdc91f11ccca6d08\DSETUP.dll
2012-01-03 23:11:39   525656   ----a-w-   c:\program files\common files\windows live\.cache\bdc91f11ccca6d08\DXSETUP.exe
2012-01-03 23:11:39   1691480   ----a-w-   c:\program files\common files\windows live\.cache\bdc91f11ccca6d08\dsetup32.dll
2012-01-03 23:11:34   94040   ----a-w-   c:\program files\common files\windows live\.cache\77d6a5e1ccca6d07\DSETUP.dll
2012-01-03 23:11:34   525656   ----a-w-   c:\program files\common files\windows live\.cache\77d6a5e1ccca6d07\DXSETUP.exe
2012-01-03 23:11:34   1691480   ----a-w-   c:\program files\common files\windows live\.cache\77d6a5e1ccca6d07\dsetup32.dll
2012-01-03 23:11:29   6260088   ----a-w-   c:\program files\common files\windows live\.cache\1b966a41ccca6d06\Silverlight.4.0.exe
2012-01-03 23:10:57   --------   d-----w-   c:\users\superduperuserone\appdata\local\Windows Live
2012-01-03 23:10:54   --------   d-----w-   c:\program files\common files\Windows Live
2012-01-01 23:07:51   --------   d-----w-   c:\program files\VS Revo Group
2012-01-01 04:42:16   --------   d-----w-   C:\Downloads
2012-01-01 04:38:28   --------   d-----w-   c:\users\superduperuserone\appdata\local\PLX_Technology
2012-01-01 04:36:53   24880   ----a-w-   c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-01-01 04:36:51   --------   d-----w-   c:\program files\Iomega
2011-12-31 10:16:33   --------   d-----w-   c:\program files\MyDefrag v4.3.1
2011-12-31 03:20:51   2082630   ----a-w-   c:\users\superduperuserone\MyDefrag-v4.3.1.exe
2011-12-30 07:12:17   22032   ----a-w-   c:\windows\DCEBoot.exe
2011-12-28 08:50:13   --------   d-----w-   c:\users\superduperuserone\appdata\local\DDMSettings
2011-12-26 02:07:48   --------   d-----w-   c:\users\superduperuserone\appdata\roaming\FlashGet
2011-12-26 02:06:13   4653240   ----a-w-   c:\users\superduperuserone\flashget196en.exe
2011-12-23 00:50:36   --------   d-----w-   c:\program files\iPod
2011-12-23 00:50:34   --------   d-----w-   c:\program files\iTunes
2011-12-22 18:13:10   --------   d-----w-   c:\program files\common files\PX Storage Engine
2011-12-22 18:12:43   --------   d-----w-   c:\program files\common files\DivX Shared
2011-12-22 18:11:49   --------   d-----w-   c:\program files\DivX
2011-12-22 18:11:23   --------   d-----w-   c:\programdata\DivX
2011-12-22 18:08:10   175616   ----a-w-   c:\windows\system32\unrar.dll
2011-12-18 04:30:43   --------   d-----w-   c:\users\superduperuserone\appdata\roaming\Malwarebytes
2011-12-18 04:30:27   --------   d-----w-   c:\programdata\Malwarebytes
2011-12-18 04:30:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-16 01:26:23   --------   d-----w-   c:\users\superduperuserone\appdata\roaming\SUPERAntiSpyware.com
2011-12-16 01:25:46   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-12-16 01:25:46   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-14 03:57:14   --------   d-----w-   c:\program files\BurnAware Free
2011-12-14 03:11:02   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-12-14 03:11:02   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-14 03:11:01   429056   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-14 03:11:00   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-12-14 03:10:58   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-14 03:10:56   2048   ----a-w-   c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-12-18 04:57:42   319456   ----a-w-   c:\windows\DIFxAPI.dll
2011-12-01 18:32:41   413696   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-12-01 18:32:41   110592   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-12-01 13:09:47   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2011-12-01 13:07:56   4096   ----a-w-   c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-12-01 13:07:55   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2011-12-01 13:07:55   519680   ----a-w-   c:\windows\system32\d3d11.dll
2011-12-01 13:07:55   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2011-12-01 13:07:55   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2011-12-01 13:07:55   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2011-12-01 13:07:55   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2011-12-01 13:07:55   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2011-12-01 06:21:02   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 00:44:34   56   ----a-w-   c:\windows\system32\SupportTool.exe.bat
2011-12-01 00:39:58   92432   ----a-w-   c:\windows\system32\drivers\tmtdi.sys
2011-12-01 00:39:58   81168   ----a-w-   c:\windows\system32\drivers\tmactmon.sys
2011-12-01 00:39:58   68368   ----a-w-   c:\windows\system32\drivers\tmevtmgr.sys
2011-12-01 00:39:58   205072   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2011-11-10 10:54:13   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-03 22:47:42   1798144   ----a-w-   c:\windows\system32\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   c:\windows\system32\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-10-20 23:26:22   94208   ----a-w-   c:\windows\system32\dpl100.dll
.
============= FINISH: 12:26:44.53 ===============
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SuperDuperUserOne :: SUPERDUPERUS-PC [administrator]

1/12/2012 12:08:57 PM
mbam-log-2012-01-12 (12-08-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 165065
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/12/2012 at 11:56 AM

Application Version : 5.0.1142

Core Rules Database Version : 8126
Trace Rules Database Version: 5938

Scan type : Complete Scan
Total Scan Time : 00:49:28

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 595
Memory threats detected : 0
Registry items scanned : 35181
Registry threats detected : 0
File items scanned : 117048
File threats detected : 2

Trojan.Agent/Gen-Frauder
   C:\USERS\SUPERDUPERUSERONE\APPDATA\LOCAL\MTV.EXE
   C:\Windows\Prefetch\MTV.EXE-11809ADD.pf

SuperDave · « **Reply #1 on:** January 12, 2012, 12:14:07 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Doug · « **Reply #2 on:** January 12, 2012, 05:19:54 PM »

The only way I can start programs is from task manager. I took a stab in the dark and used the "browse" from task manager to find the launcher for my AV. At first it showed as a running in the applications tab and then disappeared and now I have the Icon in the lower right hand side of my desktop that my AV is running.

Anything that I click on gives me the above message. I don't know how to get to the security center to see if anything has changed.

*******I also just looked at the topic next to mine in this forum by SalP or something and see where he said he restarted and that fixed his problem. I was going to hit the power button on my computer and restart but then thought about using task manager.

ComboFix 12-01-12.04 - SuperDuperUserOne 01/12/2012 17:59:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3033.1968 [GMT -5:00]
Running from: c:\users\SuperDuperUserOne\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SuperDuperUserOne\flashget196en.exe
c:\users\SuperDuperUserOne\MyDefrag-v4.3.1.exe
c:\windows\$NtUninstallKB3515$
c:\windows\$NtUninstallKB3515$\3308739060
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_
6.0.6001.18000_none_6064c861f7442765\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 23:24 . 2012-01-12 23:38   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\temp
2012-01-12 23:24 . 2012-01-12 23:24   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-12 23:24 . 2008-01-21 02:24   184320   ----a-w-   c:\windows\system32\drivers\netbt.sys
2012-01-11 20:02 . 2012-01-11 20:02   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Template
2012-01-11 14:54 . 2011-11-17 06:48   440192   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-01-11 14:54 . 2011-11-16 16:23   377344   ----a-w-   c:\windows\system32\winhttp.dll
2012-01-11 14:54 . 2011-11-16 16:23   72704   ----a-w-   c:\windows\system32\secur32.dll
2012-01-11 14:54 . 2011-11-16 16:23   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-01-11 14:54 . 2011-11-16 16:21   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
2012-01-11 14:54 . 2011-11-16 14:12   9728   ----a-w-   c:\windows\system32\lsass.exe
2012-01-11 00:55 . 2011-10-14 16:03   189952   ----a-w-   c:\windows\system32\winmm.dll
2012-01-11 00:55 . 2011-10-14 16:00   23552   ----a-w-   c:\windows\system32\mciseq.dll
2012-01-11 00:55 . 2011-11-18 20:23   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 00:55 . 2011-11-25 15:59   376320   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-11 00:55 . 2011-11-18 17:47   66560   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 00:55 . 2011-12-01 15:21   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 00:55 . 2011-10-25 15:58   1314816   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 00:55 . 2011-10-25 15:58   497152   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-08 14:08 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-06 17:28 . 2012-01-06 17:28   --------   d-----w-   c:\program files\Safari
2012-01-06 14:52 . 2012-01-12 22:24   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----r-   c:\program files\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----w-   c:\program files\Common Files\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----w-   c:\programdata\Skype
2012-01-03 23:24 . 2012-01-05 04:18   --------   d-----w-   c:\users\SuperDuperUserOne\Tracing
2012-01-03 23:14 . 2012-01-04 06:26   --------   d-----w-   c:\program files\Microsoft
2012-01-03 23:14 . 2009-09-04 22:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2012-01-03 23:14 . 2009-09-04 22:44   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2012-01-03 23:14 . 2009-09-04 22:29   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2012-01-03 23:13 . 2006-11-29 18:06   3426072   ----a-w-   c:\windows\system32\d3dx9_32.dll
2012-01-03 23:12 . 2009-08-04 08:02   754688   ----a-w-   c:\windows\system32\webservices.dll
2012-01-03 23:10 . 2012-01-03 23:22   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\Windows Live
2012-01-03 23:10 . 2012-01-03 23:10   --------   d-----w-   c:\program files\Common Files\Windows Live
2012-01-01 23:07 . 2012-01-01 23:07   --------   d-----w-   c:\program files\VS Revo Group
2012-01-01 04:42 . 2012-01-01 05:07   --------   d-----w-   C:\Downloads
2012-01-01 04:38 . 2012-01-01 04:38   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\PLX_Technology
2012-01-01 04:36 . 2010-05-25 14:14   24880   ----a-w-   c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-01-01 04:36 . 2012-01-01 04:36   --------   d-----w-   c:\program files\Iomega
2011-12-31 10:16 . 2012-01-09 09:33   --------   d-----w-   c:\program files\MyDefrag v4.3.1
2011-12-30 07:12 . 2011-12-30 07:21   22032   ----a-w-   c:\windows\DCEBoot.exe
2011-12-28 08:50 . 2011-12-28 08:50   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\DDMSettings
2011-12-26 02:07 . 2011-12-26 02:07   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\FlashGet
2011-12-23 00:50 . 2011-12-23 00:50   --------   d-----w-   c:\program files\iPod
2011-12-23 00:50 . 2011-12-23 00:50   --------   d-----w-   c:\program files\iTunes
2011-12-22 23:29 . 2012-01-02 03:49   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Media Player Classic
2011-12-22 18:13 . 2011-12-22 23:29   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\DivX
2011-12-22 18:13 . 2011-12-22 18:13   --------   d-----w-   c:\program files\Common Files\PX Storage Engine
2011-12-22 18:12 . 2011-12-28 08:43   --------   d-----w-   c:\program files\Common Files\DivX Shared
2011-12-22 18:11 . 2011-12-28 08:44   --------   d-----w-   c:\program files\DivX
2011-12-22 18:11 . 2011-12-28 08:44   --------   d-----w-   c:\programdata\DivX
2011-12-22 18:08 . 2011-03-02 11:43   175616   ----a-w-   c:\windows\system32\unrar.dll
2011-12-18 04:30 . 2011-12-18 04:30   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Malwarebytes
2011-12-18 04:30 . 2011-12-18 04:30   --------   d-----w-   c:\programdata\Malwarebytes
2011-12-18 04:30 . 2012-01-08 14:08   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-16 01:26 . 2011-12-16 01:26   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\SUPERAntiSpyware.com
2011-12-16 01:25 . 2011-12-16 01:26   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-16 01:25 . 2011-12-16 01:25   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-12-14 03:57 . 2011-12-14 03:57   --------   d-----w-   c:\program files\BurnAware Free
2011-12-14 03:11 . 2011-10-27 08:01   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-12-14 03:11 . 2011-10-27 08:01   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-14 03:11 . 2011-10-14 16:02   429056   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-14 03:11 . 2011-11-23 13:37   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-12-14 03:10 . 2011-10-25 15:56   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-14 03:10 . 2011-11-08 14:42   2048   ----a-w-   c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 04:57 . 2008-07-07 16:18   319456   ----a-w-   c:\windows\DIFxAPI.dll
2011-12-04 01:31 . 2011-12-04 01:31   677136   ----a-w-   c:\programdata\Microsoft\eHome\Packages\
MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-01 18:32 . 2011-12-01 18:32   413696   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-12-01 18:32 . 2011-12-01 18:32   110592   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-12-01 13:10 . 2011-12-01 13:10   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-12-01 13:10 . 2011-12-01 13:10   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-12-01 13:10 . 2011-12-01 13:10   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-12-01 13:10 . 2011-12-01 13:10   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-12-01 13:10 . 2011-12-01 13:10   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-12-01 13:10 . 2011-12-01 13:10   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-12-01 13:10 . 2011-12-01 13:10   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-12-01 13:10 . 2011-12-01 13:10   367104   ----a-w-   c:\windows\system32\html.iec
2011-12-01 13:10 . 2011-12-01 13:10   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-01 13:10 . 2011-12-01 13:10   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-12-01 13:10 . 2011-12-01 13:10   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-12-01 13:10 . 2011-12-01 13:10   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-12-01 13:10 . 2011-12-01 13:10   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-12-01 13:10 . 2011-12-01 13:10   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-12-01 13:10 . 2011-12-01 13:10   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-12-01 13:10 . 2011-12-01 13:10   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-12-01 13:10 . 2011-12-01 13:10   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-12-01 13:09 . 2011-12-01 13:09   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2011-12-01 13:09 . 2011-12-01 13:09   357376   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2011-12-01 13:09 . 2011-12-01 13:09   98816   ----a-w-   c:\windows\system32\mfps.dll
2011-12-01 13:09 . 2011-12-01 13:09   586240   ----a-w-   c:\windows\system32\stobject.dll
2011-12-01 13:09 . 2011-12-01 13:09   302592   ----a-w-   c:\windows\system32\mfmp4src.dll
2011-12-01 13:09 . 2011-12-01 13:09   2873344   ----a-w-   c:\windows\system32\mf.dll
2011-12-01 13:09 . 2011-12-01 13:09   261632   ----a-w-   c:\windows\system32\mfreadwrite.dll
2011-12-01 13:09 . 2011-12-01 13:09   209920   ----a-w-   c:\windows\system32\mfplat.dll
2011-12-01 13:09 . 2011-12-01 13:09   683008   ----a-w-   c:\windows\system32\d2d1.dll
2011-12-01 13:09 . 2011-12-01 13:09   486400   ----a-w-   c:\windows\system32\d3d10level9.dll
2011-12-01 13:09 . 2011-12-01 13:09   135680   ----a-w-   c:\windows\system32\XpsRasterService.dll
2011-12-01 13:09 . 2011-12-01 13:09   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2011-12-01 13:09 . 2011-12-01 13:09   638336   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-12-01 13:09 . 2011-12-01 13:09   478720   ----a-w-   c:\windows\system32\dxgi.dll
2011-12-01 13:09 . 2011-12-01 13:09   37376   ----a-w-   c:\windows\system32\cdd.dll
2011-12-01 13:09 . 2011-12-01 13:09   258048   ----a-w-   c:\windows\system32\winspool.drv
2011-12-01 13:09 . 2011-12-01 13:09   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2011-12-01 13:09 . 2011-12-01 13:09   189952   ----a-w-   c:\windows\system32\d3d10core.dll
2011-12-01 13:09 . 2011-12-01 13:09   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-12-01 13:09 . 2011-12-01 13:09   1029120   ----a-w-   c:\windows\system32\d3d10.dll
2011-12-01 13:09 . 2011-12-01 13:09   847360   ----a-w-   c:\windows\system32\OpcServices.dll
2011-12-01 13:09 . 2011-12-01 13:09   667648   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2011-12-01 13:09 . 2011-12-01 13:09   26112   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2011-12-01 13:09 . 2011-12-01 13:09   1554432   ----a-w-   c:\windows\system32\xpsservices.dll
2011-12-01 13:07 . 2011-12-01 13:07   4096   ----a-w-   c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-12-01 13:07 . 2011-12-01 13:07   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2011-12-01 13:07 . 2011-12-01 13:07   519680   ----a-w-   c:\windows\system32\d3d11.dll
2011-12-01 13:07 . 2011-12-01 13:07   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2011-12-01 13:07 . 2011-12-01 13:07   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2011-12-01 13:07 . 2011-12-01 13:07   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2011-12-01 13:07 . 2011-12-01 13:07   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2011-12-01 13:07 . 2011-12-01 13:07   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2011-12-01 06:21 . 2011-12-01 06:21   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 00:44 . 2011-12-01 00:44   56   ----a-w-   c:\windows\system32\SupportTool.exe.bat
2011-12-01 00:39 . 2011-12-01 00:47   92432   ----a-w-   c:\windows\system32\drivers\tmtdi.sys
2011-12-01 00:39 . 2011-12-01 00:45   81168   ----a-w-   c:\windows\system32\drivers\tmactmon.sys
2011-12-01 00:39 . 2011-12-01 00:45   68368   ----a-w-   c:\windows\system32\drivers\tmevtmgr.sys
2011-12-01 00:39 . 2011-12-01 00:45   205072   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2011-11-30 08:46 . 2011-11-30 08:46   652296   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsTemplate\
SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-30 08:46 . 2011-11-30 08:46   416128   ----a-w-   c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-11-10 10:54 . 2011-12-01 01:12   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-20 23:26 . 2011-10-20 23:26   94208   ----a-w-   c:\windows\system32\dpl100.dll
2011-10-18 06:28 . 2011-11-30 07:11   6668624   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\
{3BA2DDA6-0E7F-403E-B843-9206D95A55FB}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-12-01 129304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-04-10 1310720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NETBT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - h:\flashget\jc_all.htm
IE: &Download with FlashGet - h:\flashget\jc_link.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-FlashGet - h:\flashget\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 18:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16?

??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb]
"ImagePath"="\*"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\AMSP\coreServiceShell.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcccoms.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-01-12 18:41:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 23:41
.
Pre-Run: 391,558,811,648 bytes free
Post-Run: 391,209,582,592 bytes free
.
- - End Of File - - 2345CA6C9C98304BCF418C389C3623C3

ComboFix 12-01-12.04 - SuperDuperUserOne 01/12/2012 18:50:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3033.2098 [GMT -5:00]
Running from: c:\users\SuperDuperUserOne\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 23:54 . 2012-01-12 23:54   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\temp
2012-01-12 23:54 . 2012-01-12 23:54   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-12 23:24 . 2008-01-21 02:24   184320   ----a-w-   c:\windows\system32\drivers\netbt.sys
2012-01-11 20:02 . 2012-01-11 20:02   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Template
2012-01-11 14:54 . 2011-11-17 06:48   440192   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-01-11 14:54 . 2011-11-16 16:23   377344   ----a-w-   c:\windows\system32\winhttp.dll
2012-01-11 14:54 . 2011-11-16 16:23   72704   ----a-w-   c:\windows\system32\secur32.dll
2012-01-11 14:54 . 2011-11-16 16:23   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-01-11 14:54 . 2011-11-16 16:21   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
2012-01-11 14:54 . 2011-11-16 14:12   9728   ----a-w-   c:\windows\system32\lsass.exe
2012-01-11 00:55 . 2011-10-14 16:03   189952   ----a-w-   c:\windows\system32\winmm.dll
2012-01-11 00:55 . 2011-10-14 16:00   23552   ----a-w-   c:\windows\system32\mciseq.dll
2012-01-11 00:55 . 2011-11-18 20:23   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 00:55 . 2011-11-25 15:59   376320   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-11 00:55 . 2011-11-18 17:47   66560   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 00:55 . 2011-12-01 15:21   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 00:55 . 2011-10-25 15:58   1314816   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 00:55 . 2011-10-25 15:58   497152   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-08 14:08 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-06 17:28 . 2012-01-06 17:28   --------   d-----w-   c:\program files\Safari
2012-01-06 14:52 . 2012-01-12 22:24   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----r-   c:\program files\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----w-   c:\program files\Common Files\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----w-   c:\programdata\Skype
2012-01-03 23:24 . 2012-01-05 04:18   --------   d-----w-   c:\users\SuperDuperUserOne\Tracing
2012-01-03 23:14 . 2012-01-04 06:26   --------   d-----w-   c:\program files\Microsoft
2012-01-03 23:14 . 2009-09-04 22:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2012-01-03 23:14 . 2009-09-04 22:44   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2012-01-03 23:14 . 2009-09-04 22:29   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2012-01-03 23:13 . 2006-11-29 18:06   3426072   ----a-w-   c:\windows\system32\d3dx9_32.dll
2012-01-03 23:12 . 2009-08-04 08:02   754688   ----a-w-   c:\windows\system32\webservices.dll
2012-01-03 23:10 . 2012-01-03 23:22   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\Windows Live
2012-01-03 23:10 . 2012-01-03 23:10   --------   d-----w-   c:\program files\Common Files\Windows Live
2012-01-01 23:07 . 2012-01-01 23:07   --------   d-----w-   c:\program files\VS Revo Group
2012-01-01 04:42 . 2012-01-01 05:07   --------   d-----w-   C:\Downloads
2012-01-01 04:38 . 2012-01-01 04:38   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\PLX_Technology
2012-01-01 04:36 . 2010-05-25 14:14   24880   ----a-w-   c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-01-01 04:36 . 2012-01-01 04:36   --------   d-----w-   c:\program files\Iomega
2011-12-31 10:16 . 2012-01-09 09:33   --------   d-----w-   c:\program files\MyDefrag v4.3.1
2011-12-30 07:12 . 2011-12-30 07:21   22032   ----a-w-   c:\windows\DCEBoot.exe
2011-12-28 08:50 . 2011-12-28 08:50   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\DDMSettings
2011-12-26 02:07 . 2011-12-26 02:07   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\FlashGet
2011-12-23 00:50 . 2011-12-23 00:50   --------   d-----w-   c:\program files\iPod
2011-12-23 00:50 . 2011-12-23 00:50   --------   d-----w-   c:\program files\iTunes
2011-12-22 23:29 . 2012-01-02 03:49   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Media Player Classic
2011-12-22 18:13 . 2011-12-22 23:29   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\DivX
2011-12-22 18:13 . 2011-12-22 18:13   --------   d-----w-   c:\program files\Common Files\PX Storage Engine
2011-12-22 18:12 . 2011-12-28 08:43   --------   d-----w-   c:\program files\Common Files\DivX Shared
2011-12-22 18:11 . 2011-12-28 08:44   --------   d-----w-   c:\program files\DivX
2011-12-22 18:11 . 2011-12-28 08:44   --------   d-----w-   c:\programdata\DivX
2011-12-22 18:08 . 2011-03-02 11:43   175616   ----a-w-   c:\windows\system32\unrar.dll
2011-12-18 04:30 . 2011-12-18 04:30   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Malwarebytes
2011-12-18 04:30 . 2011-12-18 04:30   --------   d-----w-   c:\programdata\Malwarebytes
2011-12-18 04:30 . 2012-01-08 14:08   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-16 01:26 . 2011-12-16 01:26   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\SUPERAntiSpyware.com
2011-12-16 01:25 . 2011-12-16 01:26   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-16 01:25 . 2011-12-16 01:25   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-12-14 03:57 . 2011-12-14 03:57   --------   d-----w-   c:\program files\BurnAware Free2011-12-14 03:11 . 2011-10-27 08:01   3602816   ----a-w-
c:\windows\system32\ntkrnlpa.exe
2011-12-14 03:11 . 2011-10-27 08:01   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-14 03:11 . 2011-10-14 16:02   429056   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-14 03:11 . 2011-11-23 13:37   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-12-14 03:10 . 2011-10-25 15:56   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-14 03:10 . 2011-11-08 14:42   2048   ----a-w-   c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 04:57 . 2008-07-07 16:18   319456   ----a-w-   c:\windows\DIFxAPI.dll
2011-12-04 01:31 . 2011-12-04 01:31   677136   ----a-w-   c:\programdata\Microsoft\eHome\Packages\
MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-01 18:32 . 2011-12-01 18:32   413696   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-12-01 18:32 . 2011-12-01 18:32   110592   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-12-01 13:10 . 2011-12-01 13:10   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-12-01 13:10 . 2011-12-01 13:10   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-12-01 13:10 . 2011-12-01 13:10   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-12-01 13:10 . 2011-12-01 13:10   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-12-01 13:10 . 2011-12-01 13:10   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-12-01 13:10 . 2011-12-01 13:10   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-12-01 13:10 . 2011-12-01 13:10   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-12-01 13:10 . 2011-12-01 13:10   367104   ----a-w-   c:\windows\system32\html.iec
2011-12-01 13:10 . 2011-12-01 13:10   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-01 13:10 . 2011-12-01 13:10   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-12-01 13:10 . 2011-12-01 13:10   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-12-01 13:10 . 2011-12-01 13:10   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-12-01 13:10 . 2011-12-01 13:10   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-12-01 13:10 . 2011-12-01 13:10   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-12-01 13:10 . 2011-12-01 13:10   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-12-01 13:10 . 2011-12-01 13:10   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-12-01 13:10 . 2011-12-01 13:10   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-12-01 13:09 . 2011-12-01 13:09   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2011-12-01 13:09 . 2011-12-01 13:09   357376   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2011-12-01 13:09 . 2011-12-01 13:09   98816   ----a-w-   c:\windows\system32\mfps.dll
2011-12-01 13:09 . 2011-12-01 13:09   586240   ----a-w-   c:\windows\system32\stobject.dll
2011-12-01 13:09 . 2011-12-01 13:09   302592   ----a-w-   c:\windows\system32\mfmp4src.dll
2011-12-01 13:09 . 2011-12-01 13:09   2873344   ----a-w-   c:\windows\system32\mf.dll
2011-12-01 13:09 . 2011-12-01 13:09   261632   ----a-w-   c:\windows\system32\mfreadwrite.dll
2011-12-01 13:09 . 2011-12-01 13:09   209920   ----a-w-   c:\windows\system32\mfplat.dll
2011-12-01 13:09 . 2011-12-01 13:09   683008   ----a-w-   c:\windows\system32\d2d1.dll
2011-12-01 13:09 . 2011-12-01 13:09   486400   ----a-w-   c:\windows\system32\d3d10level9.dll
2011-12-01 13:09 . 2011-12-01 13:09   135680   ----a-w-   c:\windows\system32\XpsRasterService.dll
2011-12-01 13:09 . 2011-12-01 13:09   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2011-12-01 13:09 . 2011-12-01 13:09   638336   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-12-01 13:09 . 2011-12-01 13:09   478720   ----a-w-   c:\windows\system32\dxgi.dll
2011-12-01 13:09 . 2011-12-01 13:09   37376   ----a-w-   c:\windows\system32\cdd.dll
2011-12-01 13:09 . 2011-12-01 13:09   258048   ----a-w-   c:\windows\system32\winspool.drv
2011-12-01 13:09 . 2011-12-01 13:09   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2011-12-01 13:09 . 2011-12-01 13:09   189952   ----a-w-   c:\windows\system32\d3d10core.dll
2011-12-01 13:09 . 2011-12-01 13:09   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-12-01 13:09 . 2011-12-01 13:09   1029120   ----a-w-   c:\windows\system32\d3d10.dll
2011-12-01 13:09 . 2011-12-01 13:09   847360   ----a-w-   c:\windows\system32\OpcServices.dll
2011-12-01 13:09 . 2011-12-01 13:09   667648   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2011-12-01 13:09 . 2011-12-01 13:09   26112   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2011-12-01 13:09 . 2011-12-01 13:09   1554432   ----a-w-   c:\windows\system32\xpsservices.dll
2011-12-01 13:07 . 2011-12-01 13:07   4096   ----a-w-   c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-12-01 13:07 . 2011-12-01 13:07   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2011-12-01 13:07 . 2011-12-01 13:07   519680   ----a-w-   c:\windows\system32\d3d11.dll
2011-12-01 13:07 . 2011-12-01 13:07   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2011-12-01 13:07 . 2011-12-01 13:07   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2011-12-01 13:07 . 2011-12-01 13:07   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2011-12-01 13:07 . 2011-12-01 13:07   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2011-12-01 13:07 . 2011-12-01 13:07   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2011-12-01 06:21 . 2011-12-01 06:21   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 00:44 . 2011-12-01 00:44   56   ----a-w-   c:\windows\system32\SupportTool.exe.bat
2011-12-01 00:39 . 2011-12-01 00:47   92432   ----a-w-   c:\windows\system32\drivers\tmtdi.sys
2011-12-01 00:39 . 2011-12-01 00:45   81168   ----a-w-   c:\windows\system32\drivers\tmactmon.sys
2011-12-01 00:39 . 2011-12-01 00:45   68368   ----a-w-   c:\windows\system32\drivers\tmevtmgr.sys
2011-12-01 00:39 . 2011-12-01 00:45   205072   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2011-11-30 08:46 . 2011-11-30 08:46   652296   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsTemplate\Sports
TemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-30 08:46 . 2011-11-30 08:46   416128   ----a-w-   c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-11-10 10:54 . 2011-12-01 01:12   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-20 23:26 . 2011-10-20 23:26   94208   ----a-w-   c:\windows\system32\dpl100.dll
2011-10-18 06:28 . 2011-11-30 07:11   6668624   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\
{3BA2DDA6-0E7F-403E-B843-9206D95A55FB}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-12-01 129304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-04-10 1310720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NETBT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - h:\flashget\jc_all.htm
IE: &Download with FlashGet - h:\flashget\jc_link.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 18:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16?

??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb]
"ImagePath"="\*"
.
Completion time: 2012-01-12 18:55:56
ComboFix-quarantined-files.txt 2012-01-12 23:55
ComboFix2.txt 2012-01-12 23:41
.
Pre-Run: 391,255,040,000 bytes free
Post-Run: 391,226,384,384 bytes free
.
- - End Of File - - 4BBED295A36C52B3FCEA12FA692C692D

SuperDave · « **Reply #3 on:** January 13, 2012, 01:30:15 PM »

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\DCEBoot.exe

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*********************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Doug · « **Reply #4 on:** January 13, 2012, 11:15:09 PM »

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Trend Micro Titanium
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 30
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````

http://virusscan.jotti.org/en/scanresult/5ffde52e278e4cbfbd11de7dcd98b9141187d095

I've gone to the security center and it's on but it reports that my AV is turned off and I cannot turn on Windows firewall which I'm pretty sure was on before with my AV. I'm posting this at about 1am and earlier today the security center did indicate that TrendMicro was reporting it's status as on. I checked for windows updates and have 3 important ones but they cannot be installed. Error code 80096001.

SuperDave · « **Reply #5 on:** January 14, 2012, 11:00:20 AM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Doug · « **Reply #6 on:** January 14, 2012, 11:31:10 AM »

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8F3B5000
Module End: 8F3C0000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8F3C0000
Module End: 8F3C8000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: 8675A41C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateMutant
Address: 868194DC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcess
Address: 867656DC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcessEx
Address: 864CF1E4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 8681844C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 8647B33C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: 8681A3C4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: 8681E2EC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDuplicateObject
Address: 8684634C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 86819514
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 867D72D4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 868212EC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 86818514
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRenameKey
Address: 8675F514
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: 86815384
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 86818484
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: 86747334
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8674D46C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 8679C3C4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 8647B374
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThreadEx
Address: 868202DC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateUserProcess
Address: 867FC324
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************

SuperDave · « **Reply #7 on:** January 14, 2012, 01:35:42 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Doug · « **Reply #8 on:** January 15, 2012, 02:42:41 AM »

I botched this step. I accidently stop it from running the first time when it had four threats in red listed. Then, I started it again and it didn't find anything and I didn't export a log file. After the last scan there were four items listed in quarantine but I don't know how to get the information. There are a bunch of NDF files in the quarantine file. This is the log I found in program files:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251

SuperDave · « **Reply #9 on:** January 15, 2012, 10:53:35 AM »

How's the computer running now?

Doug · « **Reply #10 on:** January 15, 2012, 01:41:58 PM »

When I scroll on Youtube it's not smooth and takes time to catch up. I can't install Windows updates. I can't turn Windows firewall on. The security center says my AV is turned off. And what about the threats the scanner found? Can we check on those somehow?

SuperDave · « **Reply #11 on:** January 15, 2012, 06:47:54 PM »

Quote

When I scroll on Youtube it's not smooth and takes time to catch up.

Do you mean when you're watching a video on YouTube?

Quote

And what about the threats the scanner found? Can we check on those somehow?

You didn't post any log from ESET. Please run it again.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

Doug · « **Reply #12 on:** January 16, 2012, 06:57:12 AM »

I ran ESET again, then restored the threats, then ran it again to get a log of the threats. I could not figure out how to post NQF files without it looking like jibberish.

C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\584e2490-5cd1f384   a variant of Java/Agent.DZ trojan   deleted - quarantined
C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-40fc61a6   a variant of Java/Agent.DZ trojan   deleted - quarantined
C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\209f30a4-617b40b5   a variant of Java/Agent.DZ trojan   deleted - quarantined
C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-3d7dda2a   a variant of Java/Agent.DZ trojan   deleted - quarantined

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-16 08:46:52
-----------------------------
08:46:52.538 OS Version: Windows 6.0.6002 Service Pack 2
08:46:52.538 Number of processors: 2 586 0x1706
08:46:52.538 ComputerName: SUPERDUPERUS-PC UserName:
08:46:55.664 Initialize success
08:48:09.886 AVAST engine defs: 12011600
08:48:33.091 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1
08:48:33.091 Disk 0 Vendor: WDC_WD5000AAKS-65A7B0 01.03B01 Size: 476940MB BusType: 3
08:48:33.107 Disk 0 MBR read successfully
08:48:33.107 Disk 0 MBR scan
08:48:33.107 Disk 0 unknown MBR code
08:48:33.122 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466158 MB offset 63
08:48:33.154 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10778 MB offset 954691920
08:48:33.169 Disk 0 scanning sectors +976767120
08:48:33.232 Disk 0 scanning C:\Windows\system32\drivers
08:48:48.661 Service scanning
08:48:49.083 Service .smb \* **LOCKED** 123
08:48:49.896 Modules scanning
08:48:52.958 Disk 0 trace - called modules:
08:48:53.474 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
08:48:53.490 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850f8780]
08:48:53.490 3 CLASSPNP.SYS[8a1a38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1[0x84eebb98]
08:48:54.427 AVAST engine scan C:\Windows
08:48:59.255 AVAST engine scan C:\Windows\system32
08:50:00.325 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
08:52:02.252 AVAST engine scan C:\Windows\system32\drivers
08:52:14.412 AVAST engine scan C:\Users\SuperDuperUserOne
08:53:10.198 AVAST engine scan C:\ProgramData
08:53:34.927 Scan finished successfully
08:54:04.828 Disk 0 MBR has been saved successfully to "C:\Users\SuperDuperUserOne\Desktop\MBR.dat"
08:54:04.844 The log file has been saved successfully to "C:\Users\SuperDuperUserOne\Desktop\aswMBR.txt"

SuperDave · « **Reply #13 on:** January 16, 2012, 01:52:39 PM »

Please run ComboFix again and post the log.

Doug · « **Reply #14 on:** January 16, 2012, 02:06:56 PM »

OK. Like last time and it's happening this time. I follow the instructions on how to disable my AV but I'm still prompted to disable it. It says the above real time scanner is active (Trend Micro) but will run anyway. Last time I just ran any. Is this a major problem?

Doug · « **Reply #15 on:** January 16, 2012, 02:45:53 PM »

This computer is starting to drive me mad. Combofix produced a log and I copied it. Then, I tried to open IE and no shortcuts work again. I restarted the computer and didn't save the log. So, ran again and saved.

ComboFix 12-01-16.02 - SuperDuperUserOne 01/16/2012 16:35:22.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3033.2022 [GMT -5:00]
Running from: c:\users\SuperDuperUserOne\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 21:40 . 2012-01-16 21:40   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\temp
2012-01-16 21:40 . 2012-01-16 21:40   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-15 15:23 . 2012-01-15 15:23   --------   d-----w-   c:\users\Non-Admin
2012-01-14 21:45 . 2012-01-14 21:45   --------   d-----w-   c:\program files\ESET
2012-01-13 18:02 . 2012-01-13 18:02   --------   d-----w-   c:\users\loridousDex
2012-01-12 23:24 . 2008-01-21 02:24   184320   ----a-w-   c:\windows\system32\drivers\netbt.sys
2012-01-11 20:02 . 2012-01-11 20:02   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Template
2012-01-11 14:54 . 2011-11-17 06:48   440192   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-01-11 14:54 . 2011-11-16 16:23   377344   ----a-w-   c:\windows\system32\winhttp.dll
2012-01-11 14:54 . 2011-11-16 16:23   72704   ----a-w-   c:\windows\system32\secur32.dll
2012-01-11 14:54 . 2011-11-16 16:23   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-01-11 14:54 . 2011-11-16 16:21   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
2012-01-11 14:54 . 2011-11-16 14:12   9728   ----a-w-   c:\windows\system32\lsass.exe
2012-01-11 00:55 . 2011-10-14 16:03   189952   ----a-w-   c:\windows\system32\winmm.dll
2012-01-11 00:55 . 2011-10-14 16:00   23552   ----a-w-   c:\windows\system32\mciseq.dll
2012-01-11 00:55 . 2011-11-18 20:23   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 00:55 . 2011-11-25 15:59   376320   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-11 00:55 . 2011-11-18 17:47   66560   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 00:55 . 2011-12-01 15:21   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 00:55 . 2011-10-25 15:58   1314816   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 00:55 . 2011-10-25 15:58   497152   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-08 14:08 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-06 17:28 . 2012-01-06 17:28   --------   d-----w-   c:\program files\Safari
2012-01-06 14:52 . 2012-01-16 11:38   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----r-   c:\program files\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----w-   c:\program files\Common Files\Skype
2012-01-06 14:52 . 2012-01-06 14:52   --------   d-----w-   c:\programdata\Skype
2012-01-03 23:24 . 2012-01-05 04:18   --------   d-----w-   c:\users\SuperDuperUserOne\Tracing
2012-01-03 23:14 . 2012-01-04 06:26   --------   d-----w-   c:\program files\Microsoft
2012-01-03 23:14 . 2009-09-04 22:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2012-01-03 23:14 . 2009-09-04 22:44   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2012-01-03 23:14 . 2009-09-04 22:29   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2012-01-03 23:13 . 2006-11-29 18:06   3426072   ----a-w-   c:\windows\system32\d3dx9_32.dll
2012-01-03 23:12 . 2009-08-04 08:02   754688   ----a-w-   c:\windows\system32\webservices.dll
2012-01-03 23:10 . 2012-01-03 23:22   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\Windows Live
2012-01-03 23:10 . 2012-01-03 23:10   --------   d-----w-   c:\program files\Common Files\Windows Live
2012-01-01 23:07 . 2012-01-01 23:07   --------   d-----w-   c:\program files\VS Revo Group
2012-01-01 04:42 . 2012-01-01 05:07   --------   d-----w-   C:\Downloads
2012-01-01 04:38 . 2012-01-01 04:38   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\PLX_Technology
2012-01-01 04:36 . 2010-05-25 14:14   24880   ----a-w-   c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-01-01 04:36 . 2012-01-01 04:36   --------   d-----w-   c:\program files\Iomega
2011-12-31 10:16 . 2012-01-09 09:33   --------   d-----w-   c:\program files\MyDefrag v4.3.1
2011-12-30 07:12 . 2011-12-30 07:21   22032   ----a-w-   c:\windows\DCEBoot.exe
2011-12-28 08:50 . 2011-12-28 08:50   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Local\DDMSettings
2011-12-26 02:07 . 2011-12-26 02:07   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\FlashGet
2011-12-23 00:50 . 2011-12-23 00:50   --------   d-----w-   c:\program files\iPod
2011-12-23 00:50 . 2011-12-23 00:50   --------   d-----w-   c:\program files\iTunes
2011-12-22 23:29 . 2012-01-02 03:49   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Media Player Classic
2011-12-22 18:13 . 2011-12-22 23:29   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\DivX
2011-12-22 18:13 . 2011-12-22 18:13   --------   d-----w-   c:\program files\Common Files\PX Storage Engine
2011-12-22 18:12 . 2011-12-28 08:43   --------   d-----w-   c:\program files\Common Files\DivX Shared
2011-12-22 18:11 . 2011-12-28 08:44   --------   d-----w-   c:\program files\DivX
2011-12-22 18:11 . 2011-12-28 08:44   --------   d-----w-   c:\programdata\DivX
2011-12-22 18:08 . 2011-03-02 11:43   175616   ----a-w-   c:\windows\system32\unrar.dll
2011-12-18 04:30 . 2011-12-18 04:30   --------   d-----w-   c:\users\SuperDuperUserOne\AppData\Roaming\Malwarebytes
2011-12-18 04:30 . 2011-12-18 04:30   --------   d-----w-   c:\programdata\Malwarebytes
2011-12-18 04:30 . 2012-01-08 14:08   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 04:57 . 2008-07-07 16:18   319456   ----a-w-   c:\windows\DIFxAPI.dll
2011-12-04 01:31 . 2011-12-04 01:31   677136   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-01 18:32 . 2011-12-01 18:32   413696   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-12-01 18:32 . 2011-12-01 18:32   110592   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-12-01 13:10 . 2011-12-01 13:10   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-12-01 13:10 . 2011-12-01 13:10   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-12-01 13:10 . 2011-12-01 13:10   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-12-01 13:10 . 2011-12-01 13:10   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-12-01 13:10 . 2011-12-01 13:10   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-12-01 13:10 . 2011-12-01 13:10   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-12-01 13:10 . 2011-12-01 13:10   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-12-01 13:10 . 2011-12-01 13:10   367104   ----a-w-   c:\windows\system32\html.iec
2011-12-01 13:10 . 2011-12-01 13:10   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-01 13:10 . 2011-12-01 13:10   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-12-01 13:10 . 2011-12-01 13:10   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-12-01 13:10 . 2011-12-01 13:10   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-12-01 13:10 . 2011-12-01 13:10   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-12-01 13:10 . 2011-12-01 13:10   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-12-01 13:10 . 2011-12-01 13:10   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-12-01 13:10 . 2011-12-01 13:10   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-12-01 13:10 . 2011-12-01 13:10   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-12-01 13:09 . 2011-12-01 13:09   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2011-12-01 13:09 . 2011-12-01 13:09   357376   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2011-12-01 13:09 . 2011-12-01 13:09   98816   ----a-w-   c:\windows\system32\mfps.dll
2011-12-01 13:09 . 2011-12-01 13:09   586240   ----a-w-   c:\windows\system32\stobject.dll
2011-12-01 13:09 . 2011-12-01 13:09   302592   ----a-w-   c:\windows\system32\mfmp4src.dll
2011-12-01 13:09 . 2011-12-01 13:09   2873344   ----a-w-   c:\windows\system32\mf.dll
2011-12-01 13:09 . 2011-12-01 13:09   261632   ----a-w-   c:\windows\system32\mfreadwrite.dll
2011-12-01 13:09 . 2011-12-01 13:09   209920   ----a-w-   c:\windows\system32\mfplat.dll
2011-12-01 13:09 . 2011-12-01 13:09   683008   ----a-w-   c:\windows\system32\d2d1.dll
2011-12-01 13:09 . 2011-12-01 13:09   486400   ----a-w-   c:\windows\system32\d3d10level9.dll
2011-12-01 13:09 . 2011-12-01 13:09   135680   ----a-w-   c:\windows\system32\XpsRasterService.dll
2011-12-01 13:09 . 2011-12-01 13:09   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2011-12-01 13:09 . 2011-12-01 13:09   638336   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-12-01 13:09 . 2011-12-01 13:09   478720   ----a-w-   c:\windows\system32\dxgi.dll
2011-12-01 13:09 . 2011-12-01 13:09   37376   ----a-w-   c:\windows\system32\cdd.dll
2011-12-01 13:09 . 2011-12-01 13:09   258048   ----a-w-   c:\windows\system32\winspool.drv
2011-12-01 13:09 . 2011-12-01 13:09   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2011-12-01 13:09 . 2011-12-01 13:09   189952   ----a-w-   c:\windows\system32\d3d10core.dll
2011-12-01 13:09 . 2011-12-01 13:09   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-12-01 13:09 . 2011-12-01 13:09   1029120   ----a-w-   c:\windows\system32\d3d10.dll
2011-12-01 13:09 . 2011-12-01 13:09   847360   ----a-w-   c:\windows\system32\OpcServices.dll
2011-12-01 13:09 . 2011-12-01 13:09   667648   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2011-12-01 13:09 . 2011-12-01 13:09   26112   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2011-12-01 13:09 . 2011-12-01 13:09   1554432   ----a-w-   c:\windows\system32\xpsservices.dll
2011-12-01 13:07 . 2011-12-01 13:07   4096   ----a-w-   c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-12-01 13:07 . 2011-12-01 13:07   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2011-12-01 13:07 . 2011-12-01 13:07   519680   ----a-w-   c:\windows\system32\d3d11.dll
2011-12-01 13:07 . 2011-12-01 13:07   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2011-12-01 13:07 . 2011-12-01 13:07   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2011-12-01 13:07 . 2011-12-01 13:07   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2011-12-01 13:07 . 2011-12-01 13:07   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2011-12-01 13:07 . 2011-12-01 13:07   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2011-12-01 06:21 . 2011-12-01 06:21   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 00:44 . 2011-12-01 00:44   56   ----a-w-   c:\windows\system32\SupportTool.exe.bat
2011-12-01 00:39 . 2011-12-01 00:47   92432   ----a-w-   c:\windows\system32\drivers\tmtdi.sys
2011-12-01 00:39 . 2011-12-01 00:45   81168   ----a-w-   c:\windows\system32\drivers\tmactmon.sys
2011-12-01 00:39 . 2011-12-01 00:45   68368   ----a-w-   c:\windows\system32\drivers\tmevtmgr.sys
2011-12-01 00:39 . 2011-12-01 00:45   205072   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2011-11-30 08:46 . 2011-11-30 08:46   652296   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-30 08:46 . 2011-11-30 08:46   416128   ----a-w-   c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-11-23 13:37 . 2011-12-14 03:11   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-11-10 10:54 . 2011-12-01 01:12   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-08 14:42 . 2011-12-14 03:10   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 03:38   1798144   ----a-w-   c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 03:38   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 03:38   1127424   ----a-w-   c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 03:38   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-14 03:11   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-14 03:11   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-14 03:10   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-20 23:26 . 2011-10-20 23:26   94208   ----a-w-   c:\windows\system32\dpl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-12-01 129304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-04-10 1310720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - h:\flashget\jc_all.htm
IE: &Download with FlashGet - h:\flashget\jc_link.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-16 16:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16?

?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb]
"ImagePath"="\*"
.
Completion time: 2012-01-16 16:42:05
ComboFix-quarantined-files.txt 2012-01-16 21:42
ComboFix2.txt 2012-01-16 21:18
ComboFix3.txt 2012-01-12 23:55
ComboFix4.txt 2012-01-12 23:41
.
Pre-Run: 391,656,218,624 bytes free
Post-Run: 391,627,489,280 bytes free
.
- - End Of File - - EB0AC340BA55BEB6C4628FB681240293

SuperDave · « **Reply #16 on:** January 16, 2012, 04:23:04 PM »

Quote

It says the above real time scanner is active (Trend Micro) but will run anyway. Last time I just ran any. Is this a major problem?

Not really. This next one is necessary to find a replacement file.

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
jureg.exe

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

Doug · « **Reply #17 on:** January 16, 2012, 04:48:46 PM »

SystemLook 30.07.11 by jpshortstuff
Log created at 18:47 on 16/01/2012 by SuperDuperUserOne
Administrator - Elevation successful

========== filefind ==========

Searching for "jureg.exe "
C:\WINDOWS\System32\jureg.exe --a---- 54936 bytes [16:29 07/07/2008] [09:56 07/04/2007] 4F89DD4EA74C66916E15A6E7D74A50B5

-= EOF =-

SuperDave · « **Reply #18 on:** January 16, 2012, 07:32:15 PM »

Do you have your OS CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

Doug · « **Reply #19 on:** January 17, 2012, 01:30:01 AM »

I ran it and it fixed something but I cannot view the log located in windows\logs\CBS\CBS.log. When I try and open it I just get "access is denied."

SuperDave · « **Reply #20 on:** January 17, 2012, 11:57:41 AM »

Please run the aswMBR scan again as described in Reply # 11

Doug · « **Reply #21 on:** January 17, 2012, 12:35:45 PM »

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-17 14:10:29
-----------------------------
14:10:29.423 OS Version: Windows 6.0.6002 Service Pack 2
14:10:29.423 Number of processors: 2 586 0x1706
14:10:29.423 ComputerName: SUPERDUPERUS-PC UserName:
14:10:45.633 Initialize success
14:29:00.122 AVAST engine defs: 12011700
14:30:23.043 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:30:23.043 Disk 0 Vendor: WDC_WD5000AAKS-65A7B0 01.03B01 Size: 476940MB BusType: 3
14:30:23.058 Disk 0 MBR read successfully
14:30:23.058 Disk 0 MBR scan
14:30:23.074 Disk 0 unknown MBR code
14:30:23.074 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466158 MB offset 63
14:30:23.105 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10778 MB offset 954691920
14:30:23.121 Disk 0 scanning sectors +976767120
14:30:23.262 Disk 0 scanning C:\Windows\system32\drivers
14:30:38.381 Service scanning
14:30:38.896 Service .smb \* **LOCKED** 123
14:30:39.662 Modules scanning
14:30:51.522 Disk 0 trace - called modules:
14:30:51.538 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
14:30:51.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c78960]
14:30:51.554 3 CLASSPNP.SYS[8a3a28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x8531c660]
14:30:52.679 AVAST engine scan C:\Windows
14:30:56.085 AVAST engine scan C:\Windows\system32
14:31:50.541 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
14:33:33.805 AVAST engine scan C:\Windows\system32\drivers
14:33:45.433 AVAST engine scan C:\Users\SuperDuperUserOne
14:34:39.005 AVAST engine scan C:\ProgramData
14:35:04.110 Scan finished successfully
14:35:25.268 Disk 0 MBR has been saved successfully to "C:\Users\SuperDuperUserOne\Desktop\MBR.dat"
14:35:25.268 The log file has been saved successfully to "C:\Users\SuperDuperUserOne\Desktop\aswMBR_Tuesday.txt"

SuperDave · « **Reply #22 on:** January 17, 2012, 04:41:09 PM »

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Please run another aswMBR scan and post the log after doing the above.

Doug · « **Reply #23 on:** January 18, 2012, 05:10:24 AM »

The Kaspersky tool didn't find any threats. There were password protected files that appeared as locked in a box in the bottom right corner.

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-18 06:59:05
-----------------------------
06:59:05.968 OS Version: Windows 6.0.6002 Service Pack 2
06:59:05.968 Number of processors: 2 586 0x1706
06:59:05.968 ComputerName: SUPERDUPERUS-PC UserName:
06:59:16.761 Initialize success
06:59:24.355 AVAST engine defs: 12011700
06:59:43.340 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
06:59:43.340 Disk 0 Vendor: WDC_WD5000AAKS-65A7B0 01.03B01 Size: 476940MB BusType: 3
06:59:43.387 Disk 0 MBR read successfully
06:59:43.387 Disk 0 MBR scan
06:59:43.387 Disk 0 unknown MBR code
06:59:43.387 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466158 MB offset 63
06:59:43.434 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10778 MB offset 954691920
06:59:43.449 Disk 0 scanning sectors +976767120
06:59:43.559 Disk 0 scanning C:\Windows\system32\drivers
07:00:04.469 Service scanning
07:00:05.578 Service .smb \* **LOCKED** 123
07:00:09.012 Modules scanning
07:00:21.091 Disk 0 trace - called modules:
07:00:21.606 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
07:00:21.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ffa40]
07:00:21.606 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x852dc660]
07:00:22.936 AVAST engine scan C:\Windows
07:00:33.610 AVAST engine scan C:\Windows\system32
07:01:45.555 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
07:03:52.329 AVAST engine scan C:\Windows\system32\drivers
07:04:16.270 AVAST engine scan C:\Users\SuperDuperUserOne
07:06:00.213 AVAST engine scan C:\ProgramData
07:06:25.568 Scan finished successfully
07:07:31.855 Disk 0 MBR has been saved successfully to "C:\Users\SuperDuperUserOne\Desktop\MBR.dat"
07:07:31.870 The log file has been saved successfully to "C:\Users\SuperDuperUserOne\Desktop\aswMBR Wednesday.txt"

SuperDave · « **Reply #24 on:** January 18, 2012, 12:24:38 PM »

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Windows\system32\jureg.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

Doug · « **Reply #25 on:** January 18, 2012, 08:15:54 PM »

http://virusscan.jotti.org/en/scanresult/8dc3c5480653ef5777f7849e6f56ed679164f255/f821b9d414151634fa99f4acf0d80918be0c9d9a

SuperDave · « **Reply #26 on:** January 19, 2012, 11:19:57 AM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Doug · « **Reply #27 on:** January 19, 2012, 09:17:34 PM »

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8F5AB000
Module End: 8F5B6000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8F5B6000
Module End: 8F5BE000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: 868E3324
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateMutant
Address: 86AF9EA4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcess
Address: 868D738C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcessEx
Address: 868EB34C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 86AF9E34
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 86AF9FD4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: 86AF77AC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: 86AF733C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDuplicateObject
Address: 86AF9DFC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 86AF9EDC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 8671C16C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 86AF7304
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 868EC2EC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRenameKey
Address: 86AF7774
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: 86AF7374
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 86AF9E6C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: 868E32EC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 868CF35C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 868CF324
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 86AF72CC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThreadEx
Address: 86AF9F14
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateUserProcess
Address: 8690E3CC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************

SuperDave · « **Reply #28 on:** January 20, 2012, 11:48:30 AM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Doug · « **Reply #29 on:** January 20, 2012, 01:00:58 PM »

C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-1c85613d   a variant of Java/TrojanDownloader.Agent.NDJ trojan   deleted - quarantined
C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\60b5d41b-31e0b3c1   a variant of Java/TrojanDownloader.Agent.NDJ trojan   deleted - quarantined
C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\29b4c469-5bd4bde4   a variant of Java/TrojanDownloader.Agent.NDJ trojan   deleted - quarantined
C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\72a066eb-782c00a9   a variant of Java/TrojanDownloader.Agent.NDJ trojan   deleted - quarantined
C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-5c14c963   a variant of Java/TrojanDownloader.Agent.NDJ trojan   deleted - quarantined
C:\Documents and Settings\SuperDuperUserOne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\43c3de87-1f2733a4   a variant of Java/TrojanDownloader.Agent.NDJ trojan   deleted - quarantined

There were four items last scan and now there's six. I still can't turn on Windows Firewall and the security center still says my AV is off. I don't know. Maybe Windows firewall was never on with Trend Micro. But, I know it use to report that the Anti-virus was on and reporting to Windows.

Doug · « **Reply #30 on:** January 21, 2012, 11:34:54 AM »

I have an external hd that I keep music on. I decided to scan it with Malwarebytes and SAS and found stuff on it. I used Flashget to download music onto it. I normally don't have it plugged into my computer. Only when I listen to or download music.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SuperDuperUserOne :: SUPERDUPERUS-PC [administrator]

1/21/2012 1:25:14 PM
mbam-log-2012-01-21 (13-25-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 164770
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8C2DFA75-6722-426B-BCF6-3ACA446D7EF8} (Trojan.ZbotR.Gen) -> Data: C:\Users\SuperDuperUserOne\AppData\Roaming\Atdeh\avky.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\SuperDuperUserOne\AppData\Roaming\Atdeh\avky.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

(end)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2012 at 01:18 PM

Application Version : 5.0.1142

Core Rules Database Version : 8153
Trace Rules Database Version: 5965

Scan type : Complete Scan
Total Scan Time : 00:01:59

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 643
Memory threats detected : 0
Registry items scanned : 20869
Registry threats detected : 0
File items scanned : 3714
File threats detected : 11

Adware.Tracking Cookie
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD1R670U.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8K89AKN.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9M0TPN8W.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VUE2CRC.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ANUZ1JJ4.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6KIUWLDN.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\69U7O6RQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CDV2CV2P.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\R5MYW2OS.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUP9MC0W.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZYSQZSJ.txt [ Cookie:[email protected]/ ]

I can't believe this has stuff on it. Are these the adds that come with Flashget?

SuperDave · « **Reply #31 on:** January 21, 2012, 11:47:30 AM »

Are these the adds that come with Flashget?
It's difficult to tell.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Doug · « **Reply #32 on:** January 21, 2012, 03:24:16 PM »

I just scanneded everything drive that showed up with SAS and Malwarebytes.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2012 at 02:50 PM

Application Version : 5.0.1142

Core Rules Database Version : 8153
Trace Rules Database Version: 5965

Scan type : Complete Scan
Total Scan Time : 00:52:22

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 573
Memory threats detected : 0
Registry items scanned : 20167
Registry threats detected : 0
File items scanned : 118744
File threats detected : 6

Adware.Tracking Cookie
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZS05I6MG.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z7ZZF1KE.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKYYUZ7U.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5MAMGBY.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF3NTN2K.txt [ Cookie:[email protected]/ ]
   ia.media-imdb.com [ C:\USERS\SUPERDUPERUSERONE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7966WRRD ]

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SuperDuperUserOne :: SUPERDUPERUS-PC [administrator]

1/21/2012 2:59:50 PM
mbam-log-2012-01-21 (14-59-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 286103
Time elapsed: 51 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SuperDave · « **Reply #33 on:** January 21, 2012, 04:36:26 PM »

Two versions of Trend Micro Titanium has something called Windows Firewall Booster. Perhaps that the reason why you can't turn on the Windows Firewall.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
****************************************************

Go to Microsoft Windows Update and get all critical updates.

Doug · « **Reply #34 on:** January 22, 2012, 10:31:17 AM »

I didn't check on firewall booster and mrt.exe didn't find anything. I did try and do updates and get these messages. Pay attention to the dates. The last check was 1/12. And this is with me trying to install updates from today.

After I try to install updates and fail I check to see if new updates are available.

And what about the locked file and infected file from this report?

07:00:04.469 Service scanning
07:00:05.578 Service .smb \* **LOCKED** 123
07:00:09.012 Modules scanning
07:00:21.091 Disk 0 trace - called modules:
07:00:21.606 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
07:00:21.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ffa40]
07:00:21.606 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x852dc660]
07:00:22.936 AVAST engine scan C:\Windows
07:00:33.610 AVAST engine scan C:\Windows\system32
07:01:45.555 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
07:03:52.329 AVAST engine scan C:\Windows\system32\drivers
07:04:16.270 AVAST engine scan C:\Users\SuperDuperUserOne
07:06

Did we delete the jureg.exe file?

I'll look and see what I can find out about the firewall booster.

SuperDave · « **Reply #35 on:** January 22, 2012, 03:37:15 PM »

Quote

C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]

Jotti says that file is clean.
Do you have your OS disk?

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Doug · « **Reply #36 on:** January 23, 2012, 06:20:59 PM »

This is what I understand. I have an HP computer. My disks are installed on the hard drive. When I ran sfc it did fix something but I never had to use a separate CD. When I restored my computer, again, I didn't have to insert a CD. That's the way I understand it.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows Vista Home Premium Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   Intel Corporation
BIOS Manufacturer:      Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask:      0x0000001c

Kernel Drivers (total 143):
0x8201E000 \SystemRoot\system32\ntkrnlpa.exe
0x823D8000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\system32\drivers\acpi.sys
0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E9000 \SystemRoot\system32\drivers\pci.sys
0x80710000 \SystemRoot\System32\drivers\partmgr.sys
0x8071F000 \SystemRoot\system32\drivers\volmgr.sys
0x8072E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80778000 \SystemRoot\system32\drivers\pciide.sys
0x8077F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8078D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079D000 \SystemRoot\system32\drivers\atapi.sys
0x807A5000 \SystemRoot\system32\drivers\ataport.SYS
0x807C3000 \SystemRoot\system32\drivers\fltmgr.sys
0x805B2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8260E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82680000 \SystemRoot\system32\drivers\ndis.sys
0x8278B000 \SystemRoot\system32\drivers\msrpc.sys
0x827B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A00E000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A312000 \SystemRoot\system32\drivers\volsnap.sys
0x8A34B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A353000 \SystemRoot\System32\Drivers\mup.sys
0x8A362000 \SystemRoot\System32\drivers\ecache.sys
0x8A389000 \SystemRoot\system32\drivers\disk.sys
0x8A39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A3EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E520000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E5C0000 \SystemRoot\System32\drivers\watchdog.sys
0x8E5CC000 \SystemRoot\system32\DRIVERS\HECI.sys
0x8E5D6000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E5F0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8A113000 \SystemRoot\system32\DRIVERS\e1q6032.sys
0x8A13A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A145000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A183000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E60E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E69B000 \SystemRoot\system32\drivers\AVer88xHD.sys
0x8E70C000 \SystemRoot\system32\drivers\ks.sys
0x8E736000 \SystemRoot\system32\drivers\BdaSup.SYS
0x8E739000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E751000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E757000 \SystemRoot\system32\drivers\tpm.sys
0x8E765000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E774000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E7A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E7E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A192000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E7EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A1A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A1CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A1DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805C2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A1EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E60B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x827F1000 \SystemRoot\system32\DRIVERS\circlass.sys
0x82600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x805D7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EC07000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EC3C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC4D000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8ECB0000 \SystemRoot\system32\drivers\portcls.sys
0x8ECDD000 \SystemRoot\system32\drivers\drmk.sys
0x8ED02000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ED0B000 \SystemRoot\System32\Drivers\Null.SYS
0x8ED12000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ED35000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED3C000 \SystemRoot\System32\drivers\vga.sys
0x8ED48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ED69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ED71000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ED79000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ED84000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8ED92000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8ED9B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EDB1000 \SystemRoot\system32\drivers\afd.sys
0x8F407000 \SystemRoot\system32\drivers\netbt.sys
0x8F439000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F442000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F458000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F466000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0x8F49D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8F4C3000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0x8F4D8000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0x8F4F4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F507000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x8F51C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F53E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F544000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F580000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F58A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F5A1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F5AE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F5B9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96810000 \SystemRoot\System32\win32k.sys
0x8F5C1000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F5CB000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x8F5E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F5E3000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8F5EE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ED19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8ED22000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8A3C4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8A3D3000 \SystemRoot\System32\Drivers\usbaapl.sys
0x8ED2A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x96A30000 \SystemRoot\System32\TSDDD.dll
0x96A50000 \SystemRoot\System32\cdd.dll
0x805E4000 \SystemRoot\system32\drivers\luafv.sys
0xAAE0A000 \SystemRoot\system32\drivers\spsys.sys
0xAAEBA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAAECA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAEDD000 \SystemRoot\system32\drivers\HTTP.sys
0xAAF4A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAF67000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAF80000 \SystemRoot\system32\drivers\mrxdav.sys
0xAAFA1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAFC0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB003000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB01B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB043000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB092000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAB09B000 \SystemRoot\system32\drivers\peauth.sys
0xAB179000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB183000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB18F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAB1A5000 \SystemRoot\system32\drivers\MSPQM.sys
0x76F70000 \WINDOWS\System32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
492 C:\WINDOWS\System32\smss.exe
560 csrss.exe
604 C:\WINDOWS\System32\wininit.exe
612 csrss.exe
648 C:\WINDOWS\System32\services.exe
660 C:\WINDOWS\System32\lsass.exe
668 C:\WINDOWS\System32\lsm.exe
828 C:\WINDOWS\System32\winlogon.exe
848 C:\WINDOWS\System32\svchost.exe
908 C:\WINDOWS\System32\svchost.exe
980 C:\WINDOWS\System32\svchost.exe
1008 C:\WINDOWS\System32\svchost.exe
1020 C:\WINDOWS\System32\svchost.exe
1100 C:\WINDOWS\System32\audiodg.exe
1124 C:\WINDOWS\System32\svchost.exe
1140 C:\WINDOWS\System32\SLsvc.exe
1184 C:\WINDOWS\System32\svchost.exe
1292 C:\WINDOWS\System32\svchost.exe
1448 C:\WINDOWS\System32\spoolsv.exe
1472 C:\WINDOWS\System32\svchost.exe
1792 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
1816 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
1824 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1836 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
1848 C:\WINDOWS\System32\AEADISRV.EXE
1868 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1912 C:\Program Files\Bonjour\mDNSResponder.exe
1948 C:\WINDOWS\System32\dlcccoms.exe
2016 C:\WINDOWS\System32\svchost.exe
200 C:\WINDOWS\System32\svchost.exe
352 C:\WINDOWS\System32\svchost.exe
516 C:\WINDOWS\System32\SearchIndexer.exe
2352 C:\WINDOWS\System32\taskeng.exe
2496 C:\WINDOWS\System32\taskeng.exe
2548 C:\WINDOWS\System32\dwm.exe
2644 C:\WINDOWS\explorer.exe
2824 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2832 C:\WINDOWS\System32\igfxtray.exe
2840 C:\WINDOWS\System32\hkcmd.exe
2848 C:\WINDOWS\System32\igfxpers.exe
2884 C:\Program Files\iTunes\iTunesHelper.exe
2892 C:\hp\support\hpsysdrv.exe
2916 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2944 C:\WINDOWS\ehome\ehtray.exe
3084 C:\WINDOWS\ehome\ehmsas.exe
3156 C:\WINDOWS\ehome\ehsched.exe
3240 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
3380 C:\Program Files\iPod\bin\iPodService.exe
3624 C:\WINDOWS\ehome\ehrecvr.exe
2212 C:\WINDOWS\System32\SearchProtocolHost.exe
3748 C:\WINDOWS\System32\svchost.exe
3308 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3608 C:\hp\KBD\kbd.exe
3184 WmiPrvSE.exe
3872 C:\WINDOWS\System32\SearchFilterHost.exe
944 C:\Users\SuperDuperUserOne\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`cee2a000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-65A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB945 6

Done!

SuperDave · « **Reply #37 on:** January 23, 2012, 07:24:46 PM »

Quote

When I ran sfc it did fix something but I never had to use a separate CD.

If it found a missing or corrupted file, it would have asked for the CD.

Quote

My disks are installed on the hard drive.

Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks?

Quote

When I restored my computer, again, I didn't have to insert a CD

You don't need to have an OS disk to do a System Restore. Do you mean re-format?
I'm going to check with a colleague about this problem

SuperDave · « **Reply #38 on:** January 24, 2012, 06:02:23 PM »

This looks like a false-positive warning.
We should do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Doug · « **Reply #39 on:** January 26, 2012, 09:59:10 AM »

I did the steps from reply #38.

Quote

Quote

When I ran sfc it did fix something but I never had to use a separate CD.

If it found a missing or corrupted file, it would have asked for the CD.

Quote

My disks are installed on the hard drive.

Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks?

Quote

When I restored my computer, again, I didn't have to insert a CD

You don't need to have an OS disk to do a System Restore. Do you mean re-format?
I'm going to check with a colleague about this problem

Your answers are what I meant. But, I don't have any Windows disks. I don't know how to re-format. Last time I had a problem I used windows repair and, well I ended up reinstalling windows. But, I didn't have to use disks. I did burn a recovery CD. ...I did have to enter my windows key. When I ran sfc it didn't ask me for disks. It did create a log at Windows/Logs/CBS. I still can't install Windows updates and Windows Firewall is off.

I'm going to try that recovery CD I burned form last time and see what options it gives me. Because last time there where no restore points. And run sfc again and see what happens. Thanks for the on-going help.

Doug · « **Reply #40 on:** January 26, 2012, 11:24:23 AM »

Oh no! I just got this.

SuperDave · « **Reply #41 on:** January 26, 2012, 11:54:16 AM »

The Recovery Console is installed on a separate partition of your harddrive. The Recovery disc you created should let you do a repair to the system files.

Computer Hope Forum

News:

Author Topic: I downloaded something I should not have. (Read 22379 times)

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

Doug

SuperDave

SuperDave

Doug

Doug

SuperDave