I downloaded something I should not have.

[Doug]

I have an external hd that I keep music on.  I decided to scan it with Malwarebytes and SAS and found stuff on it.  I used Flashget to download music onto it.  I normally don't have it plugged into my computer.  Only when I listen to or download music. 


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SuperDuperUserOne :: SUPERDUPERUS-PC [administrator]

1/21/2012 1:25:14 PM
mbam-log-2012-01-21 (13-25-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 164770
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8C2DFA75-6722-426B-BCF6-3ACA446D7EF8} (Trojan.ZbotR.Gen) -> Data: C:\Users\SuperDuperUserOne\AppData\Roaming\Atdeh\avky.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\SuperDuperUserOne\AppData\Roaming\Atdeh\avky.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

(end)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2012 at 01:18 PM

Application Version : 5.0.1142

Core Rules Database Version : 8153
Trace Rules Database Version: 5965

Scan type       : Complete Scan
Total Scan Time : 00:01:59

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 643
Memory threats detected   : 0
Registry items scanned    : 20869
Registry threats detected : 0
File items scanned        : 3714
File threats detected     : 11

Adware.Tracking Cookie
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD1R670U.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8K89AKN.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9M0TPN8W.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VUE2CRC.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ANUZ1JJ4.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6KIUWLDN.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\69U7O6RQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CDV2CV2P.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\R5MYW2OS.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUP9MC0W.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZYSQZSJ.txt [ Cookie:[email protected]/ ]


I can't believe this has stuff on it.  Are these the adds that come with Flashget? 

[SuperDave]

Are these the adds that come with Flashget? 
It's difficult to tell.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[Doug]

I just scanneded everything drive that showed up with SAS and Malwarebytes.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2012 at 02:50 PM

Application Version : 5.0.1142

Core Rules Database Version : 8153
Trace Rules Database Version: 5965

Scan type       : Complete Scan
Total Scan Time : 00:52:22

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 573
Memory threats detected   : 0
Registry items scanned    : 20167
Registry threats detected : 0
File items scanned        : 118744
File threats detected     : 6

Adware.Tracking Cookie
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZS05I6MG.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z7ZZF1KE.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKYYUZ7U.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5MAMGBY.txt [ Cookie:[email protected]/ ]
   C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF3NTN2K.txt [ Cookie:[email protected]/ ]
   ia.media-imdb.com [ C:\USERS\SUPERDUPERUSERONE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7966WRRD ]


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SuperDuperUserOne :: SUPERDUPERUS-PC [administrator]

1/21/2012 2:59:50 PM
mbam-log-2012-01-21 (14-59-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 286103
Time elapsed: 51 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[SuperDave]

Two versions of Trend Micro Titanium has something called Windows Firewall Booster. Perhaps that the reason why you can't turn on the Windows Firewall.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
****************************************************

Go to Microsoft Windows Update and get all critical updates.

[Doug]

I didn't check on firewall booster and mrt.exe didn't find anything.  I did try and do updates and get these messages.  Pay attention to the dates.  The last check was 1/12.  And this is with me trying to install updates from today.



After I try to install updates and fail I check to see if new updates are available.



And what about the locked file and infected file from this report?

07:00:04.469    Service scanning
07:00:05.578    Service .smb \* **LOCKED** 123
07:00:09.012    Modules scanning
07:00:21.091    Disk 0 trace - called modules:
07:00:21.606    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
07:00:21.606    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ffa40]
07:00:21.606    3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x852dc660]
07:00:22.936    AVAST engine scan C:\Windows
07:00:33.610    AVAST engine scan C:\Windows\system32
07:01:45.555    File: C:\Windows\system32\jureg.exe  **INFECTED** Win32:SMSSend-IG [Trj]
07:03:52.329    AVAST engine scan C:\Windows\system32\drivers
07:04:16.270    AVAST engine scan C:\Users\SuperDuperUserOne
07:06

Did we delete the jureg.exe file?

I'll look and see what I can find out about the firewall booster.

[SuperDave]

C:\Windows\system32\jureg.exe  **INFECTED** Win32:SMSSend-IG [Trj]

Jotti says that file is clean.
Do you have your OS disk?

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

[Doug]

This is what I understand.  I have an HP computer.  My disks are installed on the hard drive.  When I ran sfc it did fix something but I never had to use a separate CD.  When I restored my computer, again, I didn't have to insert a CD.  That's the way I understand it. 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows Vista Home Premium Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   Intel Corporation
BIOS Manufacturer:      Intel Corp.
System Manufacturer:      
System Product Name:      
Logical Drives Mask:      0x0000001c

Kernel Drivers (total 143):
  0x8201E000 \SystemRoot\system32\ntkrnlpa.exe
  0x823D8000 \SystemRoot\system32\hal.dll
  0x80401000 \SystemRoot\system32\kdcom.dll
  0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80478000 \SystemRoot\system32\PSHED.dll
  0x80489000 \SystemRoot\system32\BOOTVID.dll
  0x80491000 \SystemRoot\system32\CLFS.SYS
  0x804D2000 \SystemRoot\system32\CI.dll
  0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80692000 \SystemRoot\system32\drivers\acpi.sys
  0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E9000 \SystemRoot\system32\drivers\pci.sys
  0x80710000 \SystemRoot\System32\drivers\partmgr.sys
  0x8071F000 \SystemRoot\system32\drivers\volmgr.sys
  0x8072E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80778000 \SystemRoot\system32\drivers\pciide.sys
  0x8077F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8078D000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8079D000 \SystemRoot\system32\drivers\atapi.sys
  0x807A5000 \SystemRoot\system32\drivers\ataport.SYS
  0x807C3000 \SystemRoot\system32\drivers\fltmgr.sys
  0x805B2000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8260E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82680000 \SystemRoot\system32\drivers\ndis.sys
  0x8278B000 \SystemRoot\system32\drivers\msrpc.sys
  0x827B6000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A00E000 \SystemRoot\System32\drivers\tcpip.sys
  0x8A0F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8A202000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A312000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A34B000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A353000 \SystemRoot\System32\Drivers\mup.sys
  0x8A362000 \SystemRoot\System32\drivers\ecache.sys
  0x8A389000 \SystemRoot\system32\drivers\disk.sys
  0x8A39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A3BB000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8A3E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8A3EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8DC00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8E520000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8E5C0000 \SystemRoot\System32\drivers\watchdog.sys
  0x8E5CC000 \SystemRoot\system32\DRIVERS\HECI.sys
  0x8E5D6000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8E5F0000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8A113000 \SystemRoot\system32\DRIVERS\e1q6032.sys
  0x8A13A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8A145000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8A183000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E60E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E69B000 \SystemRoot\system32\drivers\AVer88xHD.sys
  0x8E70C000 \SystemRoot\system32\drivers\ks.sys
  0x8E736000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x8E739000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8E751000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E757000 \SystemRoot\system32\drivers\tpm.sys
  0x8E765000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8E774000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8E7A3000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8E7E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8A192000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8E7EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8A1A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8A1CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8A1DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x805C2000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8A1EF000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8E600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A000000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E60B000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x827F1000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x82600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x805D7000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8EC07000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8EC3C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8EC4D000 \SystemRoot\system32\drivers\ADIHdAud.sys
  0x8ECB0000 \SystemRoot\system32\drivers\portcls.sys
  0x8ECDD000 \SystemRoot\system32\drivers\drmk.sys
  0x8ED02000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8ED0B000 \SystemRoot\System32\Drivers\Null.SYS
  0x8ED12000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8ED35000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8ED3C000 \SystemRoot\System32\drivers\vga.sys
  0x8ED48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8ED69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8ED71000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8ED79000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8ED84000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8ED92000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8ED9B000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8EDB1000 \SystemRoot\system32\drivers\afd.sys
  0x8F407000 \SystemRoot\system32\drivers\netbt.sys
  0x8F439000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x8F442000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8F458000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8F466000 \SystemRoot\system32\DRIVERS\tmcomm.sys
  0x8F49D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8F4C3000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
  0x8F4D8000 \SystemRoot\system32\DRIVERS\tmactmon.sys
  0x8F4F4000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8F507000 \SystemRoot\system32\DRIVERS\tmtdi.sys
  0x8F51C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x8F53E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8F544000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F580000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F58A000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F5A1000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8F5AE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8F5B9000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x96810000 \SystemRoot\System32\win32k.sys
  0x8F5C1000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F5CB000 \SystemRoot\system32\DRIVERS\usbcir.sys
  0x8F5E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F5E3000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8F5EE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8ED19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8ED22000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8A3C4000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x8A3D3000 \SystemRoot\System32\Drivers\usbaapl.sys
  0x8ED2A000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x96A30000 \SystemRoot\System32\TSDDD.dll
  0x96A50000 \SystemRoot\System32\cdd.dll
  0x805E4000 \SystemRoot\system32\drivers\luafv.sys
  0xAAE0A000 \SystemRoot\system32\drivers\spsys.sys
  0xAAEBA000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xAAECA000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xAAEDD000 \SystemRoot\system32\drivers\HTTP.sys
  0xAAF4A000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xAAF67000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xAAF80000 \SystemRoot\system32\drivers\mrxdav.sys
  0xAAFA1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xAAFC0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xAB003000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xAB01B000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAB043000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAB092000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xAB09B000 \SystemRoot\system32\drivers\peauth.sys
  0xAB179000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAB183000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAB18F000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xAB1A5000 \SystemRoot\system32\drivers\MSPQM.sys
  0x76F70000 \WINDOWS\System32\ntdll.dll

Processes (total 58):
       0 System Idle Process
       4 System
     492 C:\WINDOWS\System32\smss.exe
     560 csrss.exe
     604 C:\WINDOWS\System32\wininit.exe
     612 csrss.exe
     648 C:\WINDOWS\System32\services.exe
     660 C:\WINDOWS\System32\lsass.exe
     668 C:\WINDOWS\System32\lsm.exe
     828 C:\WINDOWS\System32\winlogon.exe
     848 C:\WINDOWS\System32\svchost.exe
     908 C:\WINDOWS\System32\svchost.exe
     980 C:\WINDOWS\System32\svchost.exe
    1008 C:\WINDOWS\System32\svchost.exe
    1020 C:\WINDOWS\System32\svchost.exe
    1100 C:\WINDOWS\System32\audiodg.exe
    1124 C:\WINDOWS\System32\svchost.exe
    1140 C:\WINDOWS\System32\SLsvc.exe
    1184 C:\WINDOWS\System32\svchost.exe
    1292 C:\WINDOWS\System32\svchost.exe
    1448 C:\WINDOWS\System32\spoolsv.exe
    1472 C:\WINDOWS\System32\svchost.exe
    1792 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    1816 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    1824 C:\Program Files\SUPERAntiSpyware\SASCore.exe
    1836 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    1848 C:\WINDOWS\System32\AEADISRV.EXE
    1868 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1912 C:\Program Files\Bonjour\mDNSResponder.exe
    1948 C:\WINDOWS\System32\dlcccoms.exe
    2016 C:\WINDOWS\System32\svchost.exe
     200 C:\WINDOWS\System32\svchost.exe
     352 C:\WINDOWS\System32\svchost.exe
     516 C:\WINDOWS\System32\SearchIndexer.exe
    2352 C:\WINDOWS\System32\taskeng.exe
    2496 C:\WINDOWS\System32\taskeng.exe
    2548 C:\WINDOWS\System32\dwm.exe
    2644 C:\WINDOWS\explorer.exe
    2824 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    2832 C:\WINDOWS\System32\igfxtray.exe
    2840 C:\WINDOWS\System32\hkcmd.exe
    2848 C:\WINDOWS\System32\igfxpers.exe
    2884 C:\Program Files\iTunes\iTunesHelper.exe
    2892 C:\hp\support\hpsysdrv.exe
    2916 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2944 C:\WINDOWS\ehome\ehtray.exe
    3084 C:\WINDOWS\ehome\ehmsas.exe
    3156 C:\WINDOWS\ehome\ehsched.exe
    3240 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    3380 C:\Program Files\iPod\bin\iPodService.exe
    3624 C:\WINDOWS\ehome\ehrecvr.exe
    2212 C:\WINDOWS\System32\SearchProtocolHost.exe
    3748 C:\WINDOWS\System32\svchost.exe
    3308 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    3608 C:\hp\KBD\kbd.exe
    3184 WmiPrvSE.exe
    3872 C:\WINDOWS\System32\SearchFilterHost.exe
     944 C:\Users\SuperDuperUserOne\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`cee2a000  (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-65A7B0, Rev: 01.03B01

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Hewlett-Packard MBR code detected
            SHA1: F362CE084BC77B454330005C1657154A64FB945 6


Done!

[SuperDave]

When I ran sfc it did fix something but I never had to use a separate CD.

If it found a missing or corrupted file, it would have asked for the CD.

My disks are installed on the hard drive.

Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks?

When I restored my computer, again, I didn't have to insert a CD

You don't need to have an OS disk to do a System Restore. Do you mean re-format?
I'm going to check with a colleague about this problem

[SuperDave]

This looks like a false-positive warning.
We should do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[Doug]

I did the steps from reply #38. 

Quote

When I ran sfc it did fix something but I never had to use a separate CD.


If it found a missing or corrupted file, it would have asked for the CD.


Quote

My disks are installed on the hard drive.


Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks?


Quote

When I restored my computer, again, I didn't have to insert a CD


You don't need to have an OS disk to do a System Restore. Do you mean re-format?
I'm going to check with a colleague about this problem

Your answers are what I meant.  But, I don't have any Windows disks.  I don't know how to re-format.  Last time I had a problem I used windows repair and, well I ended up reinstalling windows.  But, I didn't have to use disks.  I did burn a recovery CD.  ...I did have to enter my windows key.  When I ran sfc it didn't ask me for disks.  It did create a log at Windows/Logs/CBS.  I still can't install Windows updates and Windows Firewall is off. 

I'm going to try that recovery CD I burned form last time and see what options it gives me.  Because last time there where no restore points.  And run sfc again and see what happens.  Thanks for the on-going help.

[Doug]

Oh no!  I just got this. 

[SuperDave]

The Recovery Console is installed on a separate partition of your harddrive. The Recovery disc you created should let you do a repair to the system files.