Solve : I downloaded something I should not have.?

1.	Solve : I downloaded something I should not have.?
Answer» I have an external hd that I keep music on. I decided to scan it with Malwarebytes and SAS and found stuff on it. I used Flashget to download music onto it. I normally don't have it plugged into my computer. Only when I listen to or download music. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.21.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 SuperDuperUserOne :: SUPERDUPERUS-PC [ADMINISTRATOR] 1/21/2012 1:25:14 PM mbam-log-2012-01-21 (13-25-14).txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM \| P2P Scan options disabled: Objects scanned: 164770 Time elapsed: 1 minute(s), 36 second(s) Memory Processes DETECTED: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|{8C2DFA75-6722-426B-BCF6-3ACA446D7EF8} (Trojan.ZbotR.Gen) -> Data: C:\Users\SuperDuperUserOne\AppData\Roaming\Atdeh\avky.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\SuperDuperUserOne\AppData\Roaming\Atdeh\avky.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully. (end) SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/21/2012 at 01:18 PM Application Version : 5.0.1142 Core Rules Database Version : 8153 Trace Rules Database Version: 5965 Scan type : Complete Scan Total Scan Time : 00:01:59 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Administrator Memory items scanned : 643 Memory threats detected : 0 Registry items scanned : 20869 Registry threats detected : 0 File items scanned : 3714 File threats detected : 11 Adware.Tracking Cookie C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD1R670U.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8K89AKN.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9M0TPN8W.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VUE2CRC.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ANUZ1JJ4.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6KIUWLDN.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\69U7O6RQ.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CDV2CV2P.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\R5MYW2OS.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUP9MC0W.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZYSQZSJ.txt [ Cookie:[emailprotected]/ ] I can't believe this has stuff on it. Are these the adds that come with Flashget? Are these the adds that come with Flashget? It's difficult to tell. SUPERAntiSpyware If you ALREADY have SUPERAntiSpyware be sure to check for updates before scanning! Download SuperAntispyware Free Edition (SAS) * Double-click the icon on your desktop to run the installer. * When asked to Update the program definitions, click Yes * If you encounter any problems while downloading the updates, manually download and unzip them from here * Next click the Preferences button. •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts * Click the Scanning Control tab. * Under Scanner Options make sure only the following are checked: •Close browsers before scanning •Scan for tracking cookies •Terminate memory threats before quarantining •Please leave the others unchecked •Click the Close button to leave the control center screen. * On the main screen click Scan your computer * On the left check the box for the drive you are scanning. * On the right choose Perform Complete Scan * Click Next to start the scan. Please be patient while it scans your computer. * After the scan is complete a summary box will appear. Click OK * Make sure everything in the white box has a check next to it, then click Next * It will quarantine what it found and if it asks if you want to reboot, click Yes •To retrieve the removal information please do the following: •After reboot, double-click the SUPERAntiSpyware icon on your desktop. •Click Preferences. Click the Statistics/Logs tab. •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. •It will open in your default text editor (preferably Notepad). •Save the notepad file to your desktop by clicking (in notepad) File > Save As... * Save the log somewhere you can easily find it. (normally the desktop) * Click close and close again to exit the program. *Copy and Paste the log in your post. ******************************************** Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected*. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically SAVED by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. I just scanneded everything drive that showed up with SAS and Malwarebytes. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/21/2012 at 02:50 PM Application Version : 5.0.1142 Core Rules Database Version : 8153 Trace Rules Database Version: 5965 Scan type : Complete Scan Total Scan Time : 00:52:22 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Administrator Memory items scanned : 573 Memory threats detected : 0 Registry items scanned : 20167 Registry threats detected : 0 File items scanned : 118744 File threats detected : 6 Adware.Tracking Cookie C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZS05I6MG.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z7ZZF1KE.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKYYUZ7U.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5MAMGBY.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF3NTN2K.txt [ Cookie:[emailprotected]/ ] ia.media-imdb.com [ C:\USERS\SUPERDUPERUSERONE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7966WRRD ] Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.21.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 SuperDuperUserOne :: SUPERDUPERUS-PC [administrator] 1/21/2012 2:59:50 PM mbam-log-2012-01-21 (14-59-50).txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM \| P2P Scan options disabled: Objects scanned: 286103 Time elapsed: 51 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Two versions of Trend Micro Titanium has something called Windows Firewall Booster. Perhaps that the reason why you can't turn on the Windows Firewall. Go to Start > Run and type mrt.exe then press Enter on the keyboard). * (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard. * Click Next. * Choose Full Scan and click Next. * Once the scan is finished click View detailed results of the scan. Look through the list and let me know if anything was found infected. **************************************************** Go to Microsoft Windows Update and get all critical updates.I didn't check on firewall booster and mrt.exe didn't find anything. I did try and do updates and get these messages. Pay attention to the dates. The last check was 1/12. And this is with me trying to install updates from today. After I try to install updates and fail I check to see if new updates are available. And what about the locked file and infected file from this report? 07:00:04.469 Service scanning 07:00:05.578 Service .smb \* LOCKED 123 07:00:09.012 Modules scanning 07:00:21.091 Disk 0 trace - called modules: 07:00:21.606 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 07:00:21.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ffa40] 07:00:21.606 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x852dc660] 07:00:22.936 AVAST engine scan C:\Windows 07:00:33.610 AVAST engine scan C:\Windows\system32 07:01:45.555 File: C:\Windows\system32\jureg.exe INFECTED Win32:SMSSend-IG [Trj] 07:03:52.329 AVAST engine scan C:\Windows\system32\drivers 07:04:16.270 AVAST engine scan C:\Users\SuperDuperUserOne 07:06 Did we delete the jureg.exe file? I'll look and see what I can find out about the firewall booster.Quote C:\Windows\system32\jureg.exe INFECTED Win32:SMSSend-IG [Trj] Jotti says that file is clean. Do you have your OS disk? Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop. Link 1 Link 2 Link 3 •Double-click on MBRCheck.exe to run it. •It will open a black window...please do not fix anything (if it gives you an option). •When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard. •A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop. •Please copy and paste the contents of that log in your next reply.This is what I understand. I have an HP computer. My disks are installed on the hard drive. When I ran sfc it did fix something but I never had to use a separate CD. When I restored my computer, again, I didn't have to insert a CD. That's the way I understand it. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version:Windows Vista Home Premium Edition Windows Information:Service Pack 2 (build 6002), 32-bit Base Board Manufacturer:Intel Corporation BIOS Manufacturer:Intel Corp. System Manufacturer: System Product Name: Logical Drives Mask:0x0000001c Kernel Drivers (total 143): 0x8201E000 \SystemRoot\system32\ntkrnlpa.exe 0x823D8000 \SystemRoot\system32\hal.dll 0x80401000 \SystemRoot\system32\kdcom.dll 0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80478000 \SystemRoot\system32\PSHED.dll 0x80489000 \SystemRoot\system32\BOOTVID.dll 0x80491000 \SystemRoot\system32\CLFS.SYS 0x804D2000 \SystemRoot\system32\CI.dll 0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80692000 \SystemRoot\system32\drivers\acpi.sys 0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E9000 \SystemRoot\system32\drivers\pci.sys 0x80710000 \SystemRoot\System32\drivers\partmgr.sys 0x8071F000 \SystemRoot\system32\drivers\volmgr.sys 0x8072E000 \SystemRoot\System32\drivers\volmgrx.sys 0x80778000 \SystemRoot\system32\drivers\pciide.sys 0x8077F000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8078D000 \SystemRoot\System32\drivers\mountmgr.sys 0x8079D000 \SystemRoot\system32\drivers\atapi.sys 0x807A5000 \SystemRoot\system32\drivers\ataport.SYS 0x807C3000 \SystemRoot\system32\drivers\fltmgr.sys 0x805B2000 \SystemRoot\system32\drivers\fileinfo.sys 0x8260E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x82680000 \SystemRoot\system32\drivers\ndis.sys 0x8278B000 \SystemRoot\system32\drivers\msrpc.sys 0x827B6000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A00E000 \SystemRoot\System32\drivers\tcpip.sys 0x8A0F8000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8A202000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A312000 \SystemRoot\system32\drivers\volsnap.sys 0x8A34B000 \SystemRoot\System32\Drivers\spldr.sys 0x8A353000 \SystemRoot\System32\Drivers\mup.sys 0x8A362000 \SystemRoot\System32\drivers\ecache.sys 0x8A389000 \SystemRoot\system32\drivers\disk.sys 0x8A39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A3BB000 \SystemRoot\system32\drivers\crcdisk.sys 0x8A3E4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A3EF000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8DC00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8E520000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8E5C0000 \SystemRoot\System32\drivers\watchdog.sys 0x8E5CC000 \SystemRoot\system32\DRIVERS\HECI.sys 0x8E5D6000 \SystemRoot\system32\DRIVERS\serial.sys 0x8E5F0000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8A113000 \SystemRoot\system32\DRIVERS\e1q6032.sys 0x8A13A000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8A145000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8A183000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8E60E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E69B000 \SystemRoot\system32\drivers\AVer88xHD.sys 0x8E70C000 \SystemRoot\system32\drivers\ks.sys 0x8E736000 \SystemRoot\system32\drivers\BdaSup.SYS 0x8E739000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8E751000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8E757000 \SystemRoot\system32\drivers\tpm.sys 0x8E765000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8E774000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8E7A3000 \SystemRoot\system32\DRIVERS\storport.sys 0x8E7E4000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8A192000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8E7EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8A1A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8A1CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8A1DB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x805C2000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8A1EF000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8E600000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8A000000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8E60B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x827F1000 \SystemRoot\system32\DRIVERS\circlass.sys 0x82600000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x805D7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8EC07000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8EC3C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8EC4D000 \SystemRoot\system32\drivers\ADIHdAud.sys 0x8ECB0000 \SystemRoot\system32\drivers\portcls.sys 0x8ECDD000 \SystemRoot\system32\drivers\drmk.sys 0x8ED02000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8ED0B000 \SystemRoot\System32\Drivers\Null.SYS 0x8ED12000 \SystemRoot\System32\Drivers\Beep.SYS 0x8ED35000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8ED3C000 \SystemRoot\System32\drivers\vga.sys 0x8ED48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8ED69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8ED71000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8ED79000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8ED84000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8ED92000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8ED9B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8EDB1000 \SystemRoot\system32\drivers\afd.sys 0x8F407000 \SystemRoot\system32\drivers\netbt.sys 0x8F439000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x8F442000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8F458000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F466000 \SystemRoot\system32\DRIVERS\tmcomm.sys 0x8F49D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x8F4C3000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys 0x8F4D8000 \SystemRoot\system32\DRIVERS\tmactmon.sys 0x8F4F4000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8F507000 \SystemRoot\system32\DRIVERS\tmtdi.sys 0x8F51C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x8F53E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x8F544000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F580000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F58A000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F5A1000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F5AE000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8F5B9000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x96810000 \SystemRoot\System32\win32k.sys 0x8F5C1000 \SystemRoot\System32\drivers\Dxapi.sys 0x8F5CB000 \SystemRoot\system32\DRIVERS\usbcir.sys 0x8F5E1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8F5E3000 \SystemRoot\system32\DRIVERS\hidir.sys 0x8F5EE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8ED19000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8ED22000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8A3C4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x8A3D3000 \SystemRoot\System32\Drivers\usbaapl.sys 0x8ED2A000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x96A30000 \SystemRoot\System32\TSDDD.dll 0x96A50000 \SystemRoot\System32\cdd.dll 0x805E4000 \SystemRoot\system32\drivers\luafv.sys 0xAAE0A000 \SystemRoot\system32\drivers\spsys.sys 0xAAEBA000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xAAECA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xAAEDD000 \SystemRoot\system32\drivers\HTTP.sys 0xAAF4A000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAAF67000 \SystemRoot\system32\DRIVERS\bowser.sys 0xAAF80000 \SystemRoot\system32\drivers\mrxdav.sys 0xAAFA1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAAFC0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xAB003000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAB01B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAB043000 \SystemRoot\System32\DRIVERS\srv.sys 0xAB092000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xAB09B000 \SystemRoot\system32\drivers\peauth.sys 0xAB179000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAB183000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAB18F000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xAB1A5000 \SystemRoot\system32\drivers\MSPQM.sys 0x76F70000 \WINDOWS\System32\ntdll.dll Processes (total 58): 0 System Idle Process 4 System 492 C:\WINDOWS\System32\smss.exe 560 csrss.exe 604 C:\WINDOWS\System32\wininit.exe 612 csrss.exe 648 C:\WINDOWS\System32\services.exe 660 C:\WINDOWS\System32\lsass.exe 668 C:\WINDOWS\System32\lsm.exe 828 C:\WINDOWS\System32\winlogon.exe 848 C:\WINDOWS\System32\svchost.exe 908 C:\WINDOWS\System32\svchost.exe 980 C:\WINDOWS\System32\svchost.exe 1008 C:\WINDOWS\System32\svchost.exe 1020 C:\WINDOWS\System32\svchost.exe 1100 C:\WINDOWS\System32\audiodg.exe 1124 C:\WINDOWS\System32\svchost.exe 1140 C:\WINDOWS\System32\SLsvc.exe 1184 C:\WINDOWS\System32\svchost.exe 1292 C:\WINDOWS\System32\svchost.exe 1448 C:\WINDOWS\System32\spoolsv.exe 1472 C:\WINDOWS\System32\svchost.exe 1792 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 1816 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe 1824 C:\Program Files\SUPERAntiSpyware\SASCore.exe 1836 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe 1848 C:\WINDOWS\System32\AEADISRV.EXE 1868 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1912 C:\Program Files\Bonjour\mDNSResponder.exe 1948 C:\WINDOWS\System32\dlcccoms.exe 2016 C:\WINDOWS\System32\svchost.exe 200 C:\WINDOWS\System32\svchost.exe 352 C:\WINDOWS\System32\svchost.exe 516 C:\WINDOWS\System32\SearchIndexer.exe 2352 C:\WINDOWS\System32\taskeng.exe 2496 C:\WINDOWS\System32\taskeng.exe 2548 C:\WINDOWS\System32\dwm.exe 2644 C:\WINDOWS\explorer.exe 2824 C:\Program Files\Analog Devices\Core\smax4pnp.exe 2832 C:\WINDOWS\System32\igfxtray.exe 2840 C:\WINDOWS\System32\hkcmd.exe 2848 C:\WINDOWS\System32\igfxpers.exe 2884 C:\Program Files\iTunes\iTunesHelper.exe 2892 C:\hp\support\hpsysdrv.exe 2916 C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2944 C:\WINDOWS\ehome\ehtray.exe 3084 C:\WINDOWS\ehome\ehmsas.exe 3156 C:\WINDOWS\ehome\ehsched.exe 3240 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe 3380 C:\Program Files\iPod\bin\iPodService.exe 3624 C:\WINDOWS\ehome\ehrecvr.exe 2212 C:\WINDOWS\System32\SearchProtocolHost.exe 3748 C:\WINDOWS\System32\svchost.exe 3308 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 3608 C:\hp\KBD\kbd.exe 3184 WmiPrvSE.exe 3872 C:\WINDOWS\System32\SearchFilterHost.exe 944 C:\Users\SuperDuperUserOne\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`cee2a000 (NTFS) PhysicalDrive0 Model Number: WDCWD5000AAKS-65A7B0, Rev: 01.03B01 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected SHA1: F362CE084BC77B454330005C1657154A64FB945 6 Done! Quote When I ran sfc it did fix something but I never had to use a separate CD. If it found a missing or corrupted file, it would have asked for the CD. Quote My disks are installed on the hard drive. Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks? Quote When I restored my computer, again, I didn't have to insert a CD You don't need to have an OS disk to do a System Restore. Do you mean re-format? I'm going to check with a colleague about this problem This looks like a false-positive warning. We should do some cleanup. To uninstall ComboFix Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane. In the field, type in ComboFix /uninstall (Note: Make sure there's a space between the word ComboFix and the forward-slash.) Then, press Enter, or click OK. This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore. ************************************************* Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC** will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. *************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! I did the steps from reply #38. Quote Quote When I ran sfc it did fix something but I never had to use a separate CD. If it found a missing or corrupted file, it would have asked for the CD. Quote My disks are installed on the hard drive. Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks? Quote When I restored my computer, again, I didn't have to insert a CD You don't need to have an OS disk to do a System Restore. Do you mean re-format? I'm going to check with a colleague about this problem Your answers are what I meant. But, I don't have any Windows disks. I don't know how to re-format. Last time I had a problem I used windows repair and, WELL I ended up reinstalling windows. But, I didn't have to use disks. I did burn a recovery CD. ...I did have to enter my windows key. When I ran sfc it didn't ask me for disks. It did create a log at Windows/Logs/CBS. I still can't install Windows updates and Windows Firewall is off. I'm going to try that recovery CD I burned form last time and see what options it gives me. Because last time there where no restore points. And run sfc again and see what happens. Thanks for the on-going help. Oh no! I just got this. The Recovery Console is installed on a separate partition of your harddrive. The Recovery disc you created should let you do a repair to the system files.

Answer»

I have an external hd that I keep music on. I decided to scan it with Malwarebytes and SAS and found stuff on it. I used Flashget to download music onto it. I normally don't have it plugged into my computer. Only when I listen to or download music.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SuperDuperUserOne :: SUPERDUPERUS-PC [ADMINISTRATOR]

1/21/2012 1:25:14 PM
mbam-log-2012-01-21 (13-25-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 164770
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes DETECTED: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8C2DFA75-6722-426B-BCF6-3ACA446D7EF8} (Trojan.ZbotR.Gen) -> Data: C:\Users\SuperDuperUserOne\AppData\Roaming\Atdeh\avky.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\SuperDuperUserOne\AppData\Roaming\Atdeh\avky.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

(end)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2012 at 01:18 PM

Application Version : 5.0.1142

Core Rules Database Version : 8153
Trace Rules Database Version: 5965

Scan type : Complete Scan
Total Scan Time : 00:01:59

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 643
Memory threats detected : 0
Registry items scanned : 20869
Registry threats detected : 0
File items scanned : 3714
File threats detected : 11

Adware.Tracking Cookie
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD1R670U.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8K89AKN.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9M0TPN8W.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VUE2CRC.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ANUZ1JJ4.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6KIUWLDN.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\69U7O6RQ.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CDV2CV2P.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\R5MYW2OS.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUP9MC0W.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZYSQZSJ.txt [ Cookie:[emailprotected]/ ]

I can't believe this has stuff on it. Are these the adds that come with Flashget? Are these the adds that come with Flashget?
It's difficult to tell.

SUPERAntiSpyware

If you ALREADY have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically SAVED by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
I just scanneded everything drive that showed up with SAS and Malwarebytes.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2012 at 02:50 PM

Application Version : 5.0.1142

Core Rules Database Version : 8153
Trace Rules Database Version: 5965

Scan type : Complete Scan
Total Scan Time : 00:52:22

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 573
Memory threats detected : 0
Registry items scanned : 20167
Registry threats detected : 0
File items scanned : 118744
File threats detected : 6

Adware.Tracking Cookie
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZS05I6MG.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z7ZZF1KE.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKYYUZ7U.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5MAMGBY.txt [ Cookie:[emailprotected]/ ]
C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF3NTN2K.txt [ Cookie:[emailprotected]/ ]
ia.media-imdb.com [ C:\USERS\SUPERDUPERUSERONE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7966WRRD ]

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SuperDuperUserOne :: SUPERDUPERUS-PC [administrator]

1/21/2012 2:59:50 PM
mbam-log-2012-01-21 (14-59-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 286103
Time elapsed: 51 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Two versions of Trend Micro Titanium has something called Windows Firewall Booster. Perhaps that the reason why you can't turn on the Windows Firewall.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
****************************************************

Go to Microsoft Windows Update and get all critical updates.I didn't check on firewall booster and mrt.exe didn't find anything. I did try and do updates and get these messages. Pay attention to the dates. The last check was 1/12. And this is with me trying to install updates from today.

After I try to install updates and fail I check to see if new updates are available.

And what about the locked file and infected file from this report?

07:00:04.469 Service scanning
07:00:05.578 Service .smb \* **LOCKED** 123
07:00:09.012 Modules scanning
07:00:21.091 Disk 0 trace - called modules:
07:00:21.606 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
07:00:21.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ffa40]
07:00:21.606 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x852dc660]
07:00:22.936 AVAST engine scan C:\Windows
07:00:33.610 AVAST engine scan C:\Windows\system32
07:01:45.555 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
07:03:52.329 AVAST engine scan C:\Windows\system32\drivers
07:04:16.270 AVAST engine scan C:\Users\SuperDuperUserOne
07:06

Did we delete the jureg.exe file?

I'll look and see what I can find out about the firewall booster.Quote

C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]

Jotti says that file is clean.
Do you have your OS disk?

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.This is what I understand. I have an HP computer. My disks are installed on the hard drive. When I ran sfc it did fix something but I never had to use a separate CD. When I restored my computer, again, I didn't have to insert a CD. That's the way I understand it.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:Windows Vista Home Premium Edition
Windows Information:Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:Intel Corporation
BIOS Manufacturer:Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask:0x0000001c

Kernel Drivers (total 143):
0x8201E000 \SystemRoot\system32\ntkrnlpa.exe
0x823D8000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\system32\drivers\acpi.sys
0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E9000 \SystemRoot\system32\drivers\pci.sys
0x80710000 \SystemRoot\System32\drivers\partmgr.sys
0x8071F000 \SystemRoot\system32\drivers\volmgr.sys
0x8072E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80778000 \SystemRoot\system32\drivers\pciide.sys
0x8077F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8078D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079D000 \SystemRoot\system32\drivers\atapi.sys
0x807A5000 \SystemRoot\system32\drivers\ataport.SYS
0x807C3000 \SystemRoot\system32\drivers\fltmgr.sys
0x805B2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8260E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82680000 \SystemRoot\system32\drivers\ndis.sys
0x8278B000 \SystemRoot\system32\drivers\msrpc.sys
0x827B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A00E000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A312000 \SystemRoot\system32\drivers\volsnap.sys
0x8A34B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A353000 \SystemRoot\System32\Drivers\mup.sys
0x8A362000 \SystemRoot\System32\drivers\ecache.sys
0x8A389000 \SystemRoot\system32\drivers\disk.sys
0x8A39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A3EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E520000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E5C0000 \SystemRoot\System32\drivers\watchdog.sys
0x8E5CC000 \SystemRoot\system32\DRIVERS\HECI.sys
0x8E5D6000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E5F0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8A113000 \SystemRoot\system32\DRIVERS\e1q6032.sys
0x8A13A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A145000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A183000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E60E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E69B000 \SystemRoot\system32\drivers\AVer88xHD.sys
0x8E70C000 \SystemRoot\system32\drivers\ks.sys
0x8E736000 \SystemRoot\system32\drivers\BdaSup.SYS
0x8E739000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E751000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E757000 \SystemRoot\system32\drivers\tpm.sys
0x8E765000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E774000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E7A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E7E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A192000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E7EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A1A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A1CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A1DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805C2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A1EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E60B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x827F1000 \SystemRoot\system32\DRIVERS\circlass.sys
0x82600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x805D7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EC07000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EC3C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC4D000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8ECB0000 \SystemRoot\system32\drivers\portcls.sys
0x8ECDD000 \SystemRoot\system32\drivers\drmk.sys
0x8ED02000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ED0B000 \SystemRoot\System32\Drivers\Null.SYS
0x8ED12000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ED35000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED3C000 \SystemRoot\System32\drivers\vga.sys
0x8ED48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ED69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ED71000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ED79000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ED84000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8ED92000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8ED9B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EDB1000 \SystemRoot\system32\drivers\afd.sys
0x8F407000 \SystemRoot\system32\drivers\netbt.sys
0x8F439000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F442000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F458000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F466000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0x8F49D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8F4C3000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0x8F4D8000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0x8F4F4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F507000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x8F51C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F53E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F544000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F580000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F58A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F5A1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F5AE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F5B9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96810000 \SystemRoot\System32\win32k.sys
0x8F5C1000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F5CB000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x8F5E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F5E3000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8F5EE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ED19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8ED22000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8A3C4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8A3D3000 \SystemRoot\System32\Drivers\usbaapl.sys
0x8ED2A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x96A30000 \SystemRoot\System32\TSDDD.dll
0x96A50000 \SystemRoot\System32\cdd.dll
0x805E4000 \SystemRoot\system32\drivers\luafv.sys
0xAAE0A000 \SystemRoot\system32\drivers\spsys.sys
0xAAEBA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAAECA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAEDD000 \SystemRoot\system32\drivers\HTTP.sys
0xAAF4A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAF67000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAF80000 \SystemRoot\system32\drivers\mrxdav.sys
0xAAFA1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAFC0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB003000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB01B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB043000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB092000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAB09B000 \SystemRoot\system32\drivers\peauth.sys
0xAB179000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB183000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB18F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAB1A5000 \SystemRoot\system32\drivers\MSPQM.sys
0x76F70000 \WINDOWS\System32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
492 C:\WINDOWS\System32\smss.exe
560 csrss.exe
604 C:\WINDOWS\System32\wininit.exe
612 csrss.exe
648 C:\WINDOWS\System32\services.exe
660 C:\WINDOWS\System32\lsass.exe
668 C:\WINDOWS\System32\lsm.exe
828 C:\WINDOWS\System32\winlogon.exe
848 C:\WINDOWS\System32\svchost.exe
908 C:\WINDOWS\System32\svchost.exe
980 C:\WINDOWS\System32\svchost.exe
1008 C:\WINDOWS\System32\svchost.exe
1020 C:\WINDOWS\System32\svchost.exe
1100 C:\WINDOWS\System32\audiodg.exe
1124 C:\WINDOWS\System32\svchost.exe
1140 C:\WINDOWS\System32\SLsvc.exe
1184 C:\WINDOWS\System32\svchost.exe
1292 C:\WINDOWS\System32\svchost.exe
1448 C:\WINDOWS\System32\spoolsv.exe
1472 C:\WINDOWS\System32\svchost.exe
1792 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
1816 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
1824 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1836 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
1848 C:\WINDOWS\System32\AEADISRV.EXE
1868 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1912 C:\Program Files\Bonjour\mDNSResponder.exe
1948 C:\WINDOWS\System32\dlcccoms.exe
2016 C:\WINDOWS\System32\svchost.exe
200 C:\WINDOWS\System32\svchost.exe
352 C:\WINDOWS\System32\svchost.exe
516 C:\WINDOWS\System32\SearchIndexer.exe
2352 C:\WINDOWS\System32\taskeng.exe
2496 C:\WINDOWS\System32\taskeng.exe
2548 C:\WINDOWS\System32\dwm.exe
2644 C:\WINDOWS\explorer.exe
2824 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2832 C:\WINDOWS\System32\igfxtray.exe
2840 C:\WINDOWS\System32\hkcmd.exe
2848 C:\WINDOWS\System32\igfxpers.exe
2884 C:\Program Files\iTunes\iTunesHelper.exe
2892 C:\hp\support\hpsysdrv.exe
2916 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2944 C:\WINDOWS\ehome\ehtray.exe
3084 C:\WINDOWS\ehome\ehmsas.exe
3156 C:\WINDOWS\ehome\ehsched.exe
3240 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
3380 C:\Program Files\iPod\bin\iPodService.exe
3624 C:\WINDOWS\ehome\ehrecvr.exe
2212 C:\WINDOWS\System32\SearchProtocolHost.exe
3748 C:\WINDOWS\System32\svchost.exe
3308 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3608 C:\hp\KBD\kbd.exe
3184 WmiPrvSE.exe
3872 C:\WINDOWS\System32\SearchFilterHost.exe
944 C:\Users\SuperDuperUserOne\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`cee2a000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-65A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB945 6

Done!

Quote

When I ran sfc it did fix something but I never had to use a separate CD.

If it found a missing or corrupted file, it would have asked for the CD.
Quote

My disks are installed on the hard drive.

Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks?
Quote

When I restored my computer, again, I didn't have to insert a CD

You don't need to have an OS disk to do a System Restore. Do you mean re-format?
I'm going to check with a colleague about this problem
This looks like a false-positive warning.
We should do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
I did the steps from reply #38.

Quote

Quote

When I ran sfc it did fix something but I never had to use a separate CD.

If it found a missing or corrupted file, it would have asked for the CD.

Quote

My disks are installed on the hard drive.

Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks?

Quote

When I restored my computer, again, I didn't have to insert a CD

You don't need to have an OS disk to do a System Restore. Do you mean re-format?
I'm going to check with a colleague about this problem

Your answers are what I meant. But, I don't have any Windows disks. I don't know how to re-format. Last time I had a problem I used windows repair and, WELL I ended up reinstalling windows. But, I didn't have to use disks. I did burn a recovery CD. ...I did have to enter my windows key. When I ran sfc it didn't ask me for disks. It did create a log at Windows/Logs/CBS. I still can't install Windows updates and Windows Firewall is off.

I'm going to try that recovery CD I burned form last time and see what options it gives me. Because last time there where no restore points. And run sfc again and see what happens. Thanks for the on-going help.

Oh no! I just got this.
The Recovery Console is installed on a separate partition of your harddrive. The Recovery disc you created should let you do a repair to the system files.

Solve : I downloaded something I should not have.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment