Inactive Malwarebytes will not install - access denied

[sjbells]

My PC is infected with a virus. I have run several fixes but nothing has worked. I have run combofix as instructed in other messages but to no avail. Help Please.

ComboFix 11-12-31.03 - SJB 01/01/2012 12:18:25.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9748 [GMT -5:00]
Running from: c:\users\SJB.FBRANH\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 17:22 . 2012-01-01 17:22 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C72DDE5F-5BA1-4B4C-92D6-BCC6D28889E0}\offreg.dll
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\SJB\AppData\Local\temp
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-01 16:43 . 2012-01-01 16:43 -------- d-----w- c:\users\SJB.FBRANH\AppData\Roaming\SUPERAntiSpyware.com
2012-01-01 16:43 . 2012-01-01 16:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-01 16:43 . 2012-01-01 16:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-01 16:37 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C72DDE5F-5BA1-4B4C-92D6-BCC6D28889E0}\mpengine.dll
2012-01-01 16:17 . 2012-01-01 16:17 -------- d-----w- c:\program files (x86)\FileASSASSIN
2012-01-01 15:51 . 2012-01-01 15:51 -------- d-----w- c:\windows\system32\Macromed
2011-12-31 17:35 . 2011-12-31 17:35 -------- d--h--w- c:\windows\Sun
2011-12-14 17:23 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 17:23 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 17:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 17:23 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 17:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-05 20:24 . 2011-12-05 20:31 -------- d--h--w- c:\programdata\AutodeskRendering
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-05-05 20:16 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:56 . 2011-06-15 11:48 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2011-05-09 12:18 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 12:20 . 2011-10-11 12:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFEB5076-8844-4EFF-B2FE-9FBB6F8E8AF9}\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-01_16.29.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-01-01 16:48 35262 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-01 16:48 35046 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-05 20:55 . 2012-01-01 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 20:55 . 2012-01-01 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 20:55 . 2012-01-01 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-05 20:55 . 2012-01-01 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-06 12:08 . 2012-01-01 16:48 5020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4089952224-1957405234-155898677-1118_UserData.bin
+ 2012-01-01 17:22 . 2012-01-01 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-01 17:22 . 2012-01-01 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-01 16:29 . 2012-01-01 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-01 15:31 665350 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-01 16:53 665350 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-01 15:31 123118 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-01 16:53 123118 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\SJB.FBRANH\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-05-09 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-01 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\SJB.FBRANH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Driver performer.lnk - c:\users\SJB.FBRANH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM8A187H\DriverPerformer_16i[1].exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EC_NLM;ENERCALC NLM;c:\program files (x86)\ENERCALC_6_NLM\ENERCALC_NetworkLicenseManager.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-09 1431888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S3 PrivacyProtectorMP;PrivacyProtectorMP;c:\windows\system32\DRIVERS\PPFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376]
"BbInstallUser"="c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-03-07 38560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.5.52 208.67.222.222 208.67.222.220 192.168.0.10
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\astsrv.exe
.
**************************************************************************
.
Completion time: 2012-01-01 12:23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 17:23
ComboFix2.txt 2012-01-01 16:30
.
Pre-Run: 59,727,474,688 bytes free
Post-Run: 59,754,385,408 bytes free
.
- - End Of File - - F80F6E93A2B35ED0F48BE64D6550EA94


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Precision WorkStation T3500
Logical Drives Mask: 0x00e80dfc

Kernel Drivers (total 188):
0x02808000 \SystemRoot\system32\ntoskrnl.exe
0x02DF1000 \SystemRoot\system32\hal.dll
0x00BC5000 \SystemRoot\system32\kdcom.dll
0x00CF0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D3F000 \SystemRoot\system32\PSHED.dll
0x00D53000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EFF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\drivers\volmgr.sys
0x010FD000 \SystemRoot\System32\drivers\volmgrx.sys
0x01159000 \SystemRoot\System32\drivers\mountmgr.sys
0x01173000 \SystemRoot\system32\drivers\atapi.sys
0x0117C000 \SystemRoot\system32\drivers\ataport.SYS
0x011A6000 \SystemRoot\system32\drivers\msahci.sys
0x011B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011C1000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01248000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01060000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01422000 \SystemRoot\System32\Drivers\cng.sys
0x01494000 \SystemRoot\System32\drivers\pcw.sys
0x014A5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014AF000 \SystemRoot\system32\drivers\ndis.sys
0x0165B000 \SystemRoot\system32\drivers\NETIO.SYS
0x016BB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018FE000 \SystemRoot\System32\drivers\tcpip.sys
0x01B02000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B4C000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B5C000 \SystemRoot\system32\drivers\volsnap.sys
0x01BA8000 \SystemRoot\System32\Drivers\spldr.sys
0x01BB0000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BEA000 \SystemRoot\System32\Drivers\mup.sys
0x01800000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01809000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01843000 \SystemRoot\system32\drivers\disk.sys
0x01859000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x018C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x016E6000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x018EB000 \SystemRoot\System32\Drivers\Null.SYS
0x018F4000 \SystemRoot\System32\Drivers\Beep.SYS
0x01717000 \SystemRoot\System32\drivers\vga.sys
0x01725000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0174A000 \SystemRoot\System32\drivers\watchdog.sys
0x0175A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01763000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0176C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01775000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01780000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01791000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017B3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E12000 \SystemRoot\system32\drivers\afd.sys
0x02E9B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02EE0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02EE9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F0F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F1E000 \SystemRoot\system32\DRIVERS\serial.sys
0x02F3B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F56000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02F6A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02FBB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02FC7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02FD2000 \SystemRoot\System32\drivers\discache.sys
0x03CF8000 \SystemRoot\system32\drivers\csc.sys
0x03D7B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D99000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DAA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DD0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03DD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F259000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FEB6000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FEB8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FFAC000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FFF2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0F200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03DEF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C24000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x03C6C000 \SystemRoot\system32\DRIVERS\parport.sys
0x03C89000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03C95000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03CA5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03CBB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03CDF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x017C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x01621000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03CEB000 \SystemRoot\system32\DRIVERS\PPFlt.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0163B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0164A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0F256000 \SystemRoot\system32\DRIVERS\swenum.sys
0x015A2000 \SystemRoot\system32\DRIVERS\ks.sys
0x015E5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04435000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0448F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x044A4000 \SystemRoot\system32\drivers\HdAudio.sys
0x04500000 \SystemRoot\system32\drivers\portcls.sys
0x0453D000 \SystemRoot\system32\drivers\drmk.sys
0x0455F000 \SystemRoot\system32\drivers\ksthunk.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x04565000 \SystemRoot\System32\drivers\Dxapi.sys
0x04571000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0457F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0458B000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04596000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x045A9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x045B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x045D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045D9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x045DB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x045E8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x04400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x01889000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0441B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0121B000 \SystemRoot\system32\drivers\luafv.sys
0x01400000 \SystemRoot\system32\drivers\WudfPf.sys
0x018A6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x010BE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x00FB2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0524F000 \SystemRoot\system32\drivers\HTTP.sys
0x05318000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05335000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05353000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0536B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05398000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05879000 \SystemRoot\system32\drivers\peauth.sys
0x0591F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0592A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0595B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0596D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05A26000 \SystemRoot\System32\DRIVERS\srv.sys
0x05ABE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x05ACE000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x05AE6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05B88000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77AA0000 \Windows\System32\ntdll.dll
0x47910000 \Windows\System32\smss.exe
0xFFDC0000 \Windows\System32\apisetschema.dll
0xFFCF0000 \Windows\System32\autochk.exe
0x77C70000 \Windows\System32\normaliz.dll
0x77C60000 \Windows\System32\psapi.dll
0xFFD10000 \Windows\System32\msvcrt.dll
0xFFCB0000 \Windows\System32\Wldap32.dll
0xFFA50000 \Windows\System32\iertutil.dll
0xFFA40000 \Windows\System32\nsi.dll
0xFF9D0000 \Windows\System32\gdi32.dll
0xFF8F0000 \Windows\System32\advapi32.dll
0xFF8E0000 \Windows\System32\lpk.dll
0x77980000 \Windows\System32\kernel32.dll
0xFF810000 \Windows\System32\usp10.dll
0xFF790000 \Windows\System32\difxapi.dll
0xFF6B0000 \Windows\System32\oleaut32.dll
0xFF660000 \Windows\System32\ws2_32.dll
0xFF5C0000 \Windows\System32\comdlg32.dll
0xFE830000 \Windows\System32\shell32.dll
0xFE650000 \Windows\System32\setupapi.dll
0xFE5B0000 \Windows\System32\clbcatq.dll
0xFE430000 \Windows\System32\urlmon.dll
0xFE410000 \Windows\System32\imagehlp.dll
0xFE3E0000 \Windows\System32\imm32.dll
0xFE1D0000 \Windows\System32\ole32.dll
0xFE1B0000 \Windows\System32\sechost.dll
0xFE080000 \Windows\System32\rpcrt4.dll
0xFE000000 \Windows\System32\shlwapi.dll
0xFDEF0000 \Windows\System32\msctf.dll
0xFDDC0000 \Windows\System32\wininet.dll
0x77880000 \Windows\System32\user32.dll
0xFDD80000 \Windows\System32\wintrust.dll
0xFDC10000 \Windows\System32\crypt32.dll
0xFDBD0000 \Windows\System32\cfgmgr32.dll
0xFDBB0000 \Windows\System32\devobj.dll
0xFDB40000 \Windows\System32\KernelBase.dll
0xFDAA0000 \Windows\System32\comctl32.dll
0xFDA90000 \Windows\System32\msasn1.dll
0x75F40000 \Windows\SysWOW64\normaliz.dll

Processes (total 50):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
364 csrss.exe
432 C:\Windows\System32\wininit.exe
440 csrss.exe
496 C:\Windows\System32\services.exe
504 C:\Windows\System32\lsass.exe
512 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\svchost.exe
796 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
876 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\spoolsv.exe
1344 C:\Windows\System32\svchost.exe
1476 C:\Windows\SysWOW64\ASTSRV.EXE
1516 C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
1612 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\svchost.exe
1764 C:\Windows\System32\svchost.exe
2072 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2268 WUDFHost.exe
2828 C:\Windows\System32\SearchIndexer.exe
1232 C:\Windows\System32\dwm.exe
1108 C:\Windows\explorer.exe
1316 C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
1632 C:\Program Files\Microsoft Security Client\msseces.exe
2200 C:\Users\SJB.FBRANH\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
1992 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1980 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
1304 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
3556 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
3152 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2736 C:\Windows\System32\audiodg.exe
4948 C:\Program Files\Internet Explorer\iexplore.exe
4168 C:\Program Files\Internet Explorer\iexplore.exe
1312 C:\Windows\splwow64.exe
4900 C:\Windows\System32\SearchProtocolHost.exe
3780 C:\Windows\System32\SearchFilterHost.exe
4252 C:\Program Files\Internet Explorer\iexplore.exe
4832 MpCmdRun.exe
1772 C:\Users\SJB.FBRANH\Desktop\MBRCheck.exe
3568 C:\Windows\System32\conhost.exe
3376 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: KINGSTONSVP100S2128G, Rev: CJRA0202
PhysicalDrive1 Model Number: ST3250318AS, Rev: CC45

Size Device Name MBR Status
--------------------------------------------
119 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!

 

[sjbells]

oops, sorry

I just read the announcement at the top of the page telling me to not run any of these powerful programs unless told to. I apologize, I should have started at the top of this forum.

 

[sjbells]

Completeing the steps for the logs.

again I apologize for not doing this in the correct order. I have now done the "UPDATED 5-step..." process. Here are my results.

1. I have Microsoft Security Essentials running and had it running before the problem started.

2. I cannot get Malwarebytes to install, that is part of my problem.

3. I downloaded and ran GMER and let the initial scan take place. I then saved the log but the log is empty. Am I supposed to do a Scan after the initial scan when it starts?

4. I downloaded the DDS.scr but when i double click on the file it opens up in a text box? I must have done something wrong.

5. seems as if I have nothing to post.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[sjbells]

post log

Thank you for your help.

I ran the aswMBR, below is the log file.

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-03 13:10:55
-----------------------------
13:10:55.457 OS Version: Windows x64 6.1.7601 Service Pack 1
13:10:55.457 Number of processors: 4 586 0x1A05
13:10:55.457 ComputerName: FBRAT3500-SJB-2 UserName: SJB
13:10:55.707 Initialize success
13:24:30.596 AVAST engine defs: 12010300
13:27:33.532 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:27:33.532 Disk 0 Vendor: KINGSTON_SVP100S2128G CJRA0202 Size: 122104MB BusType: 11
13:27:33.532 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
13:27:33.532 Disk 1 Vendor: ST3250318AS CC45 Size: 238418MB BusType: 11
13:27:33.532 Disk 0 MBR read successfully
13:27:33.532 Disk 0 MBR scan
13:27:33.532 Disk 0 Windows 7 default MBR code
13:27:33.547 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:27:33.563 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
13:27:33.594 Service scanning
13:27:33.875 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:27:34.483 Modules scanning
13:27:34.483 Disk 0 trace - called modules:
13:27:34.483 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:27:34.483 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009f86060]
13:27:34.483 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8009d69060]
13:27:34.717 AVAST engine scan C:\Windows
13:27:36.402 AVAST engine scan C:\Windows\system32
13:28:43.540 AVAST engine scan C:\Windows\system32\drivers
13:28:47.502 AVAST engine scan C:\Users\SJB.FBRANH
13:29:11.182 AVAST engine scan C:\ProgramData
13:29:30.166 Scan finished successfully
13:29:59.835 Disk 0 MBR has been saved successfully to "C:\Users\SJB.FBRANH\Desktop\MBR.dat"
13:29:59.882 The log file has been saved successfully to "C:\Users\SJB.FBRANH\Desktop\aswMBR.txt"

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[sjbells]

Combo fix run

Combofix was run without any problems. Here is the text file it created:

ComboFix 12-01-03.04 - SJB 01/03/2012 13:53:14.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.10463 [GMT -5:00]
Running from: c:\users\SJB.FBRANH\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-03 18:55 . 2012-01-03 18:55 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2B692B6-E5A2-4AE8-8631-1A6178F33993}\offreg.dll
2012-01-03 18:55 . 2012-01-03 18:55 -------- d-----w- c:\users\SJB\AppData\Local\temp
2012-01-03 18:55 . 2012-01-03 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 18:55 . 2012-01-03 18:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-03 15:10 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2B692B6-E5A2-4AE8-8631-1A6178F33993}\mpengine.dll
2012-01-01 16:43 . 2012-01-01 16:43 -------- d-----w- c:\users\SJB.FBRANH\AppData\Roaming\SUPERAntiSpyware.com
2012-01-01 16:43 . 2012-01-01 16:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-01 16:43 . 2012-01-01 16:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-01 16:17 . 2012-01-01 16:17 -------- d-----w- c:\program files (x86)\FileASSASSIN
2012-01-01 15:51 . 2012-01-01 15:51 -------- d-----w- c:\windows\system32\Macromed
2011-12-31 17:35 . 2011-12-31 17:35 -------- d--h--w- c:\windows\Sun
2011-12-14 17:23 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 17:23 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 17:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 17:23 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 17:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-05 20:24 . 2011-12-05 20:31 -------- d--h--w- c:\programdata\AutodeskRendering
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-05-05 20:16 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:56 . 2011-06-15 11:48 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2011-05-09 12:18 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 12:20 . 2011-10-11 12:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFEB5076-8844-4EFF-B2FE-9FBB6F8E8AF9}\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-01_16.29.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-01-03 13:48 36052 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-03 13:48 35174 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-05 21:23 . 2012-01-01 16:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 21:23 . 2012-01-03 18:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-05 21:23 . 2012-01-01 16:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-05 21:23 . 2012-01-03 18:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-03 18:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-01 16:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-05 20:55 . 2012-01-03 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-05 20:55 . 2012-01-01 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 20:55 . 2012-01-03 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-05 20:55 . 2012-01-01 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-06 12:08 . 2012-01-03 13:48 5020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4089952224-1957405234-155898677-1118_UserData.bin
+ 2012-01-03 18:55 . 2012-01-03 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-03 18:55 . 2012-01-03 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-01 16:29 . 2012-01-01 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-01-03 12:48 665350 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-01 15:31 665350 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-03 12:48 123118 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-01 15:31 123118 c:\windows\system32\perfc009.dat
- 2011-05-05 20:08 . 2011-12-31 17:41 1854824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-05 20:08 . 2012-01-03 13:45 1854824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\SJB.FBRANH\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-05-09 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-01 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\SJB.FBRANH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Driver performer.lnk - c:\users\SJB.FBRANH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM8A187H\DriverPerformer_16i[1].exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EC_NLM;ENERCALC NLM;c:\program files (x86)\ENERCALC_6_NLM\ENERCALC_NetworkLicenseManager.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-09 1431888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S3 PrivacyProtectorMP;PrivacyProtectorMP;c:\windows\system32\DRIVERS\PPFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376]
"BbInstallUser"="c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-03-07 38560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.5.52 208.67.222.222 208.67.222.220 192.168.0.10
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\astsrv.exe
.
**************************************************************************
.
Completion time: 2012-01-03 13:57:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-03 18:57
ComboFix2.txt 2012-01-03 13:47
ComboFix3.txt 2012-01-01 17:23
ComboFix4.txt 2012-01-01 16:30
.
Pre-Run: 59,353,796,608 bytes free
Post-Run: 59,392,933,888 bytes free
.
- - End Of File - - CF3A83FC7934EBD9228EB2F8B2CD1300

 

[Broni]

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\DRIVERS\PPFlt.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

 

[sjbells]

Scan of file

I scanned the file, here are the results:

Antivirus Version Last Update Result
AhnLab-V3 2012.01.03.00 2012.01.03 -
AntiVir 7.11.20.135 2012.01.03 -
Antiy-AVL 2.0.3.7 2012.01.03 -
Avast 6.0.1289.0 2012.01.03 -
AVG 10.0.0.1190 2012.01.03 -
BitDefender 7.2 2012.01.03 -
ByteHero 1.0.0.1 2011.12.31 -
CAT-QuickHeal 12.00 2012.01.03 -
ClamAV 0.97.3.0 2012.01.03 -
Commtouch 5.3.2.6 2012.01.03 -
Comodo 11181 2012.01.03 -
DrWeb 5.0.2.03300 2012.01.03 -
Emsisoft 5.1.0.11 2012.01.03 -
eSafe 7.0.17.0 2012.01.03 -
eTrust-Vet 37.0.9660 2012.01.03 -
F-Prot 4.6.5.141 2012.01.03 -
F-Secure 9.0.16440.0 2012.01.03 -
Fortinet 4.3.388.0 2012.01.03 -
GData 22 2012.01.03 -
Ikarus T3.1.1.109.0 2011.12.31 -
Jiangmin 13.0.900 2012.01.03 -
K7AntiVirus 9.123.5849 2012.01.03 -
Kaspersky 9.0.0.837 2012.01.03 -
McAfee 5.400.0.1158 2012.01.03 -
McAfee-GW-Edition 2010.1E 2012.01.03 -
Microsoft 1.7903 2012.01.03 -
NOD32 6765 2012.01.03 -
Norman 6.07.13 2012.01.03 -
nProtect 2012-01-03.01 2012.01.03 -
Panda 10.0.3.5 2012.01.03 -
PCTools 8.0.0.5 2012.01.03 -
Prevx 3.0 2012.01.03 -
Rising 23.90.05.01 2011.12.31 -
Sophos 4.72.0 2012.01.03 -
SUPERAntiSpyware 4.40.0.1006 2012.01.03 -
Symantec 20111.2.0.82 2012.01.03 -
TheHacker 6.7.0.1.371 2012.01.03 -
TrendMicro 9.500.0.1008 2012.01.03 -
TrendMicro-HouseCall 9.500.0.1008 2012.01.03 -
VBA32 3.12.16.4 2012.01.03 -
VIPRE 11345 2012.01.03 -
ViRobot 2012.1.3.4861 2012.01.03 -
VirusBuster 14.1.148.0 2012.01.03 -
Additional informationShow all
MD5 : d3b7f88deee78771874c053c62d15ec2
SHA1 : 7b274c5810812e214d4567bd520a3b80e3b91878
SHA256: c2d5c31462462fd00b311fab055cfbf91964e731497901fd9b37d6df1ed0ca38
ssdeep: 384:9Dt7w7T6Y9925sa6AvF8L4F3ZsbdlGUJ90H3hb5Qz0ZLa4sYJLca6jPAWTeMZq:xqHP2sOv
+GpiIe9CRli0ZLvLFm8
File size : 30496 bytes
First seen: 2012-01-03 19:35:50
Last seen : 2012-01-03 19:35:50
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: EMBT Sp. z o.o.
VeriSign Class 3 Code Signing 2010 CA
VeriSign Class 3 Public Primary Certification Authority - G5
signing date.: 14:28 25/05/2011
verified.....: -

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x8414
timedatestamp....: 0x4DDD03B1 (Wed May 25 13:27:13 2011)
machinetype......: 0x8664 (AMD64)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x36D9, 0x3800, 6.08, 3e7a5d85e5f0497546104fa1450a9d11
.rdata, 0x5000, 0x544, 0x600, 4.03, 87f380215657e724d75dfe647c6340ad
.data, 0x6000, 0x1B4, 0x200, 0.36, 827cc56e43daa330391d6df48f2cc088
.pdata, 0x7000, 0x240, 0x400, 2.60, 7cba37e8f458e50e66b3f7f2a2178541
INIT, 0x8000, 0xD16, 0xE00, 5.39, 4fcdd967e2fc6845364efdf18ce66ed6

[[ 2 import(s) ]]
ntoskrnl.exe: KeBugCheckEx, ZwClose, ZwSetSecurityObject, ZwOpenFile, RtlCreateSecurityDescriptor, ExFreePoolWithTag, ExAllocatePoolWithTag, MmMapLockedPagesSpecifyCache, IoReleaseCancelSpinLock, IoFreeMdl, KeReleaseSpinLockFromDpcLevel, KeAcquireSpinLockAtDpcLevel, DbgPrint, IofCompleteRequest, RtlInitUnicodeString, KeReleaseSpinLock, KeAcquireSpinLockRaiseToDpc, __C_specific_handler
NDIS.SYS: NdisMRegisterUnloadHandler, NdisUnchainBufferAtFront, NdisAllocateBuffer, NdisFreeBufferPool, NdisAllocatePacketPool, NdisAllocateBufferPool, NdisReEnumerateProtocolBindings, NdisIMNotifyPnPEvent, NdisIMGetCurrentPacketStack, NdisDprAllocatePacket, NdisGetReceivedPacket, NdisDprFreePacket, NdisIMCopySendCompletePerPacketInfo, NdisDeregisterProtocol, NdisFreeMemory, NdisIMDeInitializeDeviceInstance, NdisIMCancelInitializeDeviceInstance, NdisCloseConfiguration, NdisIMGetDeviceContext, NdisMSetAttributesEx, NdisSetEvent, NdisAllocatePacket, NdisFreePacket, NdisRequest, NdisMIndicateStatus, NdisMIndicateStatusComplete, NdisReturnPackets, NdisResetEvent, NdisCloseAdapter, NdisWaitEvent, NdisCancelSendPackets, NdisFreePacketPool, NdisInitializeWrapper, NdisIMRegisterLayeredMiniport, NdisIMInitializeDeviceInstanceEx, NdisRegisterProtocol, NdisIMDeregisterLayeredMiniport, NdisIMAssociateMiniport, NdisTerminateWrapper, NdisMSleep, NdisMRegisterDevice, NdisMDeregisterDevice, NdisOpenProtocolConfiguration, NdisReadConfiguration, NdisAllocateMemoryWithTag, NdisInitializeEvent, NdisAllocatePacketPoolEx, NdisOpenAdapter

ExifTool:
file metadata
CodeSize: 17920
EntryPoint: 0x8414
FileSize: 30 kB
FileType: Win64 EXE
ImageVersion: 6.1
InitializedDataSize: 3072
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: AMD AMD64
OSVersion: 6.1
PEType: PE32+
Subsystem: Native
SubsystemVersion: 6.1
TimeStamp: 2011:05:25 15:27:13+02:00
UninitializedDataSize: 0



VT Community

 

[Broni]

I don't see anything malicious in your logs.

Regarding MBAM installation issue I suggest posting at MBAM forum: http://forums.malwarebytes.org/

 

[sjbells]

Thank you

I started a thread as recommended. Thank you for your time and help.

 

[Broni]

You're very welcome