Need Help with System Tool

[LPlines]

I want to thank you for helping me, I really appreciate it. Yesterday after running spybot, malwarebytes, etc., all of the scans came back clean. Today however, I was starting up the eset scan and I went to look up something on google. I was redirected to a site and almost immediately some "thing" took over my browser window calling itself 'system analysis' and pretending to scan my system and alerting me that my computer was heavily infected. I went to task manager to close it and it ended up closing itself and my eset scan. I then restarted my eset scan and then later I used spybot and malwarebytes to scan again. Malwarebytes found nothing, however spybot listed 6 problems which were called "browser" under the kind column. I clicked for it to fix the problem and then rescanned only to find the same 6 problems. I clicked fix and rescanned a third time and this time it found 1 problem. I wish that I knew how to keep my computer safe from all this, as it is very alarming and frustrating. Anyhow here is my eset log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=51a6957e03435048a0fc8a4fcfd19e0b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-10 01:25:16
# local_time=2011-03-09 05:25:16 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 18480 136313661 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=197908
# found=0
# cleaned=0
# scan_time=14184

[ken545]

Good Morning,

freeze.com <-- If you havent done so already remove this program via Programs and Features in the Control Panel.

Lets go back to square one, run DDS and post a fresh log please

Download DDS from one of the links below to your desktop

Link 1
Link 2

• Double click the tool to run it.
• A black Screen will open, just read the contents and do nothing.
• When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
• Copy/Paste the contents of 'DDS.txt' into your post.
• 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

[LPlines]

I believe that freeze.com..whatever it was...is gone.

Here is my DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lauren & Sineca at 9:49:34.84 on Thu 03/10/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.346 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\inDtube\Utility\RemoteTool\inDtube.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lauren & Sineca\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [PPWebCap] c:\program files\scansoft\paperport\PPWebCap.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\remote~1.lnk - c:\program files\indtube\utility\remotetool\inDtube.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: motive.com\patttbc.att
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-09 19:57:41 -------- d-----w- c:\program files\ESET
2011-03-09 18:20:50 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-09 17:44:34 98816 ----a-w- c:\windows\sed.exe
2011-03-09 17:44:34 89088 ----a-w- c:\windows\MBR.exe
2011-03-09 17:44:34 256512 ----a-w- c:\windows\PEV.exe
2011-03-09 17:44:34 161792 ----a-w- c:\windows\SWREG.exe
2011-03-09 15:27:29 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:27:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:27:28 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:27:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 15:27:26 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:27:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 17:20:52 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2af07538-ff57-4f31-af7e-a04c8b997ad5}\mpengine.dll
2011-03-08 15:29:15 -------- d-----w- c:\users\lauren~1\appdata\roaming\Malwarebytes
2011-03-07 17:33:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 17:33:18 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-07 17:33:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 17:33:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 17:17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 17:17:43 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-07 16:53:38 -------- d-----w- c:\progra~2\jHaJlMl06300
2011-03-05 16:54:59 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 16:50:43 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 16:50:42 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 16:50:42 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 16:50:22 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-03-05 16:50:22 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-03-05 16:50:22 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-03-05 16:50:22 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-03-05 16:50:22 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-03-05 16:50:22 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-03-05 16:49:49 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-03-05 16:49:44 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-05 16:49:43 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-05 16:49:43 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-05 16:49:43 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-05 16:49:43 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-05 16:49:42 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-04 18:21:05 -------- d-----w- c:\progra~2\lFnDdMo06300
2011-02-22 20:46:04 -------- d-----w- c:\progra~2\WEBREG
2011-02-22 20:31:35 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-02-22 19:49:09 897024 ----a-w- c:\windows\system32\SET3887.tmp
2011-02-22 19:49:09 675840 ----a-w- c:\windows\system32\SET2F70.tmp
2011-02-22 19:49:09 303104 ----a-w- c:\windows\system32\hpovst01.dll
2011-02-22 19:49:09 258048 ----a-w- c:\windows\system32\hpzids01.dll
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 9:52:40.33 ===============

[LPlines]

here is the attach

[ken545]

Hey,

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again


c:\windows\system32\SET3887.tmp<--This file


If the site is busy you can try this one
http://virusscan.jotti.org/en



Run Malwarebytes again, make sure you check for updates first , remove what it finds and post the log

[LPlines]

Hey,
I hope this is what you meant by the virus total report:

File name: SET3887.tmp
Submission date: 2011-03-10 20:28:23 (UTC)
Current status: queued (#1) queued (#1) analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.03.11.00 2011.03.10 -
AntiVir 7.11.4.163 2011.03.10 -
Antiy-AVL 2.0.3.7 2011.03.09 -
Avast 4.8.1351.0 2011.03.10 -
Avast5 5.0.677.0 2011.03.10 -
AVG 10.0.0.1190 2011.03.10 -
BitDefender 7.2 2011.03.10 -
CAT-QuickHeal 11.00 2011.03.10 -
ClamAV 0.96.4.0 2011.03.10 -
Commtouch 5.2.11.5 2011.03.10 -
Comodo 7934 2011.03.10 -
DrWeb 5.0.2.03300 2011.03.10 -
Emsisoft 5.1.0.2 2011.03.10 -
eSafe 7.0.17.0 2011.03.10 -
eTrust-Vet 36.1.8209 2011.03.10 -
F-Prot 4.6.2.117 2011.03.10 -
F-Secure 9.0.16440.0 2011.03.10 -
Fortinet 4.2.254.0 2011.03.10 -
GData 21 2011.03.10 -
Ikarus T3.1.1.97.0 2011.03.10 -
Jiangmin 13.0.900 2011.03.10 -
K7AntiVirus 9.92.4076 2011.03.10 -
Kaspersky 7.0.0.125 2011.03.10 -
McAfee 5.400.0.1158 2011.03.10 -
McAfee-GW-Edition 2010.1C 2011.03.10 -
Microsoft 1.6603 2011.03.10 -
NOD32 5943 2011.03.10 -
Norman 6.07.03 2011.03.10 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.10 -
PCTools 7.0.3.5 2011.03.10 -
Prevx 3.0 2011.03.10 -
Rising 23.48.03.05 2011.03.10 -
Sophos 4.63.0 2011.03.10 -
SUPERAntiSpyware 4.40.0.1006 2011.03.10 -
Symantec 20101.3.0.103 2011.03.10 -
TheHacker 6.7.0.1.147 2011.03.10 -
TrendMicro 9.200.0.1012 2011.03.10 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.10 -
VBA32 3.12.14.3 2011.03.10 -
VIPRE 8660 2011.03.10 -
ViRobot 2011.3.10.4351 2011.03.10 -
VirusBuster 13.6.245.0 2011.03.10 -
Additional informationShow all
MD5 : 5fb27e238d980103c50edec26f10403a
SHA1 : 3c7c30d7bde5503628ac7ecff9093d502f49dddf
SHA256: 901a00ee5c7063279e3d7ac50dafa729d393db0d0df9fdcbe7f2eeb4ed5935c3
ssdeep: 12288:BpqnrYGei0xQGmN75Nw9UPcPAEi2oxa8pTJ0eGHkel3xaPYe33dG4ubcjdqijq:2nrELy
NkKzEi2oxFpT8l354ubEdqij
File size : 897024 bytes
First seen: 2010-01-28 13:28:41
Last seen : 2011-03-10 20:28:23
TrID:
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
sigcheck:
publisher....: Hewlett-Packard Co.
copyright....: Copyright (C) Hewlett-Packard Co. 1995-2005
product......: hp digital imaging - hp all-in-one series
description..: HP AiO Scan Driver - hpotiop1
original name: hpotiop1.DLL
internal name: hpotiop1
file version.: 82.0.175.000
comments.....: HP AiO Scan Driver - hpotiop1
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x5FAEB
timedatestamp....: 0x457FA1EE (Wed Dec 13 06:47:10 2006)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x8C9B9, 0x8D000, 6.70, ac0b3ddea0ef9a4584aceb713f6b32f1
.rdata, 0x8E000, 0x301A5, 0x31000, 5.58, baac8b7a150a27796d96b654371b8e59
.data, 0xBF000, 0x101C4, 0x6000, 4.67, 1d15b33cc0a2c88882486f6371bccdf9
TulipLog, 0xD0000, 0x8, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0xD1000, 0x643C, 0x7000, 4.70, 3da9571728ac2c5f960dabc031411601
.reloc, 0xD8000, 0xDDAE, 0xE000, 6.30, a9451ededd33c03d6a878c926300b08c

[[ 8 import(s) ]]
SETUPAPI.dll: SetupDiOpenClassRegKey
KERNEL32.dll: lstrcmpiA, GetModuleFileNameA, DisableThreadLibraryCalls, IsDBCSLeadByte, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetModuleHandleA, CreateSemaphoreA, GetCurrentProcessId, WaitForSingleObject, ReleaseSemaphore, CloseHandle, GetCurrentThreadId, GetTempPathA, GetProcAddress, LoadLibraryA, InterlockedExchangeAdd, GetTickCount, OutputDebugStringA, InterlockedExchange, GetVersionExA, lstrlenA, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, SetThreadPriority, CreateThread, CreateMutexA, ReleaseMutex, CreateEventA, WaitForMultipleObjects, FindNextChangeNotification, ResetEvent, SetEvent, GetOverlappedResult, GetThreadLocale, SetEnvironmentVariableA, InterlockedDecrement, InterlockedIncrement, GetLastError, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrlenW, WideCharToMultiByte, MultiByteToWideChar, GetCPInfo, CreateFileW, CompareStringW, CompareStringA, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, ReadFile, HeapSize, SetLastError, GetStdHandle, WriteFile, HeapCreate, HeapDestroy, VirtualFree, GetConsoleMode, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, GetLocaleInfoW, GetLocaleInfoA, CreateFileA, SetStdHandle, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, SetFilePointer, FlushFileBuffers, GetConsoleCP, GetStartupInfoA, GetFileType, SetHandleCount, GetTimeZoneInformation, LCMapStringW, LCMapStringA, GetOEMCP, HeapAlloc, HeapFree, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, RtlUnwind, HeapReAlloc, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, GetProcessHeap, ExitProcess, SetConsoleCtrlHandler, GetACP
USER32.dll: wsprintfA, CharNextA, UnregisterClassA
ADVAPI32.dll: RegEnumKeyA, RegOpenKeyA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegQueryValueExA, RegEnumKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA
ole32.dll: CoTaskMemFree, StringFromGUID2, CoCreateInstance, StringFromIID, CoTaskMemAlloc, CoTaskMemRealloc
OLEAUT32.dll: -, -, -, -, -, -, -, -
RPCRT4.dll: UuidCreate
WS2_32.dll: WSAEventSelect, WSACloseEvent, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

[LPlines]

Does it matter what user account I scan with malwarebytes? Also, after I scan malwarebytes should I go back and hide my temp files and operating system files?

[ken545]

The Virus Total Report was just fine, you did well and that file is ok.

Malwarebytes will scan your entire system so just log on to your usual account

Yes you can go ahead and redhide system files

[LPlines]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6012

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/10/2011 3:49:18 PM
mbam-log-2011-03-10 (15-49-18).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 354703
Time elapsed: 1 hour(s), 7 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[LPlines]

I just want to also say a random note that after I finished running malwarebytes which came back clean, I went ahead and ran spybot just cause, and it found 2 problems (casalemedia and doubleclick) which are listed as browser under the kind column. I saw these in my previous spybot scan, but apparently they didn't get fixed yet.