Author Topic: [Resolved K] Advertising pop up  (Read 7328 times)

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
[Resolved K] Advertising pop up
« on: April 29, 2011, 10:05:20 PM »
I have spent 7 days with 3 diffrent tects from microsoft and the problem is still not completly resolved.
10 minute mind quiz, the clelebrity cafe pop[ up when I log into email.

The ads show up in task manger as applications.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:03:50 PM, on 4/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security

Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\MSN

Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =
« Last Edit: May 06, 2011, 12:10:15 PM by kevinf80 »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #1 on: April 30, 2011, 12:02:46 AM »
Hello addictedtolabs and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Can you check Notepad and make sure "Wordwrap" is NOT selected by opening Notepad and selecting "Format"

Next....

Re-run HJT and post the full log that is produced, you have only copied part of your original log.

Next,

Tell us what you did under the guidance of the Microsoft techs and post any logs or general information produced.

Thanks,

Kevin...

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #2 on: April 30, 2011, 12:25:46 PM »
Thanks so much, The microsoft tects took over my computer with the assist program so I can not tell you what they did. several scans were run. They did resolve a problem with a false security system poping up.

I re-ran HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:07 AM, on 4/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msse] "C:\Program Files\Microsoft Security Essentials\msseces.exe" –hide
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.dmtc.com/live/AxisCamControl.ocx
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F58DE655-19FD-49D7-A154-D3546736BBF9}: NameServer = 4.2.2.1,4.2.2.2
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8720 bytes


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #3 on: April 30, 2011, 05:36:05 PM »
Hiya addictedtolabs,

Thanks for the information, continue as follows :-

Step 1

Please re-open HiJackThis and scan only.  Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.  Reboot

Step 2

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2
  • Make sure any open work is saved. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. It should re-boot your OS on completion, if not re-boot yourself please.
It is not unusual for your system to be slow after running TFC, this will correct after a couple of re-boots.

Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Steps 4

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.   
  • When done, DDS will open two (2) logs

         1. DDS.txt
         2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

 
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE

What i`d like to see in your reply :-

  • Log from Malwarebytes.
  • Both logs from DDS

Kevin.....

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #4 on: May 01, 2011, 08:53:54 AM »
Hi,
Your links were not working but I was able to access TFC and malwarebytes. I get a dentist site when trying to get to DDS.com

log from malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6481

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/1/2011 6:40:37 AM
mbam-log-2011-05-01 (06-40-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 332239
Time elapsed: 1 hour(s), 22 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\documents\jean comp\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.


Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #5 on: May 01, 2011, 09:18:53 AM »
I got to DDS by right clicking...NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/24/2010 11:41:41 AM
System Uptime: 5/1/2011 7:34:42 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Salmon
Processor: AMD Athlon(tm) 64 Processor 3300+ | Socket 754 | 2411/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 61.967 GiB free.
D: is FIXED (NTFS) - 152 GiB total, 114.873 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP297: 2/10/2011 10:58:08 AM - Software Distribution Service 3.0
RP298: 2/10/2011 12:18:51 PM - System Checkpoint
RP299: 2/11/2011 11:05:16 AM - Software Distribution Service 3.0
RP300: 2/12/2011 11:05:16 AM - Software Distribution Service 3.0
RP301: 2/13/2011 2:24:05 AM - Software Distribution Service 3.0
RP302: 2/13/2011 10:02:37 AM - Installed Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
RP303: 2/13/2011 12:09:00 PM - Software Distribution Service 3.0
RP304: 2/14/2011 12:24:23 PM - System Checkpoint
RP305: 2/14/2011 12:26:05 PM - Software Distribution Service 3.0
RP306: 2/15/2011 12:25:55 PM - Software Distribution Service 3.0
RP307: 2/16/2011 12:26:02 PM - Software Distribution Service 3.0
RP308: 2/17/2011 12:26:03 PM - Software Distribution Service 3.0
RP309: 2/18/2011 1:12:58 PM - System Checkpoint
RP310: 2/18/2011 11:14:36 PM - Software Distribution Service 3.0
RP311: 2/19/2011 11:14:38 PM - Software Distribution Service 3.0
RP312: 2/20/2011 3:00:14 AM - Software Distribution Service 3.0
RP313: 2/20/2011 11:14:34 PM - Software Distribution Service 3.0
RP314: 2/21/2011 11:55:26 PM - System Checkpoint
RP315: 2/22/2011 2:57:10 PM - Software Distribution Service 3.0
RP316: 2/23/2011 3:55:25 PM - System Checkpoint
RP317: 2/23/2011 4:32:06 PM - Software Distribution Service 3.0
RP318: 2/23/2011 4:43:28 PM - Software Distribution Service 3.0
RP319: 2/24/2011 4:38:26 PM - Software Distribution Service 3.0
RP320: 2/25/2011 4:38:32 PM - Software Distribution Service 3.0
RP321: 2/26/2011 4:38:39 PM - Software Distribution Service 3.0
RP322: 2/27/2011 1:54:48 AM - Software Distribution Service 3.0
RP323: 2/28/2011 2:05:02 AM - System Checkpoint
RP324: 2/28/2011 1:06:47 PM - Software Distribution Service 3.0
RP325: 3/1/2011 1:06:46 PM - Software Distribution Service 3.0
RP326: 3/2/2011 1:07:33 PM - Software Distribution Service 3.0
RP327: 3/3/2011 1:06:45 PM - Software Distribution Service 3.0
RP328: 3/4/2011 1:06:40 PM - Software Distribution Service 3.0
RP329: 3/5/2011 1:21:28 PM - System Checkpoint
RP330: 3/6/2011 1:50:21 AM - Software Distribution Service 3.0
RP331: 3/6/2011 3:00:14 AM - Software Distribution Service 3.0
RP332: 3/7/2011 3:20:11 AM - System Checkpoint
RP333: 3/7/2011 3:22:03 AM - Software Distribution Service 3.0
RP334: 3/8/2011 3:21:56 AM - Software Distribution Service 3.0
RP335: 3/9/2011 3:00:17 AM - Software Distribution Service 3.0
RP336: 3/9/2011 3:22:06 AM - Software Distribution Service 3.0
RP337: 3/10/2011 3:21:59 AM - Software Distribution Service 3.0
RP338: 3/11/2011 3:22:05 AM - Software Distribution Service 3.0
RP339: 3/12/2011 3:21:57 AM - Software Distribution Service 3.0
RP340: 3/13/2011 2:33:12 AM - Software Distribution Service 3.0
RP341: 3/14/2011 3:20:04 AM - System Checkpoint
RP342: 3/14/2011 3:21:51 AM - Software Distribution Service 3.0
RP343: 3/15/2011 3:22:06 AM - Software Distribution Service 3.0
RP344: 3/16/2011 3:21:55 AM - Software Distribution Service 3.0
RP345: 3/17/2011 3:35:17 AM - System Checkpoint
RP346: 3/17/2011 12:36:52 PM - Software Distribution Service 3.0
RP347: 3/18/2011 12:36:47 PM - Software Distribution Service 3.0
RP348: 3/19/2011 12:36:32 PM - Software Distribution Service 3.0
RP349: 3/20/2011 2:00:29 AM - Software Distribution Service 3.0
RP350: 3/20/2011 12:36:38 PM - Software Distribution Service 3.0
RP351: 3/21/2011 8:53:43 AM - Removed Adobe Reader 9.4.2.
RP352: 3/21/2011 8:54:09 AM - Installed Adobe Reader X (10.0.1).
RP353: 3/22/2011 9:20:23 AM - System Checkpoint
RP354: 3/22/2011 9:22:21 AM - Software Distribution Service 3.0
RP355: 3/23/2011 9:22:06 AM - Software Distribution Service 3.0
RP356: 3/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP357: 3/24/2011 12:57:26 PM - Software Distribution Service 3.0
RP358: 3/25/2011 12:44:55 PM - Software Distribution Service 3.0
RP359: 3/26/2011 12:44:50 PM - Software Distribution Service 3.0
RP360: 3/27/2011 2:01:33 AM - Software Distribution Service 3.0
RP361: 3/27/2011 12:44:42 PM - Software Distribution Service 3.0
RP362: 3/28/2011 12:45:10 PM - Software Distribution Service 3.0
RP363: 3/29/2011 12:45:06 PM - Software Distribution Service 3.0
RP364: 3/30/2011 12:44:54 PM - Software Distribution Service 3.0
RP365: 3/31/2011 12:44:45 PM - Software Distribution Service 3.0
RP366: 4/1/2011 1:37:07 PM - System Checkpoint
RP367: 4/2/2011 9:39:02 AM - Software Distribution Service 3.0
RP368: 4/3/2011 1:58:35 AM - Software Distribution Service 3.0
RP369: 4/3/2011 9:38:58 AM - Software Distribution Service 3.0
RP370: 4/4/2011 9:38:47 AM - Software Distribution Service 3.0
RP371: 4/5/2011 9:38:51 AM - Software Distribution Service 3.0
RP372: 4/6/2011 9:38:52 AM - Software Distribution Service 3.0
RP373: 4/7/2011 9:38:53 AM - Software Distribution Service 3.0
RP374: 4/8/2011 9:38:50 AM - Software Distribution Service 3.0
RP375: 4/9/2011 9:38:51 AM - Software Distribution Service 3.0
RP376: 4/10/2011 1:58:49 AM - Software Distribution Service 3.0
RP377: 4/10/2011 9:38:58 AM - Software Distribution Service 3.0
RP378: 4/11/2011 9:39:00 AM - Software Distribution Service 3.0
RP379: 4/12/2011 9:38:40 AM - Software Distribution Service 3.0
RP380: 4/13/2011 3:00:19 AM - Software Distribution Service 3.0
RP381: 4/14/2011 3:27:59 AM - System Checkpoint
RP382: 4/14/2011 3:30:19 AM - Software Distribution Service 3.0
RP383: 4/15/2011 3:30:20 AM - Software Distribution Service 3.0
RP384: 4/16/2011 3:58:46 AM - System Checkpoint
RP385: 4/16/2011 7:44:14 PM - Restore Operation
RP386: 4/16/2011 7:46:39 PM - Restore Operation
RP387: 4/17/2011 8:22:13 PM - System Checkpoint
RP388: 4/18/2011 10:00:53 AM - Restore Operation
RP389: 4/18/2011 10:19:13 AM - Restore Operation
RP390: 4/18/2011 10:22:09 AM - Removed Clean Run Magazine - August 2009
RP391: 4/19/2011 10:23:19 AM - System Checkpoint
RP392: 4/20/2011 11:14:31 AM - System Checkpoint
RP393: 4/20/2011 10:20:32 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP394: 4/21/2011 3:59:55 PM - Restore Operation
RP395: 4/21/2011 9:20:04 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP396: 4/25/2011 4:46:34 AM - System Checkpoint
RP397: 4/26/2011 2:00:54 PM - Installed Microsoft Easy Assist v2
RP398: 4/27/2011 8:09:12 PM - System Checkpoint
RP399: 4/28/2011 1:25:16 PM - Installed Microsoft Fix it 50362
RP400: 4/29/2011 8:38:30 AM - ARO 2011 - Before Installation
RP401: 4/29/2011 8:39:00 AM - ARO 2011 - FIRST RUN
RP402: 4/29/2011 9:08:35 AM - Installed Microsoft Fix it 50202
RP403: 4/29/2011 8:38:26 PM - Installed HiJackThis
RP404: 4/30/2011 10:33:21 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Amazon Kindle For PC
Any Video Converter 3.1.6
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Bing Bar
Bing Bar Platform
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
Canon i860
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Definition update for Microsoft Office 2010 (KB982726)
Driver Detective
Foxit Creator
Foxit Reader
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ieSpell
Internet Explorer (Enable DEP)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 23
LSI PCI Soft Modem
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OverDrive Media Console
PhotoStitch
QuickTime
RAW Image Task
RemoteCapture Task
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sony USB Driver
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VLC media player 1.1.7
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
WinRAR archiver
Xvid 1.1.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
4/30/2011 5:27:00 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
4/30/2011 11:58:15 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
4/30/2011 11:13:44 PM, error: Service Control Manager [7034]  - The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:44 PM, error: Service Control Manager [7034]  - The Nero BackItUp Scheduler 3 service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:44 PM, error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The ArcSoft Connect Daemon service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The Agere Modem Call Progress Audio service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/29/2011 3:30:26 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/28/2011 11:45:51 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:41:40 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/27/2011 7:57:43 AM, error: Dhcp [1002]  - The IP address lease 72.220.58.4 for the Network Card with network address 0011D82DCB66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/27/2011 7:39:59 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:08:07 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:38 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:03 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:05:36 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 12:27:01 PM, error: BROWSER [8007]  - The browser was unable to update the service status bits.  The data is the error.
4/26/2011 10:36:01 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 10:26:26 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/25/2011 2:53:47 PM, error: Service Control Manager [7023]  - The srv774 service terminated with the following error:  The specified module could not be found.
4/24/2011 9:09:42 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/24/2011 5:40:52 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
4/24/2011 3:00:20 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #6 on: May 01, 2011, 09:23:11 AM »
Sorry if this is a duplicate....
DDS (Ver_11-03-05.01) - NTFSx86 
Run by jean at  8:12:21.29 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.301 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jean\Local Settings\Temporary Internet Files\Content.IE5\4PRJSWCS\dds[1].com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.dmtc.com/live/AxisCamControl.ocx
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jean\applic~1\mozilla\firefox\profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl176e9516;MpKsl176e9516;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl176e9516.sys [2011-5-1 28752]
R1 MpKsl3287e956;MpKsl3287e956;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl3287e956.sys [2011-4-30 28752]
R1 MpKsl44860393;MpKsl44860393;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl44860393.sys [2011-4-30 28752]
R1 MpKslc141a07f;MpKslc141a07f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKslc141a07f.sys [2011-4-30 28752]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 98392]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-20 141792]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b7debab-0a7a-4532-b565-ddc974a80d2c}\mpksl1c95646b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b7debab-0a7a-4532-b565-ddc974a80d2c}\MpKsl1c95646b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f017568-541e-40b4-9986-7628a4d94c31}\mpksl1f94acea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f017568-541e-40b4-9986-7628a4d94c31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21ba05-135c-4225-9ab5-b7b79fb5e6fd}\mpksl70de0823.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21ba05-135c-4225-9ab5-b7b79fb5e6fd}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0c13cf9-8f0c-4cd0-ba74-6af97e04a0c4}\mpksl7e6d7dc3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0c13cf9-8f0c-4cd0-ba74-6af97e04a0c4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a77f779f-f6ff-4bae-9daf-c5f4858a5ad9}\mpkslfd2991ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a77f779f-f6ff-4bae-9daf-c5f4858a5ad9}\MpKslfd2991ba.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S2 srv774;srv774;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 cpuz132;cpuz132;\??\c:\docume~1\jean\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\jean\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2011-05-01 14:35:10   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl176e9516.sys
2011-05-01 06:55:46   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKslc141a07f.sys
2011-05-01 06:46:09   --------   d-----w-   c:\docume~1\jean\applic~1\Malwarebytes
2011-05-01 06:45:55   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45:54   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-01 06:45:51   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-05-01 06:21:31   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl44860393.sys
2011-05-01 06:00:50   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl3287e956.sys
2011-04-30 22:14:45   --------   d-----w-   c:\docume~1\jean\applic~1\Registry Mechanic
2011-04-30 22:06:37   --------   d-----w-   c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-30 03:38:29   388096   ----a-r-   c:\docume~1\jean\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-30 03:38:27   --------   d-----w-   c:\program files\Trend Micro
2011-04-30 00:12:54   --------   d-----w-   c:\docume~1\jean\applic~1\ElevatedDiagnostics
2011-04-29 16:26:45   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-04-29 16:26:45   27984   ----a-w-   c:\windows\system32\sbbd.exe
2011-04-29 16:26:33   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38:51   --------   d-----w-   c:\docume~1\jean\applic~1\Sammsoft
2011-04-28 18:45:57   7071056   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\mpengine.dll
2011-04-27 00:36:39   --------   d-----w-   c:\program files\MSN Toolbar
2011-04-27 00:35:54   --------   d-----w-   c:\program files\Bing Bar Installer
2011-04-26 21:21:11   --------   d-----w-   C:\KodakESS
2011-04-26 21:00:55   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00:48   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Applications
2011-04-23 00:31:54   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-23 00:31:45   781272   ----a-w-   c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-23 00:31:45   1874904   ----a-w-   c:\program files\mozilla firefox\mozjs.dll
2011-04-23 00:31:45   15832   ----a-w-   c:\program files\mozilla firefox\mozalloc.dll
2011-04-23 00:31:44   728024   ----a-w-   c:\program files\mozilla firefox\libGLESv2.dll
2011-04-23 00:31:44   1893336   ----a-w-   c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-23 00:31:44   142296   ----a-w-   c:\program files\mozilla firefox\libEGL.dll
2011-04-23 00:31:43   1975768   ----a-w-   c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-22 17:44:24   --------   d-----w-   C:\ea
2011-04-22 02:25:26   --------   d-----w-   c:\windows\pss
2011-04-21 05:20:40   --------   d-----w-   c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-21 03:43:36   141792   ----a-w-   c:\windows\system32\mfevtps.exe
.
==================== Find3M  ====================
.
2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06:29   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-13 20:09:46   232968   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-02-13 20:09:46   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-02-13 20:09:44   232968   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-02-09 13:53:52   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53:52   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11:20   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35   2067456   ----a-w-   c:\windows\system32\mstscax.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAJB-00J3A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x866C76E7]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x866cd9d0]; MOV EAX, [0x866cda4c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86765AB8]
3 CLASSPNP[0xF764CFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000062[0x8676C2A0]
5 ACPI[0xF74B3620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86783940]
\Driver\atapi[0x8675A030] -> IRP_MJ_CREATE -> 0x866C76E7
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x866C7532
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH:  8:13:52.06 ===============

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #7 on: May 01, 2011, 10:50:01 AM »
Hiya addictedtolabs,

Proceed as follows please :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:




  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

  • Instructions for running Combofix available Here if required.

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #8 on: May 01, 2011, 03:59:03 PM »
 I think i managed to follow instructions. When I tried to connect to get back to you the ad (Celebrity Cafe ) poped up :o2

ComboFix 11-04-30.06 - jean 05/01/2011  14:07:18.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.336 [GMT -7:00]
Running from: c:\documents and settings\jean\Desktop\Gotcha.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-01 to 2011-05-01  )))))))))))))))))))))))))))))))
.
.
2011-05-01 06:46 . 2011-05-01 06:46   --------   d-----w-   c:\documents and settings\jean\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45 . 2011-05-01 06:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45 . 2011-05-01 06:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-30 22:14 . 2011-04-30 22:14   --------   d-----w-   c:\documents and settings\jean\Application Data\Registry Mechanic
2011-04-30 22:08 . 2011-04-30 22:21   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2011-04-30 22:06 . 2011-04-30 22:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-04-30 03:38 . 2011-04-30 03:38   388096   ----a-r-   c:\documents and settings\jean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 03:38 . 2011-04-30 03:38   --------   d-----w-   c:\program files\Trend Micro
2011-04-30 00:12 . 2011-04-30 00:12   --------   d-----w-   c:\documents and settings\jean\Application Data\ElevatedDiagnostics
2011-04-29 16:26 . 2010-11-09 21:56   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-04-29 16:26 . 2010-11-09 21:56   27984   ----a-w-   c:\windows\system32\sbbd.exe
2011-04-29 16:26 . 2011-04-29 21:55   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38 . 2011-04-29 22:22   --------   d-----w-   c:\documents and settings\jean\Application Data\Sammsoft
2011-04-28 18:45 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74E3AE5D-3C52-427C-9C46-5E750493CAD6}\mpengine.dll
2011-04-27 00:36 . 2011-04-27 00:36   --------   d-----w-   c:\program files\MSN Toolbar
2011-04-27 00:35 . 2011-04-27 00:37   --------   d-----w-   c:\program files\Bing Bar Installer
2011-04-26 21:21 . 2011-04-28 18:54   --------   d-----w-   C:\KodakESS
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Applications
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-23 00:31 . 2011-03-18 17:53   781272   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-23 00:31 . 2011-03-18 17:53   1874904   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-04-23 00:31 . 2011-03-18 17:53   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-23 00:31 . 2011-03-18 17:53   728024   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-04-23 00:31 . 2011-03-18 17:53   1893336   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-23 00:31 . 2011-03-18 17:53   1975768   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-22 17:44 . 2011-04-22 17:44   --------   d-----w-   C:\ea
2011-04-22 16:22 . 2011-04-22 16:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-04-22 02:50 . 2011-04-22 02:57   --------   d-----w-   c:\documents and settings\Administrator.JEAN-C7D733DC67
2011-04-22 02:22 . 2011-04-22 02:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-04-21 05:20 . 2011-04-22 04:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-21 03:43 . 2010-10-14 05:28   141792   ----a-w-   c:\windows\system32\mfevtps.exe
2011-04-19 14:10 . 2011-04-19 14:10   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-04-19 09:45 . 2011-04-19 09:45   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-18 21:35 . 2011-04-18 21:35   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Windows Search
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-18 04:57 . 2011-04-18 04:57   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2011-04-17 08:33 . 2011-04-17 08:33   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 15:28 . 2009-08-18 18:30   564632   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-29 15:28 . 2009-08-18 18:24   18328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 07:04 . 2010-07-25 08:44   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2010-07-24 18:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-24 18:56   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11 . 2010-07-24 18:52   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2010-07-24 18:32   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-03-18 17:53 . 2011-04-23 00:31   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-10 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv774]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47   57344   ----a-w-   c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17   207424   ----a-w-   c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10   103720   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21   2213160   ----a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-10 00:24   13923432   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 09:58   718208   ----a-w-   c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uPlayer\\uPlayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 9:26 AM 98392]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/20/2011 8:43 PM 141792]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:03 PM 136176]
S2 srv774;srv774;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:00 AM 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:03 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
srv774
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
2011-05-01 c:\windows\Tasks\User_Feed_Synchronization-{855DB549-3D9B-4374-BA93-A82531A84B8D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\jean\Application Data\Mozilla\Firefox\Profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAJB-00J3A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x866CE532
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv774]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\jean\LOCALS~1\Temp\srv774.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-01  14:25:33
ComboFix-quarantined-files.txt  2011-05-01 21:25
.
Pre-Run: 65,909,460,992 bytes free
Post-Run: 66,593,366,016 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A3E369BE272874B030E534892CB14631

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #9 on: May 01, 2011, 04:07:48 PM »
Continue as follows :-

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.





  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Let me see the log in next reply...

Kevin

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #10 on: May 01, 2011, 04:31:52 PM »
I am getting an error message TDSS must close....do I want to report....
I went back and turned off all security programs but it will only go 80%

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #11 on: May 01, 2011, 04:53:39 PM »
Run it from Safe Mode

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #12 on: May 01, 2011, 05:23:33 PM »
I tried,get the same message.

By the way a Rundill error i hadnt mentioned has been fixed. : )

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #13 on: May 01, 2011, 05:29:38 PM »
Download aswMBR.exe and save to your desktop.

Double click the aswMBR.exe to run it, Windows 7 or Vista user right click and select "Run as Administrator" accept any alerts.

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


Kevin

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #14 on: May 01, 2011, 05:45:28 PM »
aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 16:42:11
-----------------------------
16:42:11.234    OS Version: Windows 5.1.2600 Service Pack 3
16:42:11.234    Number of processors: 1 586 0xC00
16:42:11.234    ComputerName: JEAN-C7D733DC67  UserName: jean
16:42:11.875    Initialize success
16:42:23.250    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:42:23.250    Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
16:42:23.250    Device \Driver\atapi -> DriverStartIo 866d2532
16:42:25.250    Disk 0 MBR read successfully
16:42:25.250    Disk 0 MBR scan
16:42:25.250    Disk 0 TDL4@MBR code has been found
16:42:25.250    Disk 0 Windows XP default MBR code found via API
16:42:25.250    Disk 0 MBR hidden
16:42:25.250    Disk 0 MBR [TDL4]  **ROOTKIT**
16:42:25.250    Disk 0 trace - called modules:
16:42:25.250    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x866d26e7]<<
16:42:25.250    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86785ab8]
16:42:25.250    3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\00000060[0x86766198]
16:42:25.250    5 ACPI.sys[f74b3620] -> nt!IofCallDriver -> [0x86786940]
16:42:25.750    \Driver\atapi[0x86753030] -> IRP_MJ_CREATE -> 0x866d26e7
16:42:25.750    Scan finished successfully
16:43:18.968    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jean\Desktop\MBR.dat"
16:43:19.000    The log file has been saved successfully to "C:\Documents and Settings\jean\Desktop\aswMBR.txt"